12-03-2011 12:39 AM
Hi dear.I configurated ipsec at ASA 5510. then i need l2tp over ipsec configuration.my ipsec vpn is work there is no problem, but i also want to work l2tp over ipsec. my vpn configuration is done at ASA but nat translation is done at router. asa and router connect each other.
this is router nat translation.
interface GigabitEthernet0/1
description connect to ASA outside
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
standby delay minimum 20 reload 20
standby 10 ip 10.0.0.4
standby 10 priority 110
standby 10 preempt delay minimum 20 reload 20 sync 10
standby 10 name Redundancy
!
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat Stateful id 1
redundancy Redundancy
mapping-id 1
protocol udp
ip nat inside source static udp 10.0.0.2 500 188.x.x.6 500 redundancy Redundancy mapping-id 1 extendable
ip nat inside source static udp 10.0.0.2 1701 188.x.x.6 1701 redundancy Redundancy mapping-id 1 extendable
ip nat inside source static udp 10.0.0.2 4500 188.x.x.6 4500 redundancy Redundancy mapping-id 1 extendable
And this my ASAconfiguration only part of vpn configuration.
as you see i also do ipsec vpn configuration but now i only need l2tp over ipsec vpn not ipsec vpn.
interface Ethernet0/0
description connect to RTR1 inside
nameif outside
security-level 0
ip address 10.0.0.2 255.255.255.0 standby 10.0.0.3
!
access-list Split_Tunnel standard permit 172.16.10.0 255.255.255.0
access-list Split_Tunnel standard permit 172.30.30.0 255.255.255.0
access-list Split_Tunnel standard permit 192.168.193.0 255.255.255.0
access-list Split_Tunnel standard permit 10.10.1.0 255.255.255.0
access-list Split_Tunnel standard permit 192.168.200.0 255.255.255.0
access-list Split_Tunnel standard permit 172.30.60.0 255.255.255.0
access-list nonat_inside extended permit ip 192.168.193.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list nonat_inside extended permit ip 192.168.200.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list nonat_inside extended permit ip 172.30.60.0 255.255.255.0 192.168.0.0 255.255.255.0
aaa-server cosmoasa1 protocol radius
aaa-server cosmoasa1 (inside) host 192.x.x.11
key xxxxx
radius-common-pw cosmoasa1test
crypto ipsec transform-set RA-TS esp-3des esp-sha-hmac (ipsec- i do not need)
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map DYN_MAP 10 set transform-set RA-TS (ipsec_
crypto dynamic-map DYN_MAP 10 set reverse-route
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set TRANS_ESP_3DES_SHA ESP-AES-128-SHA ESP-3DES-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-DES-SHA
crypto map VPN_MAP 30 ipsec-isakmp dynamic DYN_MAP (ipsec)
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 3600
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 192.168.x.x 192.x.x.x
vpn-tunnel-protocol IPSec l2tp-ipsec
default-domain value xxxxxxxxxxxxxxx
tunnel-group DefaultRAGroup general-attributes
address-pool VPNPOOL
authentication-server-group cosmoasa1
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
authentication ms-chap-v2
i want to connect windows 7 and the result is that i show at asa(debug crypto isakmp 7): but i do not tried to connect window xp pc now. i need connect window 7 vista and xp.
what is the problem? the problem is asa behind the nat translation device? the problem is the ipsec and l2tp over ipsec is same asa bur i do not use ipsec vpn. or the problem is transformer -set??
