deleting node 955193700 error TRUE reason "gen_ipsec_isakmp_delete but doi isakmp" *Mar 1 03:01:56.303: ISAKMP (0:23): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Mar 1 03:01:56.303: ISAKMP (0:23): Old State = IKE_I_MM1 New State = IKE_DEST_SA *Mar 1 03:01:56.303: ISAKMP (0:26): deleting SA reason "gen_ipsec_isakmp_delete but doi isakmp" state (R) MM_NO_STATE (peer 192.168.3.1) input queue 0 *Mar 1 03:01:56.303: ISAKMP: Unlocking IKE struct 0x81C929AC for isadb_mark_sa_deleted(), count 2 *Mar 1 03:01:56.303: ISAKMP (0:26): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Mar 1 03:01:56.303: ISAKMP (0:26): Old State = IKE_READY New State = IKE_DEST_SA *Mar 1 03:01:56.307: ISAKMP (0:25): deleting SA reason "gen_ipsec_isakmp_delete but doi isakmp" state (R) MM_NO_STATE (peer 192.168.3.1) input queue 0 *Mar 1 03:01:56.307: ISAKMP: Unlocking IKE struct 0x81C929AC for isadb_mark_sa_deleted(), count 1 *Mar 1 03:01:56.307: ISAKMP (0:25): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Mar 1 03:01:56.307: ISAKMP (0:25): Old State = IKE_READY New State = IKE_DEST_SA *Mar 1 03:01:56.307: ISAKMP (0:24): deleting SA reason "gen_ipsec_isakmp_delete but doi isakmp" state (R) MM_NO_STATE (peer 192.168.3.1) input queue 0 *Mar 1 03:01:56.307: ISAKMP: Unlocking IKE struct 0x81C929AC for isadb_mark_sa_deleted(), count 0 *Mar 1 03:01:56.307: ISAKMP: Deleting peer node by peer_reap for 192.168.3.1: 81C929AC *Mar 1 03:01:56.307: ISAKMP (0:24): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Mar 1 03:01:56.311: ISAKMP (0:24): Old State = IKE_READY New State = IKE_DEST_SA *Mar 1 03:01:56.383: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 192.168.2.1, remote= 192.168.3.1, local_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4), remote_proxy= 192.168.4.0/255.255.255.0/0/0 (type=4), protocol= ESP, transform= esp-des esp-md5-hmac (Tunnel), lifedur= 28800s and 4608000kb, spi= 0x76D844E(124617806), conn_id= 0, keysize= 0, flags= 0x400B *Mar 1 03:01:56.383: ISAKMP: received ke message (1/1) *Mar 1 03:01:56.383: ISAKMP (0:0): SA request profile is (NULL) *Mar 1 03:01:56.387: ISAKMP: local port 500, remote port 500 *Mar 1 03:01:56.387: ISAKMP: set new node 0 to QM_IDLE *Mar 1 03:01:56.387: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 81EB9C80 *Mar 1 03:01:56.387: ISAKMP (0:27): Can not start Aggressive mode, trying Main mode. *Mar 1 03:01:56.387: ISAKMP: Looking for a matching key for 192.168.3.1 in default : success *Mar 1 03:01:56.387: ISAKMP (0:27): found peer pre-shared key matching 192.168.3.1 *Mar 1 03:01:56.387: ISAKMP (0:27): constructed NAT-T vendor-07 ID *Mar 1 03:01:56.387: ISAKMP (0:27): constructed NAT-T vendor-03 ID *Mar 1 03:01:56.391: ISAKMP (0:27): constructed NAT-T vendor-02 ID *Mar 1 03:01:56.391: ISAKMP (0:27): Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM *Mar 1 03:01:56.391: ISAKMP (0:27): Old State = IKE_READY New State = IKE_I_MM1 *Mar 1 03:01:56.391: ISAKMP (0:27): beginning Main Mode exchange *Mar 1 03:01:56.391: ISAKMP (0:27): sending packet to 192.168.3.1 my_port 500 peer_port 500 (I) MM_NO_STATE *Mar 1 03:01:56.395: ISAKMP (0:27): received packet from 192.168.3.1 dport 500 sport 500 Global (I) MM_NO_STATE *Mar 1 03:01:56.399: ISAKMP (0:27): Notify has no hash. Rejected. *Mar 1 03:01:56.399: ISAKMP (0:27): Unknown Input IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY: state = IKE_I_MM1 *Mar 1 03:01:56.399: ISAKMP (0:27): Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY *Mar 1 03:01:56.399: ISAKMP (0:27): Old State = IKE_I_MM1 New State = IKE_I_MM1 *Mar 1 03:01:56.399: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mode failed with peer at 192.168.3.1 *Mar 1 03:02:00.399: ISAKMP (0:26): received packet from 192.168.3.1 dport 500 sport 500 Global (R) MM_NO_STATE *Mar 1 03:02:02.571: IPSEC(encapsulate): invalid conn id 0 *Mar 1 03:02:02.571: IPSEC(encapsulate): error in encapsulation crypto_ip_encrypt *Mar 1 03:02:05.399: ISAKMP (0:26): received packet from 192.168.3.1 dport 500 sport 500 Global (R) MM_NO_STATE *Mar 1 03:02:07.703: ISAKMP (0:0): received packet from 192.168.3.1 dport 500 sport 500 Global (N) NEW SA *Mar 1 03:02:07.703: ISAKMP: Created a peer struct for 192.168.3.1, peer port 500 *Mar 1 03:02:07.703: ISAKMP: Locking peer struct 0x810A78D8, IKE refcount 1 for Responding to new initiation *Mar 1 03:02:07.707: ISAKMP: local port 500, remote port 500 *Mar 1 03:02:07.707: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 810A6ED4 *Mar 1 03:02:07.707: ISAKMP (0:28): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 1 03:02:07.707: ISAKMP (0:28): Old State = IKE_READY New State = IKE_R_MM1 *Mar 1 03:02:07.707: ISAKMP (0:28): processing SA payload. message ID = 0 *Mar 1 03:02:07.707: ISAKMP (0:28): processing vendor id payload *Mar 1 03:02:07.707: ISAKMP (0:28): vendor ID seems Unity/DPD but major 221 mismatch *Mar 1 03:02:07.711: ISAKMP (0:28): processing vendor id payload *Mar 1 03:02:07.711: ISAKMP (0:28): vendor ID seems Unity/DPD but major 123 mismatch *Mar 1 03:02:07.711: ISAKMP (0:28): vendor ID is NAT-T v2 *Mar 1 03:02:07.711: ISAKMP (0:28): processing vendor id payload *Mar 1 03:02:07.711: ISAKMP (0:28): vendor ID is DPD *Mar 1 03:02:07.711: ISAKMP: Looking for a matching key for 192.168.3.1 in default : success *Mar 1 03:02:07.711: ISAKMP (0:28): found peer pre-shared key matching 192.168.3.1 *Mar 1 03:02:07.711: ISAKMP (0:28) local preshared key found *Mar 1 03:02:07.711: ISAKMP : Scanning profiles for xauth ... *Mar 1 03:02:07.711: ISAKMP (0:28): Checking ISAKMP transform 1 against priority 1 policy *Mar 1 03:02:07.711: ISAKMP: default group 2 *Mar 1 03:02:07.711: ISAKMP: auth pre-share *Mar 1 03:02:07.715: ISAKMP: encryption DES-CBC *Mar 1 03:02:07.715: ISAKMP: hash MD5 *Mar 1 03:02:07.715: ISAKMP: life type in seconds *Mar 1 03:02:07.715: ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80 *Mar 1 03:02:07.715: ISAKMP (0:28): Diffie-Hellman group offered does not match policy! *Mar 1 03:02:07.715: ISAKMP (0:28): atts are not acceptable. Next payload is 0 *Mar 1 03:02:07.715: ISAKMP (0:28): Checking ISAKMP transform 1 against priority 65535 policy *Mar 1 03:02:07.715: ISAKMP: default group 2 *Mar 1 03:02:07.715: ISAKMP: auth pre-share *Mar 1 03:02:07.715: ISAKMP: encryption DES-CBC *Mar 1 03:02:07.715: ISAKMP: hash MD5 *Mar 1 03:02:07.715: ISAKMP: life type in seconds *Mar 1 03:02:07.715: ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80 *Mar 1 03:02:07.715: ISAKMP (0:28): Hash algorithm offered does not match policy! *Mar 1 03:02:07.719: ISAKMP (0:28): atts are not acceptable. Next payload is 0 *Mar 1 03:02:07.719: ISAKMP (0:28): no offers accepted! *Mar 1 03:02:07.719: ISAKMP (0:28): phase 1 SA policy not acceptable! (local 192.168.2.1 remote 192.168.3.1) *Mar 1 03:02:07.719: ISAKMP (0:28): incrementing error counter on sa, attempt 1 of 5: construct_fail_ag_init *Mar 1 03:02:07.719: ISAKMP (0:28): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Mar 1 03:02:07.719: ISAKMP (0:28): Old State = IKE_R_MM1 New State = IKE_R_MM1 *Mar 1 03:02:07.719: ISAKMP (0:28): Input = IKE_MESG_INTERNAL, IKE_PROCESS_ERROR *Mar 1 03:02:07.719: ISAKMP (0:28): Old State = IKE_R_MM1 New State = IKE_READY *Mar 1 03:02:12.403: ISAKMP (0:28): received packet from 192.168.3.1 dport 500 sport 500 Global (R) MM_NO_STATE *Mar 1 03:02:12.403: ISAKMP (0:28): phase 1 packet is a duplicate of a previous packet. *Mar 1 03:02:12.403: ISAKMP (0:28): retransmitting due to retransmit phase 1 *Mar 1 03:02:12.903: ISAKMP (0:28): retransmitting phase 1 MM_NO_STATE... *Mar 1 03:02:12.903: ISAKMP (0:28): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1 *Mar 1 03:02:12.903: ISAKMP (0:28): retransmitting phase 1 MM_NO_STATE *Mar 1 03:02:12.903: ISAKMP (0:28): sending packet to 192.168.3.1 my_port 500 peer_port 500 (R) MM_NO_STATE *Mar 1 03:02:17.907: ISAKMP (0:28): received packet from 192.168.3.1 dport 500 sport 500 Global (R) MM_NO_STATE *Mar 1 03:02:17.911: ISAKMP (0:28): phase 1 packet is a duplicate of a previous packet. *Mar 1 03:02:17.911: ISAKMP (0:28): retransmitting due to retransmit phase 1 *Mar 1 03:02:17.911: ISAKMP (0:28): no outgoing phase 1 packet to retransmit. MM_NO_STATE *Mar 1 03:02:22.911: ISAKMP (0:28): received packet from 192.168.3.1 dport 500 sport 500 Global (R) MM_NO_STATE *Mar 1 03:02:22.911: ISAKMP (0:28): phase 1 packet is a duplicate of a previous packet. *Mar 1 03:02:22.911: ISAKMP (0:28): retransmitting due to retransmit phase 1 *Mar 1 03:02:22.911: ISAKMP (0:28): no outgoing phase 1 packet to retransmit. MM_NO_STATE *Mar 1 03:02:26.383: IPSEC(key_engine): request timer fired: count = 1, (identity) local= 192.168.2.1, remote= 192.168.3.1, local_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4), remote_proxy= 192.168.4.0/255.255.255.0/0/0 (type=4) *Mar 1 03:02:26.383: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 192.168.2.1, remote= 192.168.3.1, local_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4), remote_proxy= 192.168.4.0/255.255.255.0/0/0 (type=4), protocol= ESP, transform= esp-des esp-md5-hmac (Tunnel), lifedur= 28800s and 4608000kb, spi= 0xD30A8767(3540682599), conn_id= 0, keysize= 0, flags= 0x400B *Mar 1 03:02:26.383: ISAKMP: received ke message (1/1) *Mar 1 03:02:26.387: ISAKMP: set new node 0 to QM_IDLE *Mar 1 03:02:26.387: ISAKMP (0:27): SA is still budding. Attached new ipsec request to it. (local 192.168.2.1, remote 192.168.3.1) *Mar 1 03:02:27.911: ISAKMP (0:28): received packet from 192.168.3.1 dport 500 sport 500 Global (R) MM_NO_STATE *Mar 1 03:02:27.915: ISAKMP (0:28): Notify has no hash. Rejected. *Mar 1 03:02:29.703: ISAKMP (0:0): received packet from 192.168.3.1 dport 500 sport 500 Global (N) NEW SA *Mar 1 03:02:29.703: ISAKMP: Locking peer struct 0x810A78D8, IKE refcount 2 for Responding to new initiation *Mar 1 03:02:29.703: ISAKMP: local port 500, remote port 500 *Mar 1 03:02:29.707: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 810A0A88 *Mar 1 03:02:29.707: ISAKMP (0:29): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 1 03:02:29.707: ISAKMP (0:29): Old State = IKE_READY New State = IKE_R_MM1 *Mar 1 03:02:29.707: ISAKMP (0:29): processing SA payload. message ID = 0 *Mar 1 03:02:29.707: ISAKMP (0:29): processing vendor id payload *Mar 1 03:02:29.707: ISAKMP (0:29): vendor ID seems Unity/DPD but major 221 mismatch *Mar 1 03:02:29.707: ISAKMP (0:29): processing vendor id payload *Mar 1 03:02:29.707: ISAKMP (0:29): vendor ID seems Unity/DPD but major 123 mismatch *Mar 1 03:02:29.711: ISAKMP (0:29): vendor ID is NAT-T v2 *Mar 1 03:02:29.711: ISAKMP (0:29): processing vendor id payload *Mar 1 03:02:29.711: ISAKMP (0:29): vendor ID is DPD *Mar 1 03:02:29.711: ISAKMP: Looking for a matching key for 192.168.3.1 in default : success *Mar 1 03:02:29.711: ISAKMP (0:29): found peer pre-shared key matching 192.168.3.1 *Mar 1 03:02:29.711: ISAKMP (0:29) local preshared key found *Mar 1 03:02:29.711: ISAKMP : Scanning profiles for xauth ... *Mar 1 03:02:29.711: ISAKMP (0:29): Checking ISAKMP transform 1 against priority 1 policy *Mar 1 03:02:29.711: ISAKMP: default group 2 *Mar 1 03:02:29.711: ISAKMP: auth pre-share *Mar 1 03:02:29.711: ISAKMP: encryption DES-CBC *Mar 1 03:02:29.711: ISAKMP: hash MD5 *Mar 1 03:02:29.711: ISAKMP: life type in seconds *Mar 1 03:02:29.711: ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80 *Mar 1 03:02:29.715: ISAKMP (0:29): Diffie-Hellman group offered does not match policy! *Mar 1 03:02:29.715: ISAKMP (0:29): atts are not acceptable. Next payload is 0 *Mar 1 03:02:29.715: ISAKMP (0:29): Checking ISAKMP transform 1 against priority 65535 policy *Mar 1 03:02:29.715: ISAKMP: default group 2 *Mar 1 03:02:29.715: ISAKMP: auth pre-share *Mar 1 03:02:29.715: ISAKMP: encryption DES-CBC *Mar 1 03:02:29.715: ISAKMP: hash MD5 *Mar 1 03:02:29.715: ISAKMP: life type in seconds *Mar 1 03:02:29.715: ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80 *Mar 1 03:02:29.715: ISAKMP (0:29): Hash algorithm offered does not match policy! *Mar 1 03:02:29.715: ISAKMP (0:29): atts are not acceptable. Next payload is 0 *Mar 1 03:02:29.715: ISAKMP (0:29): no offers accepted! *Mar 1 03:02:29.715: ISAKMP (0:29): phase 1 SA policy not acceptable! (local 192.168.2.1 remote 192.168.3.1) *Mar 1 03:02:29.719: ISAKMP (0:29): incrementing error counter on sa, attempt 1 of 