HQ#
*Mar 1 01:45:36.431:
ISAKMP: received ke message (1/1)
*Mar 1 01:45:36.435: ISAKMP:(0:0:N/A:0): SA
request profile is (NULL)
>> "Requesting profile"
*Mar 1 01:45:36.439: ISAKMP: Created a peer struct
for 200.200.1.2, peer port 500
>> creating new peer, ISAKMP port 500
*Mar 1 01:45:36.439:
ISAKMP: New peer created peer = 0x64946CF0 peer_handle = 0x80000002
*Mar 1 01:45:36.443:
ISAKMP: Locking peer struct 0x64946CF0, IKE refcount 1 for isakmp_initiator
*Mar 1 01:45:36.447:
ISAKMP: local port 500, remote port 500
*Mar 1 01:45:36.447:
ISAKMP: set new node 0 to QM_IDLE
*Mar 1 01:45:36.451:
insert sa successfully sa = 655EB81C
*Mar 1 01:45:36.455:
ISAKMP:(0:0:N/A:0):Can not start Aggressive mode, trying Main mode.
*Mar 1 01:45:36.455:
ISAKMP:(0:0:N/A:0):Looking for a matching key for 200.200.1.2 in default
*Mar 1 01:45:36.459:
ISAKMP:(0:0:N/A:0): : success
*Mar 1 01:45:36.459:
ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 200.200.1.2
*Mar 1 01:45:36.467: ISAKMP:(0:0:N/A:0):
constructed NAT-T vendor-07 ID
>> creating NAT Transparence tunnel
*Mar
HQ# 1 01:45:36.467: ISAKMP:(0:0:N/A:0): constructed NAT-T
vendor-03 ID
*Mar 1 01:45:36.471:
ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-02 ID
*Mar 1 01:45:36.471:
ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
*Mar 1 01:45:36.475: ISAKMP:(0:0:N/A:0):Old State
= IKE_READY New State = IKE_I_MM1 >> IKE phase is
ready (Sending packet no 1)
*Mar 1 01:45:36.479:
ISAKMP:(0:0:N/A:0): beginning Main Mode exchange
*Mar 1 01:45:36.483: ISAKMP:(0:0:N/A:0): sending
packet to 200.200.1.2 my_port 500 peer_port 500 (I) MM_NO_STATE >> sending
packet
*Mar 1 01:45:36.715: ISAKMP (0:0): received packet
from 200.200.1.2 dport 500 sport 500 Global (I) MM_NO_STATE >> Receiving
Packet
*Mar 1 01:45:36.731:
ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Mar 1 01:45:36.735: ISAKMP:(0:0:N/A:0):Old State
= IKE_I_MM1 New State = IKE_I_MM2 >> Move into IKE phase 1 to IKE Phase 2 (Still in IKE
Phase 1 and packet no 2)
*Mar
HQ# 1 01:45:36.743: ISAKMP:(0:0:N/A:0): processing SA
payload. message ID = 0
*Mar 1 01:45:36.747:
ISAKMP:(0:0:N/A:0): processing vendor id payload
*Mar 1 01:45:36.747:
ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 245 mismatch
*Mar 1 01:45:36.751:
ISAKMP (0:0): vendor ID is NAT-T v7
*Mar 1 01:45:36.755: ISAKMP:(0:0:N/A:0):Looking
for a matching key for 200.200.1.2 in default >> Try to
Matching Pre-shared key of remote
*Mar 1 01:45:36.755:
ISAKMP:(0:0:N/A:0): : success
*Mar 1 01:45:36.759: ISAKMP:(0:0:N/A:0):found peer
pre-shared key matching 200.200.1.2
>> Found Pre-Shared Key of Remote
*Mar 1 01:45:36.759: ISAKMP:(0:0:N/A:0): local
preshared key found >> matching with own
Pre-shared key, success
*Mar 1 01:45:36.767:
ISAKMP : Scanning profiles for xauth ...