please help mee
Dec 03 01:04:07 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, IKE Deleting SA: Remote Proxy 109.205.214.223, Local Proxy 10.0.0.2
Dec 03 01:04:07 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0x37be47f0
Dec 03 01:04:07 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0x6baec590
Dec 03 01:04:15 [IKEv1]: IP = 109.205.214.223, IKE_DECODE RECEIVED Message (msgid=5) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NAT-OA (131) + NONE (0) total length : Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, processing hash payload
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, processing SA payload
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, processing nonce payload
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, processing ID payload
Dec 03 01:04:15 [IKEv1]: Group = DefaultRAGroup, IP = 109.205.214.223, Received remote Proxy Host data in ID Payload: Address 109.205.214.223, Protocol 17, Port 0
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, processing ID payload
Dec 03 01:04:15 [IKEv1]: Group = DefaultRAGroup, IP = 109.205.214.223, Received local Proxy Host data in ID Payload: Address 10.0.0.2, Protocol 17, Port 1701
Dec 03 01:04:15 [IKEv1]: Group = DefaultRAGroup, IP = 109.205.214.223, L2TP/IPSec session detected.
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, processing NAT-Original-Address payload
Dec 03 01:04:15 [IKEv1]: Group = DefaultRAGroup, IP = 109.205.214.223, Static Crypto Map check, checking map = outside_map, seq = 20...
Dec 03 01:04:15 [IKEv1]: Group = DefaultRAGroup, IP = 109.205.214.223, Static Crypto Map check, map = outside_map, seq = 20, no ACL configured
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Dec 03 01:04:15 [IKEv1]: Group = DefaultRAGroup, IP = 109.205.214.223, IKE Remote Peer configured for crypto map: SYSTEM_DEFAULT_CRYPTO_MAP
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, processing IPSec SA payload
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, IPSec SA Proposal # 2, Transform # 1 acceptable Matches global IPSec SA entry # 65535
Dec 03 01:04:15 [IKEv1]: Group = DefaultRAGroup, IP = 109.205.214.223, IKE: requesting SPI!
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, Active unit process rekey delete event for remote peer 109.205.214.223.
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, IKE got SPI from key engine: SPI = 0x4ab19ce7
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, oakley constucting quick mode
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, constructing blank hash payload
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, constructing IPSec SA payload
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, constructing IPSec nonce payload
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, constructing proxy ID
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, Transmitting Proxy Id:
Remote host: 109.205.214.223 Protocol 17 Port 0
Local host: 10.0.0.2 Protocol 17 Port 1701
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, constructing NAT-Original-Address payload
Dec 03 01:04:15 [IKEv1]: Group = DefaultRAGroup, IP = 109.205.214.223, NAT-Traversal sending NAT-Original-Address payload
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, constructing qm hash payload
Dec 03 01:04:15 [IKEv1]: IP = 109.205.214.223, IKE_DECODE SENDING Message (msgid=5) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NAT-OA (131) + NONE (0) total length : 172
Dec 03 01:04:15 [IKEv1]: IP = 109.205.214.223, IKE_DECODE RECEIVED Message (msgid=5) with payloads : HDR + HASH (8) + NONE (0) total length : 52
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, processing hash payload
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, loading all IPSEC SAs
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, Generating Quick Mode Key!
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, NP encrypt rule look up for crypto map SYSTEM_DEFAULT_CRYPTO_MAP 65535 matching ACL Unknown: returned cs_id=ac16f098; rule=00000000
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, Generating Quick Mode Key!
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, NP encrypt rule look up for crypto map SYSTEM_DEFAULT_CRYPTO_MAP 65535 matching ACL Unknown: returned cs_id=ac16f098; rule=00000000
Dec 03 01:04:15 [IKEv1]: Group = DefaultRAGroup, IP = 109.205.214.223, Security negotiation complete for User () Responder, Inbound SPI = 0x4ab19ce7, Outbound SPI = 0x7ef76983
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, IKE got a KEY_ADD msg for SA: SPI = 0x7ef76983
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, Pitcher: received KEY_UPDATE, spi 0x4ab19ce7
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, Starting P2 rekey timer: 3060 seconds.