5: construct_fail_ag_init *Mar 1 03:02:29.719: ISAKMP (0:29): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Mar 1 03:02:29.719: ISAKMP (0:29): Old State = IKE_R_MM1 New State = IKE_R_MM1 *Mar 1 03:02:29.719: ISAKMP (0:29): Input = IKE_MESG_INTERNAL, IKE_PROCESS_ERROR *Mar 1 03:02:29.719: ISAKMP (0:29): Old State = IKE_R_MM1 New State = IKE_READY *Mar 1 03:02:34.915: ISAKMP (0:29): received packet from 192.168.3.1 dport 500 sport 500 Global (R) MM_NO_STATE *Mar 1 03:02:34.915: ISAKMP (0:29): phase 1 packet is a duplicate of a previous packet. *Mar 1 03:02:34.915: ISAKMP (0:29): retransmitting due to retransmit phase 1 *Mar 1 03:02:35.415: ISAKMP (0:29): retransmitting phase 1 MM_NO_STATE... *Mar 1 03:02:35.415: ISAKMP (0:29): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1 *Mar 1 03:02:35.415: ISAKMP (0:29): retransmitting phase 1 MM_NO_STATE *Mar 1 03:02:35.415: ISAKMP (0:29): sending packet to 192.168.3.1 my_port 500 peer_port 500 (R) MM_NO_STATE *Mar 1 03:02:39.419: ISAKMP (0:29): received packet from 192.168.3.1 dport 500 sport 500 Global (R) MM_NO_STATE *Mar 1 03:02:39.423: ISAKMP (0:29): phase 1 packet is a duplicate of a previous packet. *Mar 1 03:02:39.423: ISAKMP (0:29): retransmitting due to retransmit phase 1 *Mar 1 03:02:39.423: ISAKMP (0:29): no outgoing phase 1 packet to retransmit. MM_NO_STATE *Mar 1 03:02:44.423: ISAKMP (0:29): received packet from 192.168.3.1 dport 500 sport 500 Global (R) MM_NO_STATE *Mar 1 03:02:44.423: ISAKMP (0:29): phase 1 packet is a duplicate of a previous packet. *Mar 1 03:02:44.423: ISAKMP (0:29): retransmitting due to retransmit phase 1 *Mar 1 03:02:44.423: ISAKMP (0:29): no outgoing phase 1 packet to retransmit. MM_NO_STATE *Mar 1 03:02:46.303: ISAKMP (0:23): purging node -110837504 *Mar 1 03:02:46.303: ISAKMP (0:23): purging node 955193700 *Mar 1 03:02:49.423: ISAKMP (0:29): received packet from 192.168.3.1 dport 500 sport 500 Global (R) MM_NO_STATE *Mar 1 03:02:49.427: ISAKMP (0:29): Notify has no hash. Rejected. *Mar 1 03:02:51.703: ISAKMP (0:0): received packet from 192.168.3.1 dport 500 sport 500 Global (N) NEW SA *Mar 1 03:02:51.703: ISAKMP: Locking peer struct 0x810A78D8, IKE refcount 3 for Responding to new initiation *Mar 1 03:02:51.707: ISAKMP: local port 500, remote port 500 *Mar 1 03:02:51.707: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 81C8F29C *Mar 1 03:02:51.707: ISAKMP (0:30): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 1 03:02:51.707: ISAKMP (0:30): Old State = IKE_READY New State = IKE_R_MM1 *Mar 1 03:02:51.707: ISAKMP (0:30): processing SA payload. message ID = 0 *Mar 1 03:02:51.707: ISAKMP (0:30): processing vendor id payload *Mar 1 03:02:51.707: ISAKMP (0:30): vendor ID seems Unity/DPD but major 221 mismatch *Mar 1 03:02:51.711: ISAKMP (0:30): processing vendor id payload *Mar 1 03:02:51.711: ISAKMP (0:30): vendor ID seems Unity/DPD but major 123 mismatch *Mar 1 03:02:51.711: ISAKMP (0:30): vendor ID is NAT-T v2 *Mar 1 03:02:51.711: ISAKMP (0:30): processing vendor id payload *Mar 1 03:02:51.711: ISAKMP (0:30): vendor ID is DPD *Mar 1 03:02:51.711: ISAKMP: Looking for a matching key for 192.168.3.1 in default : success *Mar 1 03:02:51.711: ISAKMP (0:30): found peer pre-shared key matching 192.168.3.1 *Mar 1 03:02:51.711: ISAKMP (0:30) local preshared key found *Mar 1 03:02:51.711: ISAKMP : Scanning profiles for xauth ... *Mar 1 03:02:51.711: ISAKMP (0:30): Checking ISAKMP transform 1 against priority 1 policy *Mar 1 03:02:51.711: ISAKMP: default group 2 *Mar 1 03:02:51.711: ISAKMP: auth pre-share *Mar 1 03:02:51.715: ISAKMP: encryption DES-CBC *Mar 1 03:02:51.715: ISAKMP: hash MD5 *Mar 1 03:02:51.715: ISAKMP: life type in seconds *Mar 1 03:02:51.715: ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80 *Mar 1 03:02:51.715: ISAKMP (0:30): Diffie-Hellman group offered does not match policy! *Mar 1 03:02:51.715: ISAKMP (0:30): atts are not acceptable. Next payload is 0 *Mar 1 03:02:51.715: ISAKMP (0:30): Checking ISAKMP transform 1 against priority 65535 policy *Mar 1 03:02:51.715: ISAKMP: default group 2 *Mar 1 03:02:51.715: ISAKMP: auth pre-share *Mar 1 03:02:51.715: ISAKMP: encryption DES-CBC *Mar 1 03:02:51.715: ISAKMP: hash MD5 *Mar 1 03:02:51.715: ISAKMP: life type in seconds *Mar 1 03:02:51.715: ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80 *Mar 1 03:02:51.715: ISAKMP (0:30): Hash algorithm offered does not match policy! *Mar 1 03:02:51.719: ISAKMP (0:30): atts are not acceptable. Next payload is 0 *Mar 1 03:02:51.719: ISAKMP (0:30): no offers accepted! *Mar 1 03:02:51.719: ISAKMP (0:30): phase 1 SA policy not acceptable! (local 192.168.2.1 remote 192.168.3.1) *Mar 1 03:02:51.719: ISAKMP (0:30): incrementing error counter on sa, attempt 1 of 5: construct_fail_ag_init *Mar 1 03:02:51.719: ISAKMP (0:30): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Mar 1 03:02:51.719: ISAKMP (0:30): Old State = IKE_R_MM1 New State = IKE_R_MM1 *Mar 1 03:02:51.719: ISAKMP (0:30): Input = IKE_MESG_INTERNAL, IKE_PROCESS_ERROR *Mar 1 03:02:51.719: ISAKMP (0:30): Old State = IKE_R_MM1 New State = IKE_READY *Mar 1 03:02:56.303: ISAKMP (0:23): purging SA., sa=810A3454, delme=810A3454 *Mar 1 03:02:56.303: ISAKMP (0:26): purging SA., sa=8109A240, delme=8109A240 *Mar 1 03:02:56.307: ISAKMP (0:25): purging SA., sa=81C92A90, delme=81C92A90 *Mar 1 03:02:56.307: ISAKMP (0:24): purging SA., sa=81C8E8E8, delme=81C8E8E8 *Mar 1 03:02:56.383: IPSEC(key_engine): request timer fired: count = 2, (identity) local= 192.168.2.1, remote= 192.168.3.1, local_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4), remote_proxy= 192.168.4.0/255.255.255.0/0/0 (type=4) *Mar 1 03:02:56.383: ISAKMP: received ke message (3/1) *Mar 1 03:02:56.383: ISAKMP (0:27): peer does not do paranoid keepalives. *Mar 1 03:02:56.383: ISAKMP (0:27): deleting SA reason "gen_ipsec_isakmp_delete but doi isakmp" state (I) MM_NO_STATE (peer 192.168.3.1) input queue 0 *Mar 1 03:02:56.383: ISAKMP (0:30): peer does not do paranoid keepalives. *Mar 1 03:02:56.383: ISAKMP (0:30): deleting SA reason "gen_ipsec_isakmp_delete but doi isakmp" state (R) MM_NO_STATE (peer 192.168.3.1) input queue 0 *Mar 1 03:02:56.387: ISAKMP (0:29): peer does not do paranoid keepalives. *Mar 1 03:02:56.387: ISAKMP (0:29): deleting SA reason "gen_ipsec_isakmp_delete but doi isakmp" state (R) MM_NO_STATE (peer 192.168.3.1) input queue 0 *Mar 1 03:02:56.387: ISAKMP (0:28): peer does not do paranoid keepalives. *Mar 1 03:02:56.387: ISAKMP (0:28): deleting SA reason "gen_ipsec_isakmp_delete but doi isakmp" state (R) MM_NO_STATE (peer 192.168.3.1) input queue 0 *Mar 1 03:02:56.387: ISAKMP (0:27): deleting SA reason "gen_ipsec_isakmp_delete but doi isakmp" state (I) MM_NO_STATE (peer 192.168.3.1) input queue 0 *Mar 1 03:02:56.387: ISAKMP (0:27): deleting node 767704031 error TRUE reason "gen_ipsec_isakmp_delete but doi isakmp" *Mar 1 03:02:56.387: ISAKMP (0:27): deleting node -1666348521 error TRUE reason "gen_ipsec_isakmp_delete but doi isakmp" *Mar 1 03:02:56.391: ISAKMP (0:27): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Mar 1 03:02:56.391: ISAKMP (0:27): Old State = IKE_I_MM1 New State = IKE_DEST_SA *Mar 1 03:02:56.391: ISAKMP (0:30): deleting SA reason "gen_ipsec_isakmp_delete but doi isakmp" state (R) MM_NO_STATE (peer 192.168.3.1) input queue 0 *Mar 1 03:02:56.391: ISAKMP: Unlocking IKE struct 0x810A78D8 for isadb_mark_sa_deleted(), count 2 *Mar 1 03:02:56.391: ISAKMP (0:30): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Mar 1 03:02:56.391: ISAKMP (0:30): Old State = IKE_READY New State = IKE_DEST_SA *Mar 1 03:02:56.391: ISAKMP (0:29): deleting SA reason "gen_ipsec_isakmp_delete but doi isakmp" state (R) MM_NO_STATE (peer 192.168.3.1) input queue 0 *Mar 1 03:02:56.395: ISAKMP: Unlocking IKE struct 0x810A78D8 for isadb_mark_sa_deleted(), count 1 *Mar 1 03:02:56.395: ISAKMP (0:29): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Mar 1 03:02:56.395: ISAKMP (0:29): Old State = IKE_READY New State = IKE_DEST_SA *Mar 1 03:02:56.395: ISAKMP (0:28): deleting SA reason "gen_ipsec_isakmp_delete but doi isakmp" state (R) MM_NO_STATE (peer 192.168.3.1) input queue 0 *Mar 1 03:02:56.395: ISAKMP: Unlocking IKE struct 0x810A78D8 for isadb_mark_sa_deleted(), count 0 *Mar 1 03:02:56.395: ISAKMP: Deleting peer node by peer_reap for 192.168.3.1: 810A78D8 *Mar 1 03:02:56.395: ISAKMP (0:28): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Mar 1 03:02:56.399: ISAKMP (0:28): Old State = IKE_READY New State = IKE_DEST_SA *Mar 1 03:02:56.467: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 192.168.2.1, remote= 192.168.3.1, local_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4), remote_proxy= 192.168.4.0/255.255.255.0/0/0 (type=4), protocol= ESP, transform= esp-des esp-md5-hmac (Tunnel), lifedur= 28800s and 4608000kb, spi= 0xF8A89D4C(4171799884), conn_id= 0, keysize= 0, flags= 0x400B *Mar 1 03:02:56.471: ISAKMP: received ke message (1/1) *Mar 1 03:02:56.471: ISAKMP (0:0): SA request profile is (NULL) *Mar 1 03:02:56.471: ISAKMP: local port 500, remote port 500 *Mar 1 03:02:56.471: ISAKMP: set new node 0 to QM_IDLE *Mar 1 03:02:56.475: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 8177A7B8 *Mar 1 03:02:56.475: ISAKMP (0:31): Can not start Aggressive