Tuesday, October 16, 2012

view VPN session form messages



 "What is VPN IPsec and how they work together"

HQ#
*Mar  1 01:45:36.431: ISAKMP: received ke message (1/1)
*Mar  1 01:45:36.435: ISAKMP:(0:0:N/A:0): SA request profile is (NULL)   >> "Requesting profile"
*Mar  1 01:45:36.439: ISAKMP: Created a peer struct for 200.200.1.2, peer port 500  >> creating new peer, ISAKMP port 500
*Mar  1 01:45:36.439: ISAKMP: New peer created peer = 0x64946CF0 peer_handle = 0x80000002
*Mar  1 01:45:36.443: ISAKMP: Locking peer struct 0x64946CF0, IKE refcount 1 for isakmp_initiator
*Mar  1 01:45:36.447: ISAKMP: local port 500, remote port 500
*Mar  1 01:45:36.447: ISAKMP: set new node 0 to QM_IDLE
*Mar  1 01:45:36.451: insert sa successfully sa = 655EB81C
*Mar  1 01:45:36.455: ISAKMP:(0:0:N/A:0):Can not start Aggressive mode, trying Main mode.
*Mar  1 01:45:36.455: ISAKMP:(0:0:N/A:0):Looking for a matching key for 200.200.1.2 in default
*Mar  1 01:45:36.459: ISAKMP:(0:0:N/A:0): : success
*Mar  1 01:45:36.459: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 200.200.1.2
*Mar  1 01:45:36.467: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-07 ID   >> creating NAT Transparence tunnel
*Mar
HQ# 1 01:45:36.467: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-03 ID
*Mar  1 01:45:36.471: ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-02 ID
*Mar  1 01:45:36.471: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
*Mar  1 01:45:36.475: ISAKMP:(0:0:N/A:0):Old State = IKE_READY  New State = IKE_I_MM1  >> IKE phase is ready (Sending packet no 1)

*Mar  1 01:45:36.479: ISAKMP:(0:0:N/A:0): beginning Main Mode exchange
*Mar  1 01:45:36.483: ISAKMP:(0:0:N/A:0): sending packet to 200.200.1.2 my_port 500 peer_port 500 (I) MM_NO_STATE  >> sending packet
*Mar  1 01:45:36.715: ISAKMP (0:0): received packet from 200.200.1.2 dport 500 sport 500 Global (I) MM_NO_STATE   >> Receiving Packet
*Mar  1 01:45:36.731: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Mar  1 01:45:36.735: ISAKMP:(0:0:N/A:0):Old State = IKE_I_MM1  New State = IKE_I_MM2   >> Move into IKE phase 1 to IKE Phase 2 (Still in IKE Phase 1 and packet no 2)

*Mar
HQ# 1 01:45:36.743: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0
*Mar  1 01:45:36.747: ISAKMP:(0:0:N/A:0): processing vendor id payload
*Mar  1 01:45:36.747: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 245 mismatch
*Mar  1 01:45:36.751: ISAKMP (0:0): vendor ID is NAT-T v7
*Mar  1 01:45:36.755: ISAKMP:(0:0:N/A:0):Looking for a matching key for 200.200.1.2 in default   >> Try to Matching Pre-shared key of remote
*Mar  1 01:45:36.755: ISAKMP:(0:0:N/A:0): : success
*Mar  1 01:45:36.759: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 200.200.1.2  >> Found Pre-Shared Key of Remote
*Mar  1 01:45:36.759: ISAKMP:(0:0:N/A:0): local preshared key found >> matching with own Pre-shared key, success
*Mar  1 01:45:36.767: ISAKMP : Scanning profiles for xauth ...
*Mar  1 01:45:36.767: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 10 policy  >> sending priority 10 policy and checking policy 
*Mar  1 01:45:36.771: ISAKMP:      encryption AES-CBC
*Mar  1 01:45:36.775: ISAKMP:      keylength of 128
*Mar  1 01:45:36.779: ISAKMP:      hash SHA
*Mar  1 01:45:36.779: ISAKMP:      default group 2
*Mar  1 01:45:36.787: ISAKMP:      auth pre-share
*Mar  1 01:45:36.787: ISAKMP:      life type in seconds
*Mar  1 01:45:36.787: ISAKMP:      life duration (VPI) of  0x0 0x1 0x51 0x80
*Mar  1 01:45:36.803: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 0 >> attribute are acceptable
*Mar  1 01:45:36.911: ISAKMP:(0:1:SW:1): processing vendor id payload
*Mar  1 01:45:36.915: ISAKMP:(0:1:SW:1): vendor ID seems Unity/DPD but major 245 mismatch
*Mar  1 01:45:36.915: ISAKMP (0:134217729): vendor ID is NAT-T v7
*Mar  1 01:45:36.915: ISAKMP:(0:1:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Mar  1 01:45:36.915: ISAKMP:(0:1:SW:1):Old State = IKE_I_MM2  New State = IKE_I_MM2