Dec 03 01:04:15 [IKEv1]: Group = DefaultRAGroup, IP = 109.205.214.223, PHASE 2 COMPLETED (msgid=00000005)
Dec 03 01:04:15 [IKEv1]: IKEQM_Active() Add L2TP classification rules: ip <109.205.214.223> mask <0xFFFFFFFF> port <10201>
Dec 03 01:04:15 [IKEv1]: IP = 109.205.214.223, IKE_DECODE RECEIVED Message (msgid=418f1f1a) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 68
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, processing hash payload
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, processing delete
Dec 03 01:04:15 [IKEv1]: Group = DefaultRAGroup, IP = 109.205.214.223, IKE Received delete for rekeyed centry IKE peer: 109.205.214.223, centry addr: abcb3100, msgid: 0x00000004
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, Active unit receives a delete event for remote peer 109.205.214.223.
Dec 03 01:04:15 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, IKE Deleting SA: Remote Proxy 109.205.214.223, Local Proxy 10.0.0.2
Dec 03 01:04:15 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0xc2caff6f
Dec 03 01:04:15 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0x8823e801
Dec 03 01:04:25 [IKEv1]: IP = 109.205.214.223, IKE_DECODE RECEIVED Message (msgid=6) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NAT-OA (131) + NONE (0) total length : 312
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, processing hash payload
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, processing SA payload
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, processing nonce payload
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, processing ID payload
Dec 03 01:04:25 [IKEv1]: Group = DefaultRAGroup, IP = 109.205.214.223, Received remote Proxy Host data in ID Payload: Address 109.205.214.223, Protocol 17, Port 0
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, processing ID payload
Dec 03 01:04:25 [IKEv1]: Group = DefaultRAGroup, IP = 109.205.214.223, Received local Proxy Host data in ID Payload: Address 10.0.0.2, Protocol 17, Port 1701
Dec 03 01:04:25 [IKEv1]: Group = DefaultRAGroup, IP = 109.205.214.223, L2TP/IPSec session detected.
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, processing NAT-Original-Address payload
Dec 03 01:04:25 [IKEv1]: Group = DefaultRAGroup, IP = 109.205.214.223, Static Crypto Map check, checking map = outside_map, seq = 20...
Dec 03 01:04:25 [IKEv1]: Group = DefaultRAGroup, IP = 109.205.214.223, Static Crypto Map check, map = outside_map, seq = 20, no ACL configured
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Dec 03 01:04:25 [IKEv1]: Group = DefaultRAGroup, IP = 109.205.214.223, IKE Remote Peer configured for crypto map: SYSTEM_DEFAULT_CRYPTO_MAP
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, processing IPSec SA payload
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, IPSec SA Proposal # 2, Transform # 1 acceptable Matches global IPSec SA entry # 65535
Dec 03 01:04:25 [IKEv1]: Group = DefaultRAGroup, IP = 109.205.214.223, IKE: requesting SPI!
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, Active unit process rekey delete event for remote peer 109.205.214.223.
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, IKE got SPI from key engine: SPI = 0x124151e1
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, oakley constucting quick mode
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, constructing blank hash payload
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, constructing IPSec SA payload
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, constructing IPSec nonce payload
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, constructing proxy ID
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, Transmitting Proxy Id:
Remote host: 109.205.214.223 Protocol 17 Port 0
Local host: 10.0.0.2 Protocol 17 Port 1701
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, constructing NAT-Original-Address payload
Dec 03 01:04:25 [IKEv1]: Group = DefaultRAGroup, IP = 109.205.214.223, NAT-Traversal sending NAT-Original-Address payload
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, constructing qm hash payload
Dec 03 01:04:25 [IKEv1]: IP = 109.205.214.223, IKE_DECODE SENDING Message (msgid=6) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NAT-OA (131) + NONE (0) total length : 172
Dec 03 01:04:25 [IKEv1]: IP = 109.205.214.223, IKE_DECODE RECEIVED Message (msgid=6) with payloads : HDR + HASH (8) + NONE (0) total length : 52
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, processing hash payload
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, loading all IPSEC SAs
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, Generating Quick Mode Key!