*Mar 1 01:45:36.767: ISAKMP:(0:0:N/A:0):Checking
ISAKMP transform 1 against priority 10 policy
>> sending priority 10 policy and
checking policy
*Mar 1 01:45:36.771: ISAKMP: encryption AES-CBC
*Mar 1 01:45:36.775: ISAKMP: keylength of 128
*Mar 1 01:45:36.779: ISAKMP: hash SHA
*Mar 1 01:45:36.779: ISAKMP: default group 2
*Mar 1 01:45:36.787: ISAKMP: auth pre-share
*Mar 1 01:45:36.787: ISAKMP: life type in seconds
*Mar 1 01:45:36.787: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
*Mar 1 01:45:36.803: ISAKMP:(0:0:N/A:0):atts are
acceptable. Next payload is 0 >> attribute
are acceptable
*Mar 1 01:45:36.911:
ISAKMP:(0:1:SW:1): processing vendor id payload
*Mar 1 01:45:36.915:
ISAKMP:(0:1:SW:1): vendor ID seems Unity/DPD but major 245 mismatch
*Mar 1 01:45:36.915:
ISAKMP (0:134217729): vendor ID is NAT-T v7
*Mar 1 01:45:36.915:
ISAKMP:(0:1:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Mar 1 01:45:36.915:
ISAKMP:(0:1:SW:1):Old State = IKE_I_MM2
New State = IKE_I_MM2
*Mar 1 01:45:36.919:
ISAKMP:(0:1:SW:1): sending packet to 200.200.1.2 my_port 500 peer_port 500 (I)
MM_SA_SETUP
*Mar 1 01:45:36.923:
ISAKMP:(0:1:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Mar 1 01:45:36.923:
ISAKMP:(0:1:SW:1):Old State = IKE_I_MM2
New State = IKE_I_MM3
*Mar 1 01:45:37.115:
ISAKMP (0:134217729): received packet from 200.200.1.2 dport 500 sport 500
Global (I) MM_SA_SETUP
*Mar 1 01:45:37.123:
ISAKMP:(0:1:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Mar 1 01:45:37.123:
ISAKMP:(0:1:SW:1):Old State = IKE_I_MM3
New State = IKE_I_MM4
*Mar 1 01:45:37.135:
ISAKMP:(0:1:SW:1): processing KE payload. message ID = 0
*Mar 1 01:45:37.239:
ISAKMP:(0:1:SW:1): processing NONCE payload. message ID = 0
*Mar 1 01:45:37.239:
ISAKMP:(0:0:N/A:0):Looking for a matching key for 200.200.1.2 in default
*Mar 1 01:45:37.243:
ISAKMP:(0:0:N/A:0): : success
*Mar 1 01:45:37.243:
ISAKMP:(0:1:SW:1):found peer pre-shared key matching 200.200.1.2
*Mar 1 01:45:37.247:
ISAKMP:(0:1:SW:1):SKEYID state generated
*Mar 1 01:45:37.247:
ISAKMP:(0:1:SW:1): processing vendor id payload
*Mar 1 01:45:37.247:
ISAKMP:(0:1:SW:1): vendor ID is Unity
*Mar 1 01:45:37.247:
ISAKMP:(0:1:SW:1): processing vendor id payload
*Mar 1 01:45:37.247:
ISAKMP:(0:1:SW:1): vendor ID is DPD
*Mar 1 01:45:37.247:
ISAKMP:(0:1:SW:1): processing vendor id payload
*Mar 1 01:45:37.247:
ISAKMP:(0:1:SW:1): speaking to another IOS box!
*Mar 1 01:45:37.247:
ISAKMP:(0:1:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Mar 1 01:45:37.247:
ISAKMP:(0:1:SW:1):Old State = IKE_I_MM4
New State = IKE_I_MM4
*Mar 1 01:45:37.251:
ISAKMP:(0:1:SW:1):Send initial contact
*Mar 1 01:45:37.255:
ISAKMP:(0:1:SW:1):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
*Mar 1 01:45:37.255:
ISAKMP (0:134217729): ID payload
next-payload :
8
type : 1
address : 100.100.1.2
protocol : 17
port : 500
length : 12
*Mar 1 01:45:37.255:
ISAKMP:(0:1:SW:1):Total payload length: 12
*Mar 1 01:45:37.263:
ISAKMP:(0:1:SW:1): sending packet to 200.200.1.2 my_port 500 peer_port 500 (I)
MM_KEY_EXCH
*Mar 1 01:45:37.263:
ISAKMP:(0:1:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Mar 1 01:45:37.267:
ISAKMP:(0:1:SW:1):Old State = IKE_I_MM4
New State = IKE_I_MM5
*Mar 1 01:45:37.395:
ISAKMP (0:134217729): received packet from 200.200.1.2 dport 500 sport 500
Global (I) MM_KEY_EXCH
*Mar 1 01:45:37.403:
ISAKMP:(0:1:SW:1): processing ID payload. message ID = 0
*Mar 1 01:45:37.407:
ISAKMP (0:134217729): ID payload
next-payload :
8
type : 1
address : 200.200.1.2
protocol : 17
port : 500
length : 12
*Mar 1 01:45:37.411:
ISAKMP:(0:1:SW:1):: peer matches *none* of the profiles
*Mar 1 01:45:37.415:
ISAKMP:(0:1:SW:1): processing HASH payload. message ID = 0
*Mar 1 01:45:37.423:
ISAKMP:(0:1:SW:1):SA authentication status:
authenticated
*Mar 1 01:45:37.423:
ISAKMP:(0:1:SW:1):SA has been authenticated with 200.200.1.2
*Mar 1 01:45:37.427:
ISAKMP: Trying to insert a peer 100.100.1.2/200.200.1.2/500/, and inserted successfully 64946CF0.
*Mar 1 01:45:37.431:
ISAKMP:(0:1:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Mar 1 01:45:37.435:
ISAKMP:(0:1:SW:1):Old State = IKE_I_MM5
New State = IKE_I_MM6
*Mar 1 01:45:37.443:
ISAKMP:(0:1:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Mar 1 01:45:37.447:
ISAKMP:(0:1:SW:1):Old State = IKE_I_MM6
New State = IKE_I_MM6
*Mar 1 01:45:37.459:
ISAKMP:(0:1:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Mar 1 01:45:37.459:
ISAKMP:(0:1:SW:1):Old State = IKE_I_MM6
New State = IKE_P1_COMPLETE
*Mar 1 01:45:37.471:
ISAKMP:(0:1:SW:1):beginning Quick Mode exchange, M-ID of 1792755294
*Mar 1 01:45:37.487:
ISAKMP:(0:1:SW:1): sending packet to 200.200.1.2 my_port 500 peer_port 500 (I)
QM_IDLE
*Mar 1 01:45:37.491:
ISAKMP:(0:1:SW:1):Node 1792755294, Input = IKE_MESG_INTERNAL, IKE_INIT_QM
*Mar 1 01:45:37.491:
ISAKMP:(0:1:SW:1):Old State = IKE_QM_READY
New State = IKE_QM_I_QM1
*Mar 1 01:45:37.495:
ISAKMP:(0:1:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
*Mar 1 01:45:37.499:
ISAKMP:(0:1:SW:1):Old State = IKE_P1_COMPLETE
New State = IKE_P1_COMPLETE
*Mar 1 01:45:37.687:
ISAKMP (0:134217729): received packet from 200.200.1.2 dport 500 sport 500
Global (I) QM_IDLE
*Mar 1 01:45:37.699:
ISAKMP:(0:1:SW:1): processing HASH payload. message ID = 1792755294
*Mar 1 01:45:37.703:
ISAKMP:(0:1:SW:1): processing SA payload. message ID = 1792755294
*Mar 1 01:45:37.707:
ISAKMP:(0:1:SW:1):Checking IPSec proposal 1
*Mar 1 01:45:37.707:
ISAKMP: transform 1, ESP_AES
*Mar 1 01:45:37.707:
ISAKMP: attributes in transform:
*Mar 1 01:45:37.711:
ISAKMP: encaps is 1 (Tunnel)
*Mar 1 01:45:37.711:
ISAKMP: SA life type in seconds
*Mar 1 01:45:37.715:
ISAKMP: SA life duration (basic) of
3600
*Mar 1 01:45:37.715:
ISAKMP: SA life type in kilobytes
*Mar 1 01:45:37.719:
ISAKMP: SA life duration (VPI)
of 0x0 0x46 0x50 0x0
*Mar 1 01:45:37.723:
ISAKMP: authenticator is HMAC-SHA
*Mar 1 01:45:37.723:
ISAKMP: key length is 128
*Mar 1 01:45:37.727:
ISAKMP:(0:1:SW:1):atts are acceptable.
*Mar 1 01:45:37.735:
ISAKMP:(0:1:SW:1): processing NONCE payload. message ID = 1792755294
*Mar 1 01:45:37.739:
ISAKMP:(0:1:SW:1): processing ID payload. message ID = 1792755294
*Mar 1 01:45:37.739:
ISAKMP:(0:1:SW:1): processing ID payload. message ID = 1792755294
*Mar 1 01:45:37.759:
ISAKMP: Locking peer struct 0x64946CF0, IPSEC refcount 1 for for stuff_ke
*Mar 1 01:45:37.763:
ISAKMP:(0:1:SW:1): Creating IPSec SAs
*Mar 1
01:45:37.767: inbound SA from
200.200.1.2 to 100.100.1.2 (f/i) 0/ 0
(proxy
192.168.10.0 to 172.16.10.0)
*Mar 1
01:45:37.771: has spi 0x961E59E3
and conn_id 0 and flags 2
*Mar 1
01:45:37.771: lifetime of 3600
seconds
*Mar 1
01:45:37.779: lifetime of 4608000
kilobytes
*Mar 1
01:45:37.779: has client flags
0x0
*Mar 1
01:45:37.779: outbound SA from 100.100.1.2
to 200.200.1.2 (f/i) 0/0
(proxy
172.16.10.0 to 192.168.10.0)
*Mar 1
01:45:37.783: has spi -1471896333
and conn_id 0 and flags A
*Mar 1
01:45:37.791: lifetime of 3600
seconds
*Mar 1
01:45:37.791: lifetime of 4608000
kilobytes
*Mar 1
01:45:37.791: has client flags
0x0
*Mar 1 01:45:37.799:
ISAKMP:(0:1:SW:1): sending packet to 200.200.1.2 my_port 500 peer_port 500 (I)
QM_IDLE
*Mar 1 01:45:37.803:
ISAKMP:(0:1:SW:1):deleting node 1792755294 error FALSE reason "No
Error"
*Mar 1 01:45:37.807:
ISAKMP:(0:1:SW:1):Node 1792755294, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
*Mar 1 01:45:37.811:
ISAKMP:(0:1:SW:1):Old State = IKE_QM_I_QM1
New State = IKE_QM_PHASE2_COMPLETE
*Mar 1 01:45:37.827:
ISAKMP: Locking peer struct 0x64946CF0, IPSEC refcount 2 for from
create_transforms
*Mar 1 01:45:37.831:
ISAKMP: Unlocking IPSEC struct 0x64946CF0 from create_transforms, count 1
HQ#
No comments:
Post a Comment