mode, trying Main mode. *Mar 1 03:02:56.475: ISAKMP: Looking for a matching key for 192.168.3.1 in default : success *Mar 1 03:02:56.475: ISAKMP (0:31): found peer pre-shared key matching 192.168.3.1 *Mar 1 03:02:56.475: ISAKMP (0:31): constructed NAT-T vendor-07 ID *Mar 1 03:02:56.475: ISAKMP (0:31): constructed NAT-T vendor-03 ID *Mar 1 03:02:56.475: ISAKMP (0:31): constructed NAT-T vendor-02 ID *Mar 1 03:02:56.475: ISAKMP (0:31): Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM *Mar 1 03:02:56.475: ISAKMP (0:31): Old State = IKE_READY New State = IKE_I_MM1 *Mar 1 03:02:56.475: ISAKMP (0:31): beginning Main Mode exchange *Mar 1 03:02:56.479: ISAKMP (0:31): sending packet to 192.168.3.1 my_port 500 peer_port 500 (I) MM_NO_STATE *Mar 1 03:02:56.483: ISAKMP (0:30): received packet from 192.168.3.1 dport 500 sport 500 Global (R) MM_NO_STATE *Mar 1 03:02:56.483: ISAKMP (0:31): received packet from 192.168.3.1 dport 500 sport 500 Global (I) MM_NO_STATE *Mar 1 03:02:56.487: ISAKMP (0:31): Notify has no hash. Rejected. *Mar 1 03:02:56.487: ISAKMP (0:31): Unknown Input IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY: state = IKE_I_MM1 *Mar 1 03:02:56.487: ISAKMP (0:31): Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY *Mar 1 03:02:56.487: ISAKMP (0:31): Old State = IKE_I_MM1 New State = IKE_I_MM1 *Mar 1 03:02:56.487: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mode failed with peer at 192.168.3.1 *Mar 1 03:03:01.487: ISAKMP (0:30): received packet from 192.168.3.1 dport 500 sport 500 Global (R) MM_NO_STATE *Mar 1 03:03:02.571: IPSEC(encapsulate): invalid conn id 0 *Mar 1 03:03:02.571: IPSEC(encapsulate): error in encapsulation crypto_ip_encrypt *Mar 1 03:03:06.487: ISAKMP (0:30): received packet from 192.168.3.1 dport 500 sport 500 Global (R) MM_NO_STATE FICC_Cisco# FICC_Cisco#u al *Mar 1 03:03:11.491: ISAKMP (0:30): received packet from 192.168.3.1 dport 500 sport 500 Global (R) MM_NO_STATEl All possible debugging has been turned off FICC_Cisco#shoc   w config Using 1069 out of 29688 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname FICC_Cisco ! boot-start-marker boot-end-marker ! ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 no aaa new-model ip subnet-zero ip cef ! ! ! --More--  ip audit po max-events 100 ! ! username test privilege 15 password 0 cisco ! ! ! ! crypto ipsec transform-set DES_MD5 esp-des esp-md5-hmac ! ! interface Ethernet0 description connection to HP router ip address 192.168.2.1 255.255.255.252 half-duplex ! interface FastEthernet0 ip address 192.168.1.1 255.255.255.0 speed auto ! ip classless ip route 0.0.0.0 0.0.0.0 Ethernet0 ip route 192.168.3.0 255.255.255.252 Ethernet0 --More--  ip route 192.168.4.0 255.255.255.0 192.168.2.2 ip http server ip http authentication local no ip http secure-server ! access-list 100 remark SDM_ACL Category=4 access-list 100 remark IPSec Rule access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255 ! line con 0 login local line aux 0 line vty 0 4 login local ! end FICC_Cisco# exit FICC_Cisco con0 is now available Press RETURN to get started.