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, NP encrypt rule look up for crypto map SYSTEM_DEFAULT_CRYPTO_MAP 65535 matching ACL Unknown: returned cs_id=ac16f098; rule=00000000
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, Generating Quick Mode Key!
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, NP encrypt rule look up for crypto map SYSTEM_DEFAULT_CRYPTO_MAP 65535 matching ACL Unknown: returned cs_id=ac16f098; rule=00000000
Dec 03 01:04:25 [IKEv1]: Group = DefaultRAGroup, IP = 109.205.214.223, Security negotiation complete for User () Responder, Inbound SPI = 0x124151e1, Outbound SPI = 0xb748d8c0
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, IKE got a KEY_ADD msg for SA: SPI = 0xb748d8c0
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, Pitcher: received KEY_UPDATE, spi 0x124151e1
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, Starting P2 rekey timer: 3060 seconds.
Dec 03 01:04:25 [IKEv1]: Group = DefaultRAGroup, IP = 109.205.214.223, PHASE 2 COMPLETED (msgid=00000006)
Dec 03 01:04:25 [IKEv1]: IKEQM_Active() Add L2TP classification rules: ip <109.205.214.223> mask <0xFFFFFFFF> port <10201>
Dec 03 01:04:25 [IKEv1]: IP = 109.205.214.223, IKE_DECODE RECEIVED Message (msgid=19fc11fc) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 68
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, processing hash payload
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, processing delete
Dec 03 01:04:25 [IKEv1]: Group = DefaultRAGroup, IP = 109.205.214.223, IKE Received delete for rekeyed centry IKE peer: 109.205.214.223, centry addr: abfae818, msgid: 0x00000005
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, Active unit receives a delete event for remote peer 109.205.214.223.
Dec 03 01:04:25 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, IKE Deleting SA: Remote Proxy 109.205.214.223, Local Proxy 10.0.0.2
Dec 03 01:04:25 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0x4ab19ce7
Dec 03 01:04:25 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0x7ef76983
Dec 03 01:04:35 [IKEv1]: IP = 109.205.214.223, IKE_DECODE RECEIVED Message (msgid=c5b62afa) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 68
Dec 03 01:04:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, processing hash payload
Dec 03 01:04:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, processing delete
Dec 03 01:04:35 [IKEv1]: Group = DefaultRAGroup, IP = 109.205.214.223, Connection terminated for peer . Reason: Peer Terminate Remote Proxy 109.205.214.223, Local Proxy 10.0.0.2
Dec 03 01:04:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, Active unit receives a delete event for remote peer 109.205.214.223.
Dec 03 01:04:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, IKE Deleting SA: Remote Proxy 109.205.214.223, Local Proxy 10.0.0.2
Dec 03 01:04:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, IKE SA MM:f6e73254 rcv'd Terminate: state MM_ACTIVE flags 0x00000042, refcnt 1, tuncnt 0
Dec 03 01:04:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, IKE SA MM:f6e73254 terminating: flags 0x01000002, refcnt 0, tuncnt 0
Dec 03 01:04:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, sending delete/delete with reason message
Dec 03 01:04:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, constructing blank hash payload
Dec 03 01:04:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, constructing IKE delete payload
Dec 03 01:04:35 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 109.205.214.223, constructing qm hash payload
Dec 03 01:04:35 [IKEv1]: IP = 109.205.214.223, IKE_DECODE SENDING Message (msgid=7c1827ef) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Dec 03 01:04:35 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0x124151e1
Dec 03 01:04:35 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0x124151e1
Dec 03 01:04:35 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0xb748d8c0
Dec 03 01:04:35 [IKEv1]: Ignoring msg to mark SA with dsID 1298432 dead because SA deleted
Dec 03 01:04:35 [IKEv1]: IP = 109.205.214.223, Received encrypted packet with no matching SA, dropping
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide