Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IPSEC Remote ACCESS VPN (Using Certificates)????

Hello All,

           I am new to using Remote Access VPN with Certificates. Here is a Sh run and Debug.

!
interface Vlan1
nameif outside
security-level 0
ip address 192.168.2.25 255.255.255.0
!
interface Vlan2
nameif inside
security-level 100
ip address 192.168.3.1 255.255.255.0
!
interface Ethernet0/0
!
interface Ethernet0/1
switchport access vlan 2
!
interface Ethernet0/2
shutdown
!
interface Ethernet0/3
shutdown
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5
shutdown
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
shutdown
!
boot system disk0:/asa822-k8.bin
ftp mode passive
pager lines 24
mtu outside 1500
mtu inside 1500
ip local pool IPSec_Pool 192.168.3.100-192.168.3.150 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-631.bin
no asdm history enable
arp timeout 14400
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.2.26 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment url http://192.168.2.75:80/certsrv/mscep/mscep.dll
crl configure
crypto ca trustpoint ASDM_TrustPoint1
enrollment url http://192.168.2.75:80/certsrv/mscep/mscep.dll
subject-name CN=ciscoasa
password *
keypair IPSec_Key
no client-types
crl configure
crypto ca trustpoint ASDM_TrustPoint2
enrollment url http://192.168.2.75:80/certsrv/mscep/mscep.dll
subject-name CN=ciscoasa
password *
no client-types
crl configure
crypto ca trustpoint ASDM_TrustPoint3
enrollment url http://192.168.2.75:80/certsrv/mscep/mscep.dll
subject-name CN=ciscoasa
password *
no client-types
crl configure
crypto ca trustpoint ASDM_TrustPoint4
enrollment url http://192.168.2.75:80/certsrv/mscep/mscep.dll
subject-name CN=ciscoasa
password *
keypair IPSec_Key
no client-types
crl configure
crypto ca certificate map IPSec_Map 10
subject-name attr sp eq ga
crypto ca certificate chain ASDM_TrustPoint0
certificate ca 65cc7b6fb68667b945bbc8023e7a7136
    30820442 3082032a a0030201 02021065 cc7b6fb6 8667b945 bbc8023e 7a713630
    0d06092a 864886f7 0d010105 0500303a 31153013 060a0992 268993f2 2c640119
    16054c4f 43414c31 13301106 0a099226 8993f22c 64011916 03494b45 310c300a
    06035504 03130349 4b45301e 170d3130 30373130 31373030 32315a17 0d313530
    37313031 37303935 375a303a 31153013 060a0992 268993f2 2c640119 16054c4f
    43414c31 13301106 0a099226 8993f22c 64011916 03494b45 310c300a 06035504
    03130349 4b453082 0122300d 06092a86 4886f70d 01010105 00038201 0f003082
    010a0282 010100c3 2bbd1db4 27098f9c 3dd5c487 b1ce3c27 61db9704 9ba2a54a
    77eb9152 ef39547c ab2a2c39 071183aa d7760ef5 16950c2d 4048229c 5f94e96f
    2cf2fda7 4347d14a b1fa19d5 f86f8794 4ec34802 39e40fc6 9ddccdad 9dc808f7
    21cbec23 940bf0a7 2c844673 3256b2bc d5f5da6d 8ed27208 ce9bec98 c50c3ca9
    b3da3734 c1984cac c28dbea4 63f76258 3c2c864b 5eed6719 df5ee843 495e79f6
    0c12c59d 5098f264 656548a5 1876e1da faadff43 a35480c2 b79a8b9e 5ff5ed3a
    eb1925a0 3835ed06 7f600758 b7dc3a21 2051cc73 959cd1fa 89d2c683 9ae63acf
    192c94a6 c482bfca 673562a5 2c5bdc60 cf3dc13b f6d40c6f 9d56a99c 50d2d374
    6fb69251 006cd902 03010001 a3820142 3082013e 300b0603 551d0f04 04030201
    86300f06 03551d13 0101ff04 05300301 01ff301d 0603551d 0e041604 14471755
    6d37660f 2fcfb878 3ed65942 63d3f638 243081ec 0603551d 1f0481e4 3081e130
    81dea081 dba081d8 8681a86c 6461703a 2f2f2f43 4e3d494b 452c434e 3d77732d
    32303033 2c434e3d 4344502c 434e3d50 75626c69 63253230 4b657925 32305365
    72766963 65732c43 4e3d5365 72766963 65732c43 4e3d436f 6e666967 75726174
    696f6e2c 44433d49 4b452c44 433d4c4f 43414c3f 63657274 69666963 61746552
    65766f63 6174696f 6e4c6973 743f6261 73653f6f 626a6563 74436c61 73733d63
    524c4469 73747269 62757469 6f6e506f 696e7486 2b687474 703a2f2f 77732d32
    3030332e 696b652e 6c6f6361 6c2f4365 7274456e 726f6c6c 2f494b45 2e63726c
    30100609 2b060104 01823715 01040302 0100300d 06092a86 4886f70d 01010505
    00038201 01009b8a 2947ab8d b8c9f567 852d7cdc 423d2d78 b1de8147 07cc9c93
    f801309a d36d6637 1e85942b 8082720b d84bcf2c c7968e44 3eeff954 32dd7460
    7db068cb a7391876 04f2315e d988b525 22a648ed d8cdebea e115f189 7dee71ed
    f7735a88 3e551f93 dd63c433 fc68f8e8 14076b82 18741d25 fb2801b7 a46622a8
    c96edae3 666d645f b0030810 33ef374b 470beb6b b27f0b31 7aad21ea 203e3ce0
    a609ad82 1a786fe6 182fbb4a babd061d c9d42bfa 8a7bbce5 06088fd1 a558a245
    1ff928b6 757530d3 0574ebdf a270b8bb f576a516 e3692541 8a25ca48 1638a0af
    9ce3cdba 2d5b3372 01015fdb c90a1654 e6e84e78 b6bd0a03 7e879038 1c889bcb
    6528f3f0 35a5
  quit
crypto ca certificate chain ASDM_TrustPoint1
certificate ca 65cc7b6fb68667b945bbc8023e7a7136
    30820442 3082032a a0030201 02021065 cc7b6fb6 8667b945 bbc8023e 7a713630
    0d06092a 864886f7 0d010105 0500303a 31153013 060a0992 268993f2 2c640119
    16054c4f 43414c31 13301106 0a099226 8993f22c 64011916 03494b45 310c300a
    06035504 03130349 4b45301e 170d3130 30373130 31373030 32315a17 0d313530
    37313031 37303935 375a303a 31153013 060a0992 268993f2 2c640119 16054c4f
    43414c31 13301106 0a099226 8993f22c 64011916 03494b45 310c300a 06035504
    03130349 4b453082 0122300d 06092a86 4886f70d 01010105 00038201 0f003082
    010a0282 010100c3 2bbd1db4 27098f9c 3dd5c487 b1ce3c27 61db9704 9ba2a54a
    77eb9152 ef39547c ab2a2c39 071183aa d7760ef5 16950c2d 4048229c 5f94e96f
    2cf2fda7 4347d14a b1fa19d5 f86f8794 4ec34802 39e40fc6 9ddccdad 9dc808f7
    21cbec23 940bf0a7 2c844673 3256b2bc d5f5da6d 8ed27208 ce9bec98 c50c3ca9
    b3da3734 c1984cac c28dbea4 63f76258 3c2c864b 5eed6719 df5ee843 495e79f6
    0c12c59d 5098f264 656548a5 1876e1da faadff43 a35480c2 b79a8b9e 5ff5ed3a
    eb1925a0 3835ed06 7f600758 b7dc3a21 2051cc73 959cd1fa 89d2c683 9ae63acf
    192c94a6 c482bfca 673562a5 2c5bdc60 cf3dc13b f6d40c6f 9d56a99c 50d2d374
    6fb69251 006cd902 03010001 a3820142 3082013e 300b0603 551d0f04 04030201
    86300f06 03551d13 0101ff04 05300301 01ff301d 0603551d 0e041604 14471755
    6d37660f 2fcfb878 3ed65942 63d3f638 243081ec 0603551d 1f0481e4 3081e130
    81dea081 dba081d8 8681a86c 6461703a 2f2f2f43 4e3d494b 452c434e 3d77732d
    32303033 2c434e3d 4344502c 434e3d50 75626c69 63253230 4b657925 32305365
    72766963 65732c43 4e3d5365 72766963 65732c43 4e3d436f 6e666967 75726174
    696f6e2c 44433d49 4b452c44 433d4c4f 43414c3f 63657274 69666963 61746552
    65766f63 6174696f 6e4c6973 743f6261 73653f6f 626a6563 74436c61 73733d63
    524c4469 73747269 62757469 6f6e506f 696e7486 2b687474 703a2f2f 77732d32
    3030332e 696b652e 6c6f6361 6c2f4365 7274456e 726f6c6c 2f494b45 2e63726c
    30100609 2b060104 01823715 01040302 0100300d 06092a86 4886f70d 01010505
    00038201 01009b8a 2947ab8d b8c9f567 852d7cdc 423d2d78 b1de8147 07cc9c93
    f801309a d36d6637 1e85942b 8082720b d84bcf2c c7968e44 3eeff954 32dd7460
    7db068cb a7391876 04f2315e d988b525 22a648ed d8cdebea e115f189 7dee71ed
    f7735a88 3e551f93 dd63c433 fc68f8e8 14076b82 18741d25 fb2801b7 a46622a8
    c96edae3 666d645f b0030810 33ef374b 470beb6b b27f0b31 7aad21ea 203e3ce0
    a609ad82 1a786fe6 182fbb4a babd061d c9d42bfa 8a7bbce5 06088fd1 a558a245
    1ff928b6 757530d3 0574ebdf a270b8bb f576a516 e3692541 8a25ca48 1638a0af
    9ce3cdba 2d5b3372 01015fdb c90a1654 e6e84e78 b6bd0a03 7e879038 1c889bcb
    6528f3f0 35a5
  quit
crypto ca certificate chain ASDM_TrustPoint2
certificate ca 65cc7b6fb68667b945bbc8023e7a7136
    30820442 3082032a a0030201 02021065 cc7b6fb6 8667b945 bbc8023e 7a713630
    0d06092a 864886f7 0d010105 0500303a 31153013 060a0992 268993f2 2c640119
    16054c4f 43414c31 13301106 0a099226 8993f22c 64011916 03494b45 310c300a
    06035504 03130349 4b45301e 170d3130 30373130 31373030 32315a17 0d313530
    37313031 37303935 375a303a 31153013 060a0992 268993f2 2c640119 16054c4f
    43414c31 13301106 0a099226 8993f22c 64011916 03494b45 310c300a 06035504
    03130349 4b453082 0122300d 06092a86 4886f70d 01010105 00038201 0f003082
    010a0282 010100c3 2bbd1db4 27098f9c 3dd5c487 b1ce3c27 61db9704 9ba2a54a
    77eb9152 ef39547c ab2a2c39 071183aa d7760ef5 16950c2d 4048229c 5f94e96f
    2cf2fda7 4347d14a b1fa19d5 f86f8794 4ec34802 39e40fc6 9ddccdad 9dc808f7
    21cbec23 940bf0a7 2c844673 3256b2bc d5f5da6d 8ed27208 ce9bec98 c50c3ca9
    b3da3734 c1984cac c28dbea4 63f76258 3c2c864b 5eed6719 df5ee843 495e79f6
    0c12c59d 5098f264 656548a5 1876e1da faadff43 a35480c2 b79a8b9e 5ff5ed3a
    eb1925a0 3835ed06 7f600758 b7dc3a21 2051cc73 959cd1fa 89d2c683 9ae63acf
    192c94a6 c482bfca 673562a5 2c5bdc60 cf3dc13b f6d40c6f 9d56a99c 50d2d374
    6fb69251 006cd902 03010001 a3820142 3082013e 300b0603 551d0f04 04030201
    86300f06 03551d13 0101ff04 05300301 01ff301d 0603551d 0e041604 14471755
    6d37660f 2fcfb878 3ed65942 63d3f638 243081ec 0603551d 1f0481e4 3081e130
    81dea081 dba081d8 8681a86c 6461703a 2f2f2f43 4e3d494b 452c434e 3d77732d
    32303033 2c434e3d 4344502c 434e3d50 75626c69 63253230 4b657925 32305365