*Mar  1 01:45:36.919: ISAKMP:(0:1:SW:1): sending packet to 200.200.1.2 my_port 500 peer_port 500 (I) MM_SA_SETUP
*Mar  1 01:45:36.923: ISAKMP:(0:1:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Mar  1 01:45:36.923: ISAKMP:(0:1:SW:1):Old State = IKE_I_MM2  New State = IKE_I_MM3

*Mar  1 01:45:37.115: ISAKMP (0:134217729): received packet from 200.200.1.2 dport 500 sport 500 Global (I) MM_SA_SETUP
*Mar  1 01:45:37.123: ISAKMP:(0:1:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Mar  1 01:45:37.123: ISAKMP:(0:1:SW:1):Old State = IKE_I_MM3  New State = IKE_I_MM4

*Mar  1 01:45:37.135: ISAKMP:(0:1:SW:1): processing KE payload. message ID = 0
*Mar  1 01:45:37.239: ISAKMP:(0:1:SW:1): processing NONCE payload. message ID = 0
*Mar  1 01:45:37.239: ISAKMP:(0:0:N/A:0):Looking for a matching key for 200.200.1.2 in default
*Mar  1 01:45:37.243: ISAKMP:(0:0:N/A:0): : success
*Mar  1 01:45:37.243: ISAKMP:(0:1:SW:1):found peer pre-shared key matching 200.200.1.2
*Mar  1 01:45:37.247: ISAKMP:(0:1:SW:1):SKEYID state generated
*Mar  1 01:45:37.247: ISAKMP:(0:1:SW:1): processing vendor id payload
*Mar  1 01:45:37.247: ISAKMP:(0:1:SW:1): vendor ID is Unity
*Mar  1 01:45:37.247: ISAKMP:(0:1:SW:1): processing vendor id payload
*Mar  1 01:45:37.247: ISAKMP:(0:1:SW:1): vendor ID is DPD
*Mar  1 01:45:37.247: ISAKMP:(0:1:SW:1): processing vendor id payload
*Mar  1 01:45:37.247: ISAKMP:(0:1:SW:1): speaking to another IOS box!
*Mar  1 01:45:37.247: ISAKMP:(0:1:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Mar  1 01:45:37.247: ISAKMP:(0:1:SW:1):Old State = IKE_I_MM4  New State = IKE_I_MM4

*Mar  1 01:45:37.251: ISAKMP:(0:1:SW:1):Send initial contact
*Mar  1 01:45:37.255: ISAKMP:(0:1:SW:1):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
*Mar  1 01:45:37.255: ISAKMP (0:134217729): ID payload
        next-payload : 8
        type         : 1
        address      : 100.100.1.2
        protocol     : 17
        port         : 500
        length       : 12
*Mar  1 01:45:37.255: ISAKMP:(0:1:SW:1):Total payload length: 12
*Mar  1 01:45:37.263: ISAKMP:(0:1:SW:1): sending packet to 200.200.1.2 my_port 500 peer_port 500 (I) MM_KEY_EXCH
*Mar  1 01:45:37.263: ISAKMP:(0:1:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Mar  1 01:45:37.267: ISAKMP:(0:1:SW:1):Old State = IKE_I_MM4  New State = IKE_I_MM5

*Mar  1 01:45:37.395: ISAKMP (0:134217729): received packet from 200.200.1.2 dport 500 sport 500 Global (I) MM_KEY_EXCH
*Mar  1 01:45:37.403: ISAKMP:(0:1:SW:1): processing ID payload. message ID = 0
*Mar  1 01:45:37.407: ISAKMP (0:134217729): ID payload
        next-payload : 8
        type         : 1
        address      : 200.200.1.2
        protocol     : 17
        port         : 500
        length       : 12
*Mar  1 01:45:37.411: ISAKMP:(0:1:SW:1):: peer matches *none* of the profiles
*Mar  1 01:45:37.415: ISAKMP:(0:1:SW:1): processing HASH payload. message ID = 0
*Mar  1 01:45:37.423: ISAKMP:(0:1:SW:1):SA authentication status:
        authenticated
*Mar  1 01:45:37.423: ISAKMP:(0:1:SW:1):SA has been authenticated with 200.200.1.2
*Mar  1 01:45:37.427: ISAKMP: Trying to insert a peer 100.100.1.2/200.200.1.2/500/,  and inserted successfully 64946CF0.
*Mar  1 01:45:37.431: ISAKMP:(0:1:SW:1):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Mar  1 01:45:37.435: ISAKMP:(0:1:SW:1):Old State = IKE_I_MM5  New State = IKE_I_MM6

*Mar  1 01:45:37.443: ISAKMP:(0:1:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Mar  1 01:45:37.447: ISAKMP:(0:1:SW:1):Old State = IKE_I_MM6  New State = IKE_I_MM6

*Mar  1 01:45:37.459: ISAKMP:(0:1:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Mar  1 01:45:37.459: ISAKMP:(0:1:SW:1):Old State = IKE_I_MM6  New State = IKE_P1_COMPLETE

*Mar  1 01:45:37.471: ISAKMP:(0:1:SW:1):beginning Quick Mode exchange, M-ID of 1792755294
*Mar  1 01:45:37.487: ISAKMP:(0:1:SW:1): sending packet to 200.200.1.2 my_port 500 peer_port 500 (I) QM_IDLE
*Mar  1 01:45:37.491: ISAKMP:(0:1:SW:1):Node 1792755294, Input = IKE_MESG_INTERNAL, IKE_INIT_QM
*Mar  1 01:45:37.491: ISAKMP:(0:1:SW:1):Old State = IKE_QM_READY  New State = IKE_QM_I_QM1
*Mar  1 01:45:37.495: ISAKMP:(0:1:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
*Mar  1 01:45:37.499: ISAKMP:(0:1:SW:1):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

*Mar  1 01:45:37.687: ISAKMP (0:134217729): received packet from 200.200.1.2 dport 500 sport 500 Global (I) QM_IDLE
*Mar  1 01:45:37.699: ISAKMP:(0:1:SW:1): processing HASH payload. message ID = 1792755294
*Mar  1 01:45:37.703: ISAKMP:(0:1:SW:1): processing SA payload. message ID = 1792755294
*Mar  1 01:45:37.707: ISAKMP:(0:1:SW:1):Checking IPSec proposal 1
*Mar  1 01:45:37.707: ISAKMP: transform 1, ESP_AES
*Mar  1 01:45:37.707: ISAKMP:   attributes in transform:
*Mar  1 01:45:37.711: ISAKMP:      encaps is 1 (Tunnel)
*Mar  1 01:45:37.711: ISAKMP:      SA life type in seconds
*Mar  1 01:45:37.715: ISAKMP:      SA life duration (basic) of 3600
*Mar  1 01:45:37.715: ISAKMP:      SA life type in kilobytes
*Mar  1 01:45:37.719: ISAKMP:      SA life duration (VPI) of  0x0 0x46 0x50 0x0
*Mar  1 01:45:37.723: ISAKMP:      authenticator is HMAC-SHA
*Mar  1 01:45:37.723: ISAKMP:      key length is 128
*Mar  1 01:45:37.727: ISAKMP:(0:1:SW:1):atts are acceptable.
*Mar  1 01:45:37.735: ISAKMP:(0:1:SW:1): processing NONCE payload. message ID = 1792755294
*Mar  1 01:45:37.739: ISAKMP:(0:1:SW:1): processing ID payload. message ID = 1792755294
*Mar  1 01:45:37.739: ISAKMP:(0:1:SW:1): processing ID payload. message ID = 1792755294
*Mar  1 01:45:37.759: ISAKMP: Locking peer struct 0x64946CF0, IPSEC refcount 1 for for stuff_ke
*Mar  1 01:45:37.763: ISAKMP:(0:1:SW:1): Creating IPSec SAs
*Mar  1 01:45:37.767:         inbound SA from 200.200.1.2 to 100.100.1.2 (f/i)  0/ 0
        (proxy 192.168.10.0 to 172.16.10.0)
*Mar  1 01:45:37.771:         has spi 0x961E59E3 and conn_id 0 and flags 2
*Mar  1 01:45:37.771:         lifetime of 3600 seconds
*Mar  1 01:45:37.779:         lifetime of 4608000 kilobytes
*Mar  1 01:45:37.779:         has client flags 0x0
*Mar  1 01:45:37.779:         outbound SA from 100.100.1.2 to 200.200.1.2 (f/i) 0/0
        (proxy 172.16.10.0 to 192.168.10.0)
*Mar  1 01:45:37.783:         has spi -1471896333 and conn_id 0 and flags A
*Mar  1 01:45:37.791:         lifetime of 3600 seconds
*Mar  1 01:45:37.791:         lifetime of 4608000 kilobytes
*Mar  1 01:45:37.791:         has client flags 0x0
*Mar  1 01:45:37.799: ISAKMP:(0:1:SW:1): sending packet to 200.200.1.2 my_port 500 peer_port 500 (I) QM_IDLE
*Mar  1 01:45:37.803: ISAKMP:(0:1:SW:1):deleting node 1792755294 error FALSE reason "No Error"
*Mar  1 01:45:37.807: ISAKMP:(0:1:SW:1):Node 1792755294, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
*Mar  1 01:45:37.811: ISAKMP:(0:1:SW:1):Old State = IKE_QM_I_QM1  New State = IKE_QM_PHASE2_COMPLETE
*Mar  1 01:45:37.827: ISAKMP: Locking peer struct 0x64946CF0, IPSEC refcount 2 for from create_transforms
*Mar  1 01:45:37.831: ISAKMP: Unlocking IPSEC struct 0x64946CF0 from create_transforms, count 1
HQ#
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)