    72766963 65732c43 4e3d5365 72766963 65732c43 4e3d436f 6e666967 75726174
    696f6e2c 44433d49 4b452c44 433d4c4f 43414c3f 63657274 69666963 61746552
    65766f63 6174696f 6e4c6973 743f6261 73653f6f 626a6563 74436c61 73733d63
    524c4469 73747269 62757469 6f6e506f 696e7486 2b687474 703a2f2f 77732d32
    3030332e 696b652e 6c6f6361 6c2f4365 7274456e 726f6c6c 2f494b45 2e63726c
    30100609 2b060104 01823715 01040302 0100300d 06092a86 4886f70d 01010505
    00038201 01009b8a 2947ab8d b8c9f567 852d7cdc 423d2d78 b1de8147 07cc9c93
    f801309a d36d6637 1e85942b 8082720b d84bcf2c c7968e44 3eeff954 32dd7460
    7db068cb a7391876 04f2315e d988b525 22a648ed d8cdebea e115f189 7dee71ed
    f7735a88 3e551f93 dd63c433 fc68f8e8 14076b82 18741d25 fb2801b7 a46622a8
    c96edae3 666d645f b0030810 33ef374b 470beb6b b27f0b31 7aad21ea 203e3ce0
    a609ad82 1a786fe6 182fbb4a babd061d c9d42bfa 8a7bbce5 06088fd1 a558a245
    1ff928b6 757530d3 0574ebdf a270b8bb f576a516 e3692541 8a25ca48 1638a0af
    9ce3cdba 2d5b3372 01015fdb c90a1654 e6e84e78 b6bd0a03 7e879038 1c889bcb
    6528f3f0 35a5
  quit
crypto ca certificate chain ASDM_TrustPoint3
certificate ca 65cc7b6fb68667b945bbc8023e7a7136
    30820442 3082032a a0030201 02021065 cc7b6fb6 8667b945 bbc8023e 7a713630
    0d06092a 864886f7 0d010105 0500303a 31153013 060a0992 268993f2 2c640119
    16054c4f 43414c31 13301106 0a099226 8993f22c 64011916 03494b45 310c300a
    06035504 03130349 4b45301e 170d3130 30373130 31373030 32315a17 0d313530
    37313031 37303935 375a303a 31153013 060a0992 268993f2 2c640119 16054c4f
    43414c31 13301106 0a099226 8993f22c 64011916 03494b45 310c300a 06035504
    03130349 4b453082 0122300d 06092a86 4886f70d 01010105 00038201 0f003082
    010a0282 010100c3 2bbd1db4 27098f9c 3dd5c487 b1ce3c27 61db9704 9ba2a54a
    77eb9152 ef39547c ab2a2c39 071183aa d7760ef5 16950c2d 4048229c 5f94e96f
    2cf2fda7 4347d14a b1fa19d5 f86f8794 4ec34802 39e40fc6 9ddccdad 9dc808f7
    21cbec23 940bf0a7 2c844673 3256b2bc d5f5da6d 8ed27208 ce9bec98 c50c3ca9
    b3da3734 c1984cac c28dbea4 63f76258 3c2c864b 5eed6719 df5ee843 495e79f6
    0c12c59d 5098f264 656548a5 1876e1da faadff43 a35480c2 b79a8b9e 5ff5ed3a
    eb1925a0 3835ed06 7f600758 b7dc3a21 2051cc73 959cd1fa 89d2c683 9ae63acf
    192c94a6 c482bfca 673562a5 2c5bdc60 cf3dc13b f6d40c6f 9d56a99c 50d2d374
    6fb69251 006cd902 03010001 a3820142 3082013e 300b0603 551d0f04 04030201
    86300f06 03551d13 0101ff04 05300301 01ff301d 0603551d 0e041604 14471755
    6d37660f 2fcfb878 3ed65942 63d3f638 243081ec 0603551d 1f0481e4 3081e130
    81dea081 dba081d8 8681a86c 6461703a 2f2f2f43 4e3d494b 452c434e 3d77732d
    32303033 2c434e3d 4344502c 434e3d50 75626c69 63253230 4b657925 32305365
    72766963 65732c43 4e3d5365 72766963 65732c43 4e3d436f 6e666967 75726174
    696f6e2c 44433d49 4b452c44 433d4c4f 43414c3f 63657274 69666963 61746552
    65766f63 6174696f 6e4c6973 743f6261 73653f6f 626a6563 74436c61 73733d63
    524c4469 73747269 62757469 6f6e506f 696e7486 2b687474 703a2f2f 77732d32
    3030332e 696b652e 6c6f6361 6c2f4365 7274456e 726f6c6c 2f494b45 2e63726c
    30100609 2b060104 01823715 01040302 0100300d 06092a86 4886f70d 01010505
    00038201 01009b8a 2947ab8d b8c9f567 852d7cdc 423d2d78 b1de8147 07cc9c93
    f801309a d36d6637 1e85942b 8082720b d84bcf2c c7968e44 3eeff954 32dd7460
    7db068cb a7391876 04f2315e d988b525 22a648ed d8cdebea e115f189 7dee71ed
    f7735a88 3e551f93 dd63c433 fc68f8e8 14076b82 18741d25 fb2801b7 a46622a8
    c96edae3 666d645f b0030810 33ef374b 470beb6b b27f0b31 7aad21ea 203e3ce0
    a609ad82 1a786fe6 182fbb4a babd061d c9d42bfa 8a7bbce5 06088fd1 a558a245
    1ff928b6 757530d3 0574ebdf a270b8bb f576a516 e3692541 8a25ca48 1638a0af
    9ce3cdba 2d5b3372 01015fdb c90a1654 e6e84e78 b6bd0a03 7e879038 1c889bcb
    6528f3f0 35a5
  quit
crypto ca certificate chain ASDM_TrustPoint4
certificate 1366d818000000000008
    30820526 3082040e a0030201 02020a13 66d81800 00000000 08300d06 092a8648
    86f70d01 01050500 303a3115 3013060a 09922689 93f22c64 01191605 4c4f4341
    4c311330 11060a09 92268993 f22c6401 19160349 4b45310c 300a0603 55040313
    03494b45 301e170d 31303037 31313136 31373130 5a170d31 32303731 30313631
    3731305a 302e3119 30170609 2a864886 f70d0109 02130a53 65437552 6557614c
    6c311130 0f060355 04031308 63697363 6f617361 30819f30 0d06092a 864886f7
    0d010101 05000381 8d003081 89028181 00acfafa 6981c7dc c955b496 9a85585a
    c491c877 f3d53123 a6a84e90 cac91f7b 1643c503 87aa9ed1 0abc7d23 9460de7f
    906c9720 8f27fc38 d5e5f790 a3641164 fa2060d4 afa6cb4b 8ffa16e9 6d60bffc
    c4b7477b 1ba352e6 411331e8 803a0472 f4cc7fa5 81a3dcf4 daedcceb e9c79f85
    f25dc2e3 293fb5cf 7d89e874 4f7d4ad1 c5020301 0001a382 02bc3082 02b8300b
    0603551d 0f040403 0205a030 15060355 1d11040e 300c820a 53654375 52655761
    4c6c301d 0603551d 0e041604 1411e518 38a0ca4c 7bf9bbb1 9a279027 ce1f6b62
    1a301f06 03551d23 04183016 80144717 556d3766 0f2fcfb8 783ed659 4263d3f6
    38243081 ec060355 1d1f0481 e43081e1 3081dea0 81dba081 d88681a8 6c646170
    3a2f2f2f 434e3d49 4b452c43 4e3d7773 2d323030 332c434e 3d434450 2c434e3d
    5075626c 69632532 304b6579 25323053 65727669 6365732c 434e3d53 65727669
    6365732c 434e3d43 6f6e6669 67757261 74696f6e 2c44433d 494b452c 44433d4c
    4f43414c 3f636572 74696669 63617465 5265766f 63617469 6f6e4c69 73743f62
    6173653f 6f626a65 6374436c 6173733d 63524c44 69737472 69627574 696f6e50
    6f696e74 862b6874 74703a2f 2f77732d 32303033 2e696b65 2e6c6f63 616c2f43
    65727445 6e726f6c 6c2f494b 452e6372 6c3081fe 06082b06 01050507 01010481
    f13081ee 3081a006 082b0601 05050730 02868193 6c646170 3a2f2f2f 434e3d49
    4b452c43 4e3d4149 412c434e 3d507562 6c696325 32304b65 79253230 53657276
    69636573 2c434e3d 53657276 69636573 2c434e3d 436f6e66 69677572 6174696f
    6e2c4443 3d494b45 2c44433d 4c4f4341 4c3f6341 43657274 69666963 6174653f
    62617365 3f6f626a 65637443 6c617373 3d636572 74696669 63617469 6f6e4175
    74686f72 69747930 4906082b 06010505 07300286 3d687474 703a2f2f 77732d32
    3030332e 696b652e 6c6f6361 6c2f4365 7274456e 726f6c6c 2f77732d 32303033
    2e494b45 2e4c4f43 414c5f49 4b452e63 7274303f 06092b06 01040182 37140204
    321e3000 49005000 53004500 43004900 6e007400 65007200 6d006500 64006900
    61007400 65004f00 66006600 6c006900 6e006530 0c060355 1d130101 ff040230
    00301306 03551d25 040c300a 06082b06 01050508 0202300d 06092a86 4886f70d
    01010505 00038201 0100af17 3ad503de 44c671a3 2c77ce73 566ab61d a628c628
    50a92997 6cef3d4e 80b5f6ec 6319c21c d3cd56b3 2a407c56 dba33f3e fefdc67b
    f05dcb3a 541f27c1 01056849 1117b8da 1dfbf429 67c4d282 817e9c75 79795d5f
    7dd6d3fc 03f71642 fa34fca4 54048f6f 3d296d33 087897a1 6c1e6568 a84e518e
    c331928f 17a531b9 ef5760ec 229ef956 51a8dd41 99ae7659 f9a8010e f0f5baf3
    6fa27e29 055642a6 66e2e28b 1f63e3b3 fd9fdbbc 4b90dde7 f6a72b96 8613f358
    fe5e339b 72ca92c5 43cd934c b92aa646 7870b141 d51c1eb8 3449ba33 350f2f5d
    09996da3 abd1d65d 8ab866d5 67d1e360 1e4337a6 bf0cdba1 2aceb9fe 082634a7
    962a5855 e795070d d2b7
  quit
certificate ca 65cc7b6fb68667b945bbc8023e7a7136
    30820442 3082032a a0030201 02021065 cc7b6fb6 8667b945 bbc8023e 7a713630
    0d06092a 864886f7 0d010105 0500303a 31153013 060a0992 268993f2 2c640119
    16054c4f 43414c31 13301106 0a099226 8993f22c 64011916 03494b45 310c300a
    06035504 03130349 4b45301e 170d3130 30373130 31373030 32315a17 0d313530
    37313031 37303935 375a303a 31153013 060a0992 268993f2 2c640119 16054c4f
    43414c31 13301106 0a099226 8993f22c 64011916 03494b45 310c300a 06035504
    03130349 4b453082 0122300d 06092a86 4886f70d 01010105 00038201 0f003082
    010a0282 010100c3 2bbd1db4 27098f9c 3dd5c487 b1ce3c27 61db9704 9ba2a54a
    77eb9152 ef39547c ab2a2c39 071183aa d7760ef5 16950c2d 4048229c 5f94e96f
    2cf2fda7 4347d14a b1fa19d5 f86f8794 4ec34802 39e40fc6 9ddccdad 9dc808f7
    21cbec23 940bf0a7 2c844673 3256b2bc d5f5da6d 8ed27208 ce9bec98 c50c3ca9
    b3da3734 c1984cac c28dbea4 63f76258 3c2c864b 5eed6719 df5ee843 495e79f6
    0c12c59d 5098f264 656548a5 1876e1da faadff43 a35480c2 b79a8b9e 5ff5ed3a
    eb1925a0 3835ed06 7f600758 b7dc3a21 2051cc73 959cd1fa 89d2c683 9ae63acf
    192c94a6 c482bfca 673562a5 2c5bdc60 cf3dc13b f6d40c6f 9d56a99c 50d2d374
    6fb69251 006cd902 03010001 a3820142 3082013e 300b0603 551d0f04 04030201
    86300f06 03551d13 0101ff04 05300301 01ff301d 0603551d 0e041604 14471755
    6d37660f 2fcfb878 3ed65942 63d3f638 243081ec 0603551d 1f0481e4 3081e130
    81dea081 dba081d8 8681a86c 6461703a 2f2f2f43 4e3d494b 452c434e 3d77732d
    32303033 2c434e3d 4344502c 434e3d50 75626c69 63253230 4b657925 32305365
    72766963 65732c43 4e3d5365 72766963 65732c43 4e3d436f 6e666967 75726174
    696f6e2c 44433d49 4b452c44 433d4c4f 43414c3f 63657274 69666963 61746552
    65766f63 6174696f 6e4c6973 743f6261 73653f6f 626a6563 74436c61 73733d63
    524c4469 73747269 62757469 6f6e506f 696e7486 2b687474 703a2f2f 77732d32
    3030332e 696b652e 6c6f6361 6c2f4365 7274456e 726f6c6c 2f494b45 2e63726c
    30100609 2b060104 01823715 01040302 0100300d 06092a86 4886f70d 01010505
    00038201 01009b8a 2947ab8d b8c9f567 852d7cdc 423d2d78 b1de8147 07cc9c93
    f801309a d36d6637 1e85942b 8082720b d84bcf2c c7968e44 3eeff954 32dd7460
    7db068cb a7391876 04f2315e d988b525 22a648ed d8cdebea e115f189 7dee71ed
    f7735a88 3e551f93 dd63c433 fc68f8e8 14076b82 18741d25 fb2801b7 a46622a8
    c96edae3 666d645f b0030810 33ef374b 470beb6b b27f0b31 7aad21ea 203e3ce0
    a609ad82 1a786fe6 182fbb4a babd061d c9d42bfa 8a7bbce5 06088fd1 a558a245
    1ff928b6 757530d3 0574ebdf a270b8bb f576a516 e3692541 8a25ca48 1638a0af
    9ce3cdba 2d5b3372 01015fdb c90a1654 e6e84e78 b6bd0a03 7e879038 1c889bcb
    6528f3f0 35a5
  quit
crypto isakmp enable outside
crypto isakmp policy 1
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 5
authentication pre-share
encryption aes-256
hash md5
group 5
lifetime 86400
telnet timeout 5
ssh 192.168.2.26 255.255.255.255 outside
ssh timeout 5
console timeout 0

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy IPSecPolicy internal
group-policy IPSecPolicy attributes
banner value Be Careful you might get killed.
vpn-tunnel-protocol IPSec
address-pools value IPSec_Pool
username ike931 password Zf.vD9EVqNx1RBn1 encrypted privilege 15
username admin password f3UhLvUj1QsXsuK7 encrypted privilege 15
username memory password NCOwt6Y1yyHWkTXh encrypted privilege 15
tunnel-group IPSEC_TUNNELGROUP type remote-access
tunnel-group IPSEC_TUNNELGROUP general-attributes
address-pool IPSec_Pool
default-group-policy IPSecPolicy
tunnel-group IPSEC_TUNNELGROUP ipsec-attributes
trust-point ASDM_TrustPoint4
tunnel-group-map enable rules
tunnel-group-map IPSec_Map 10 IPSEC_TUNNELGROUP
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum 512
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
  inspect ip-options
!
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:d55621009634c7a0133021b5b63ef071
: end

Jul 11 17:02:08 [IKEv1]: IP = 192.168.2.26, IKE_DECODE RECEI                                             VED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) +                                              VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 1144
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, processing SA payload
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 2  Cfg'd: Group 5
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 2  Cfg'd: Group 5
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 2  Cfg'd: Group 5
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 2  Cfg'd: Group 5
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 2  Cfg'd: Group 5
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 2  Cfg'd: Group 5
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 2  Cfg'd: Group 5
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 2  Cfg'd: Group 5
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, Oakley proposal is acceptable
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, processing VID payload
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, Received xauth V6 VID
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, processing VID payload
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, Received DPD VID
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, processing VID payload
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, Received Fragmentation VID
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, IKE Peer included IKE fragment                                             ation capability flags:  Main Mode:        True  Aggressive Mode:  False
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, processing VID payload
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, Received NAT-Traversal ver 02                                              VID
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, processing VID payload
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, Received Cisco Unity client VI                                             D
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, processing IKE SA payload
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 2  Cfg'd: Group 5
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 2  Cfg'd: Group 5
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 2  Cfg'd: Group 5
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 2  Cfg'd: Group 5
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 2  Cfg'd: Group 5
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 2  Cfg'd: Group 5
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 2  Cfg'd: Group 5
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 2  Cfg'd: Group 5
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1]: Phase 1 failure:  Mismatched attribute types for class                                              Group Description:  Rcv'd: Group 5  Cfg'd: Group 2
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, IKE SA Proposal # 1, Transform                                              # 13 acceptable  Matches global IKE entry # 1
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, constructing ISAKMP SA payload
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, constructing NAT-Traversal VID                                              ver 02 payload
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, constructing Fragmentation VID                                              + extended capabilities payload
Jul 11 17:02:08 [IKEv1]: IP = 192.168.2.26, IKE_DECODE SENDING Message (msgid=0)                                              with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total lengt                                             h : 132
Jul 11 17:02:08 [IKEv1]: IP = 192.168.2.26, IKE_DECODE RECEIVED Message (msgid=0                                             ) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (130) + NAT-D (130) + VENDOR                                              (13) + VENDOR (13) + NONE (0) total length : 272
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, processing ke payload
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, processing ISA_KE payload
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, processing nonce payload
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, processing NAT-Discovery paylo                                             ad
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, computing NAT Discovery hash
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, processing NAT-Discovery paylo                                             ad
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, computing NAT Discovery hash
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, processing VID payload
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, Processing IOS/PIX Vendor ID p                                             ayload (version: 1.0.0, capabilities: 00000408)
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, processing VID payload
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, Received Cisco Unity client VI                                             D
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, constructing ke payload
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, constructing nonce payload
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, constructing certreq payload
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, constructing Cisco Unity VID p                                             ayload
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, constructing xauth V6 VID payl                                             oad
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, Send IOS VID
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, Constructing ASA spoofing IOS                                              Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, constructing VID payload
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, Send Altiga/Cisco VPN3000/Cisc                                             o ASA GW VID
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, constructing NAT-Discovery pay                                             load
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, computing NAT Discovery hash
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, constructing NAT-Discovery pay                                             load
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, computing NAT Discovery hash
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, Generating keys for Responder.                                             ..
Jul 11 17:02:08 [IKEv1]: IP = 192.168.2.26, IKE_DECODE SENDING Message (msgid=0)                                              with payloads : HDR + KE (4) + NONCE (10) + CERT_REQ (7) + VENDOR (13) + VENDOR                                              (13) + VENDOR (13) + VENDOR (13) + NAT-D (130) + NAT-D (130) + NONE (0) total l                                             ength : 369
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, Rcv'd fragment from a new frag                                             mentation set. Deleting any old fragments.
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, Successfully assembled an encr                                             ypted pkt from rcv'd fragments!
Jul 11 17:02:08 [IKEv1]: IP = 192.168.2.26, IKE_DECODE RECEIVED Message (msgid=0                                             ) with payloads : HDR + ID (5) + CERT (6) + CERT_REQ (7) + SIG (9) + NOTIFY (11)                                              + NONE (0) total length : 1945
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, processing ID payload
Jul 11 17:02:08 [IKEv1 DECODE]: IP = 192.168.2.26, DER_ASN1_DN ID received, len                                              101
0000: 3063310B 30090603 55040613 02555331     0c1.0...U....US1
0010: 0B300906 03550408 13024741 31153013     .0...U....GA1.0.
0020: 06035504 07130C44 6F75676C 61737669     ..U....Douglasvi
0030: 6C6C6531 0C300A06 0355040A 1303494B     lle1.0...U....IK
0040: 45310D30 0B060355 040B1304 492E542E     E1.0...U....I.T.
0050: 31133011 06035504 03130A49 4B452054     1.0...U....IKE T
0060: 55524E45 52                             URNER


Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, processing cert payload
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, processing cert request payloa                                             d
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, processing RSA signature
Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, Computing hash for ISAKMP
Jul 11 17:02:08 [IKEv1 DECODE]: Dump of received Signature, len 256:
0000: 71F979B7 CEB288C5 0AF85D52 BF98A785     q.y.......]R....
0010: C9E9308D 2AE078BE 9FFC614F A2C0E0F6     ..0.*.x...aO....
0020: 7B7094E4 39C14A9C 84C1B20C B1614BF8     {p..9.J......aK.
0030: FC86DE7A DFB73E1E A6845B0A 4A59DFE9     ...z..>...[.JY..
0040: D594F2A1 A9FAA6DE 15194D25 FC5815B3     ..........M%.X..
0050: 05F76563 DF0ABA71 B695449A 5E13AD74     ..ec...q..D.^..t
0060: DBB7A232 E6CEBE65 F4D80AE8 AF4F12D5     ...2...e.....O..
0070: 6587176D DD9A97FF 98827319 799A538D     e..m......s.y.S.
0080: EB97E586 9FB43AFD 1B67A47F 26526B00     ......:..g..&Rk.
0090: 70108CE6 18CE1BAB BA507F53 CB83F91A     p........P.S....
00A0: 32DC4F03 568C854A 1805574B DF0CC098     2.O.V..J..WK....
00B0: B4674A8C C1CFB49B FEA68B1F 1BD45138     .gJ...........Q8
00C0: BD8FBBF2 47209473                       ....G .s


Jul 11 17:02:08 [IKEv1 DEBUG]: IP = 192.168.2.26, processing notify payload
Jul 11 17:02:08 [IKEv1]: IP = 192.168.2.26, Automatic NAT Detection Status:                                                  Remote end is NOT behind a NAT device     This   end is NOT behind a NAT device
Jul 11 17:02:08 [IKEv1]: IP = 192.168.2.26, Trying to find group via cert rules.                                             ..
Jul 11 17:02:08 [IKEv1]: IP = 192.168.2.26, Connection landed on tunnel_group IP                                             SEC_TUNNELGROUP
Jul 11 17:02:08 [IKEv1]: Group = IPSEC_TUNNELGROUP, IP = 192.168.2.26, Certifica                                             te Validation Failed
Jul 11 17:02:08 [IKEv1 DEBUG]: Group = IPSEC_TUNNELGROUP, IP = 192.168.2.26, IKE                                              MM Responder FSM error history (struct &0xd7de5f40)  <state>, <event>:  MM_DONE                                             , EV_ERROR-->MM_BLD_MSG6, EV_CERT_FAIL-->MM_BLD_MSG6, NullEvent-->MM_BLD_MSG6, E                                             V_ACTIVATE_NEW_SA-->MM_BLD_MSG6, NullEvent-->MM_BLD_MSG6, EV_VALIDATE_CERT-->MM_                                             BLD_MSG6, EV_UPDATE_CERT-->MM_BLD_MSG6, EV_TEST_CERT
Jul 11 17:02:08 [IKEv1 DEBUG]: Group = IPSEC_TUNNELGROUP, IP = 192.168.2.26, IKE                                              SA MM:084531c0 terminating:  flags 0x0105c002, refcnt 0, tuncnt 0
Jul 11 17:02:08 [IKEv1 DEBUG]: Group = IPSEC_TUNNELGROUP, IP = 192.168.2.26, sen                                             ding delete/delete with reason message
Jul 11 17:02:08 [IKEv1 DEBUG]: Group = IPSEC_TUNNELGROUP, IP = 192.168.2.26, con                                             structing blank hash payload
Jul 11 17:02:08 [IKEv1 DEBUG]: Group = IPSEC_TUNNELGROUP, IP = 192.168.2.26, con                                             structing IKE delete payload
Jul 11 17:02:08 [IKEv1 DEBUG]: Group = IPSEC_TUNNELGROUP, IP = 192.168.2.26, con                                             structing qm hash payload
Jul 11 17:02:08 [IKEv1]: IP = 192.168.2.26, IKE_DECODE SENDING Message (msgid=9b                                             8a4675) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 8                                             0
Jul 11 17:02:14 [IKEv1]: IP = 192.168.2.26, Header invalid, missing SA payload!                                              (next payload = 132)
Jul 11 17:02:14 [IKEv1]: IKE_DECODE SENDING Message (msgid=0) with payloads : HD                                             R + NOTIFY (11) + NONE (0) total length : 68
Jul 11 17:02:14 [IKEv1]: IP = 192.168.2.26, Header invalid, missing SA payload!                                              (next payload = 132)
Jul 11 17:02:14 [IKEv1]: IKE_DECODE SENDING Message (msgid=0) with payloads : HD                                             R + NOTIFY (11) + NONE (0) total length : 68
Jul 11 17:02:14 [IKEv1]: IP = 192.168.2.26, Header invalid, missing SA payload!                                              (next payload = 132)
Jul 11 17:02:14 [IKEv1]: IKE_DECODE SENDING Message (msgid=0) with payloads : HD                                             R + NOTIFY (11) + NONE (0) total length : 68
Jul 11 17:02:14 [IKEv1]: IP = 192.168.2.26, Header invalid, missing SA payload!                                              (next payload = 132)
Jul 11 17:02:14 [IKEv1]: IKE_DECODE SENDING Message (msgid=0) with payloads : HD                                             R + NOTIFY (11) + NONE (0) total length : 68
Jul 11 17:02:19 [IKEv1]: IP = 192.168.2.26, Header invalid, missing SA payload!                                              (next payload = 132)
Jul 11 17:02:19 [IKEv1]: IKE_DECODE SENDING Message (msgid=0) with payloads : HD                                             R + NOTIFY (11) + NONE (0) total length : 68
Jul 11 17:02:19 [IKEv1]: IP = 192.168.2.26, Header invalid, missing SA payload!                                              (next payload = 132)
Jul 11 17:02:19 [IKEv1]: IKE_DECODE SENDING Message (msgid=0) with payloads : HD                                             R + NOTIFY (11) + NONE (0) total length : 68
Jul 11 17:02:19 [IKEv1]: IP = 192.168.2.26, Header invalid, missing SA payload!                                              (next payload = 132)
Jul 11 17:02:19 [IKEv1]: IKE_DECODE SENDING Message (msgid=0) with payloads : HD                                             R + NOTIFY (11) + NONE (0) total length : 68
Jul 11 17:02:19 [IKEv1]: IP = 192.168.2.26, Header invalid, missing SA payload!                                              (next payload = 132)
Jul 11 17:02:19 [IKEv1]: IKE_DECODE SENDING Message (msgid=0) with payloads : HD                                             R + NOTIFY (11) + NONE (0) total length : 68
Jul 11 17:02:24 [IKEv1]: IP = 192.168.2.26, Header invalid, missing SA payload!                                              (next payload = 132)
Jul 11 17:02:24 [IKEv1]: IKE_DECODE SENDING Message (msgid=0) with payloads : HD                                             R + NOTIFY (11) + NONE (0) total length : 68
Jul 11 17:02:24 [IKEv1]: IP = 192.168.2.26, Header invalid, missing SA payload!                                              (next payload = 132)
Jul 11 17:02:24 [IKEv1]: IKE_DECODE SENDING Message (msgid=0) with payloads : HD                                             R + NOTIFY (11) + NONE (0) total length : 68
Jul 11 17:02:24 [IKEv1]: IP = 192.168.2.26, Header invalid, missing SA payload!                                              (next payload = 132)
Jul 11 17:02:24 [IKEv1]: IKE_DECODE SENDING Message (msgid=0) with payloads : HD                                             R + NOTIFY (11) + NONE (0) total length : 68
Jul 11 17:02:24 [IKEv1]: IP = 192.168.2.26, Header invalid, missing SA payload!                                              (next payload = 132)
Jul 11 17:02:24 [IKEv1]: IKE_DECODE SENDING Message (msgid=0) with payloads : HD                                             R + NOTIFY (11) + NONE (0) total length : 68
Jul 11 17:02:29 [IKEv1]: IP = 192.168.2.26, Received encrypted packet with no ma                                             tching SA, dropping

385
Views
0
Helpful
0
Replies
CreatePlease to create content