Cisco IOS and racoon

From: Lewey Taylor (admin_at_triparish.net)
Date: 07/27/04

  • Next message: Nick Twaddell: "Ipfw config"
    To: freebsd-security@freebsd.org
    Date: Mon, 26 Jul 2004 20:34:58 -0500
    
    

    I am trying to get a tunnel from a cisco 1760 with IOS 12.2.15.t13 to a
    freebsd 4.9 install with racoon. I have package version
    freebsd-20040408a and internal version 20001216 in my log file.

    I posted the full racoon and cisco log below my configs.

    Racoon keeps saying:

    2004-07-26 16:24:03: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
    2004-07-26 16:24:03: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin.
    2004-07-26 16:24:03: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
    nptype=5(id)
    2004-07-26 16:24:03: DEBUG: isakmp.c:1155:isakmp_parsewoh(): invalid
    length of payload

    My Cisco config is:

    <cisco config>

    crypto isakmp policy 1
     encr 3des
     hash md5
     authentication pre-share
     group 2
     lifetime 10000
    crypto isakmp key donttell address 1.1.1.1 no-xauth
    !
    crypto ipsec security-association lifetime seconds 6000
    !
    crypto ipsec transform-set MB esp-3des esp-md5-hmac
    !
    crypto map FreeBSDIPSEC-MAP 1 ipsec-isakmp
     description BBE Map
     set peer 1.1.1.1
     set security-association lifetime seconds 10000
     set transform-set MB
     set pfs group2
     match address 109
    !
    !
    !
    !
    interface FastEthernet0/0
     ip address 10.0.3.1 255.255.255.0
     speed auto
    !
    interface FastEthernet0/0.1
    !
    interface Serial0/0
     ip address 2.2.2.2 255.255.255.252
     service-module t1 timeslots 1-24
     crypto map FreeBSDIPSEC-MAP
    !
    ip default-gateway 2.2.2.3
    ip classless
    ip route 0.0.0.0 0.0.0.0 2.2.2.3
    no ip http server
    no ip http secure-server
    !
    !
    !
    access-list 109 permit ip 10.0.3.0 0.0.0.255 10.0.10.0 0.0.0.255
    access-list 109 permit ip 10.0.10.0 0.0.0.255 10.0.3.0 0.0.0.255

    </cisco config>

    My racoon.conf

    <racoon.conf>

    # $KAME: racoon.conf.in,v 1.18 2001/08/16 06:33:40 itojun Exp $

    # "path" must be placed before it should be used.
    # You can overwrite which you defined, but it should not use due to
    confusing.
    path include "/usr/local/etc/racoon" ;
    #include "remote.conf" ;

    # search this file for pre_shared_key with various ID key.
    path pre_shared_key "/usr/local/etc/racoon/psk.txt" ;

    # racoon will look for certificate file in the directory,
    # if the certificate/certificate request payload is received.
    path certificate "/usr/local/etc/cert" ;

    # "log" specifies logging level. It is followed by either "notify",
    "debug"
    # or "debug2".
    log debug2;

    # "padding" defines some parameter of padding. You should not touch
    these.
    padding
    {
            maximum_length 20; # maximum padding length.
            randomize off; # enable randomize length.
            strict_check off; # enable strict check.
            exclusive_tail off; # extract last one octet.
    }

    # if no listen directive is specified, racoon will listen to all
    # available interface addresses.
    listen
    {
            #isakmp ::1 [7000];
            isakmp 1.1.1.1 [500];
            #admin [7002]; # administrative's port by kmpstat.
            #strict_address; # required all addresses must be bound.
    }

    # Specification of default various timer.
    timer
    {
            # These value can be changed per remote node.
            counter 5; # maximum trying count to send.
            interval 20 sec; # maximum interval to resend.
            persend 1; # the number of packets per a send.

            # timer for waiting to complete each phase.
            phase1 30 sec;
            phase2 15 sec;
    }

    remote anonymous
    {
            #exchange_mode main,aggressive;
            exchange_mode main,base,aggressive;
            doi ipsec_doi;
            #situation identity_only;

            my_identifier user_fqdn "bbedevil";
            peers_identifier user_fqdn "bbeameliarouter";
            nonce_size 16;
            lifetime time 10000 sec;
            initial_contact on;
            support_mip6 on;
            proposal_check obey;

            proposal {
            encryption_algorithm 3des;
            hash_algorithm md5;
            authentication_method pre_shared_key ;
            dh_group 2 ;
            }
    }

            sainfo anonymous
            {
            pfs_group 2;
            lifetime time 10000 sec;
            encryption_algorithm 3des;
            authentication_algorithm hmac_md5;
            compression_algorithm deflate;
            }
    </racoon.conf>

    My spdadd

    <spdadd>
    #! /bin/sh
    #spdadd 1.1.1.1/32[500] 2.2.2.2/32[500] udp -P out none;
    #spdadd 1.1.1.1/32[500] 2.2.2.2/32[500] udp -P out none;
    case "$1" in
    start)
    setkey -F
    setkey -FP
    setkey -c <<EOF
    spdadd 10.0.10.0/24 10.0.3.0/24 ipencap -P out ipsec
    esp/tunnel/1.1.1.1-2.2.2.2/require;
    spdadd 10.0.3.0/24 10.0.1.0/24 ipencap -P in ipsec
    esp/tunnel/2.2.2.2-1.1.1.1/require;
    EOF
            ;;
    stop)
            setkey -F
            setkey -FP
            ;;
    *)
            echo "Usage: `basename $0` {start|stop}" >&2
            ;;
    esac
    exit 0

    </spdadd>

    My racoon error.log

    <racoon.log>
    2004-07-26 16:23:15: INFO: main.c:172:main(): @(#)package version
    freebsd-20040408a
    2004-07-26 16:23:15: INFO: main.c:174:main(): @(#)internal version
    20001216 sakane@kame.net
    2004-07-26 16:23:15: INFO: main.c:175:main(): @(#)This product linked
    OpenSSL 0.9.7d 17 Mar 2004 (http://www.openssl.org/)
    2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <3>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:179:yylex(): begin <11>padding
    2004-07-26 16:23:15: DEBUG2: cftoken.l:183:yylex(): <11>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <11>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <11>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:181:yylex(): <11>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:286:yylex(): <11>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <11>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:184:yylex(): <11>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:286:yylex(): <11>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <11>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:185:yylex(): <11>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:286:yylex(): <11>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <11>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <3>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <3>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:189:yylex(): begin <13>listen
    2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <13>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:191:yylex(): <13>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:435:yylex(): <13>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:299:yylex(): <13>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <13>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <13>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <3>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:197:yylex(): begin <15>timer
    2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <15>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:199:yylex(): <15>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <15>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <15>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:200:yylex(): <15>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <15>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:379:yylex(): <15>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <15>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:201:yylex(): <15>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <15>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <15>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <15>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:202:yylex(): <15>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <15>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:379:yylex(): <15>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:203:yylex(): <15>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <15>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:379:yylex(): <15>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:228:yylex(): begin <25>remote
    2004-07-26 16:23:15: DEBUG2: cftoken.l:229:yylex(): <25>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <27>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:233:yylex(): <27>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:236:yylex(): <27>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:234:yylex(): <27>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:235:yylex(): <27>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:234:yylex(): <27>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:237:yylex(): <27>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:238:yylex(): <27>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:239:yylex(): <27>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:474:yylex(): <27>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:245:yylex(): <27>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:367:yylex(): <27>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:420:yylex(): <27>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:246:yylex(): <27>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:367:yylex(): <27>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:420:yylex(): <27>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:256:yylex(): <27>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <27>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:268:yylex(): <27>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:269:yylex(): <27>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <27>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:379:yylex(): <27>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:260:yylex(): <27>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:285:yylex(): <27>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:258:yylex(): <27>
    2004-07-26 16:23:15: WARNING: cftoken.l:514:yywarn():
    /usr/local/etc/racoon/racoon.conf:63: "support_mip6" it is obsoleted.
    use "support_proxy".
    2004-07-26 16:23:15: DEBUG2: cftoken.l:285:yylex(): <27>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:261:yylex(): <27>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:262:yylex(): <27>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:272:yylex(): begin <29>proposal
    2004-07-26 16:23:15: DEBUG2: cftoken.l:278:yylex(): <29>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:319:yylex(): <29>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:280:yylex(): <29>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:339:yylex(): <29>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:279:yylex(): <29>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:358:yylex(): <29>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:281:yylex(): <29>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <29>
    2004-07-26 16:23:15: DEBUG2: cfparse.y:1247:set_isakmp_proposal():
    lifetime = 10000
    2004-07-26 16:23:15: DEBUG2: cfparse.y:1250:set_isakmp_proposal():
    lifebyte = 0
    2004-07-26 16:23:15: DEBUG2: cfparse.y:1253:set_isakmp_proposal():
    encklen=0
    2004-07-26 16:23:15: DEBUG2: cfparse.y:1316:expand_isakmpspec(): p:1 t:1
    2004-07-26 16:23:15: DEBUG2: cfparse.y:1320:expand_isakmpspec():
    3DES-CBC(5)
    2004-07-26 16:23:15: DEBUG2: cfparse.y:1320:expand_isakmpspec(): MD5(1)
    2004-07-26 16:23:15: DEBUG2: cfparse.y:1320:expand_isakmpspec():
    1024-bit MODP group(2)
    2004-07-26 16:23:15: DEBUG2: cfparse.y:1320:expand_isakmpspec():
    pre-shared key(1)
    2004-07-26 16:23:15: DEBUG2: cfparse.y:1327:expand_isakmpspec():
    2004-07-26 16:23:15: DEBUG: algorithm.c:614:alg_oakley_dhdef():
    hmac(modp1024)
    2004-07-26 16:23:15: DEBUG2: cftoken.l:207:yylex(): begin <21>sainfo
    2004-07-26 16:23:15: DEBUG2: cftoken.l:208:yylex(): <21>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:216:yylex(): <23>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <23>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:219:yylex(): <23>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:220:yylex(): <23>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:390:yylex(): <23>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:379:yylex(): <23>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:222:yylex(): <23>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:319:yylex(): <23>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:223:yylex(): <23>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:332:yylex(): <23>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:224:yylex(): <23>
    2004-07-26 16:23:15: DEBUG2: cftoken.l:346:yylex(): <23>
    2004-07-26 16:23:15: DEBUG: pfkey.c:2379:pk_checkalg(): compression
    algorithm can not be checked because sadb message doesn't support it.
    2004-07-26 16:23:15: DEBUG2: cfparse.y:1429:cfparse(): parse successed.
    2004-07-26 16:23:15: INFO: isakmp.c:1368:isakmp_open(): 1.1.1.1[500]
    used as isakmp port (fd=5)
    2004-07-26 16:23:15: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey
    X_SPDDUMP message
    2004-07-26 16:23:15: DEBUG2: plog.c:193:plogdump():
    02120000 0f000100 01000000 0f020000 03000500 04180000 10020000 0a000300
    00000000 00000000 03000600 04180000 10020000 0a000100 00000000 00000000
    07001200 02000100 02000000 00000000 28003200 02020000 10020000 43203c92
    00000000 00000000 10020000 43203c36 00000000 00000000
    2004-07-26 16:23:15: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey
    X_SPDDUMP message
    2004-07-26 16:23:15: DEBUG2: plog.c:193:plogdump():
    02120000 0f000100 00000000 0f020000 03000500 04180000 10020000 0a000a00
    00000000 00000000 03000600 04180000 10020000 0a000300 00000000 00000000
    07001200 02000200 01000000 00000000 28003200 02020000 10020000 43203c36
    00000000 00000000 10020000 43203c92 00000000 00000000
    2004-07-26 16:23:15: DEBUG: policy.c:184:cmpspidxstrict():
    sub:0xbfbff9b8: 10.0.10.0/24[0] 10.0.3.0/24[0] proto=4 dir=out
    2004-07-26 16:23:15: DEBUG: policy.c:185:cmpspidxstrict(): db
    :0x80a2c08: 10.0.3.0/24[0] 10.0.1.0/24[0] proto=4 dir=in
    2004-07-26 16:23:22: DEBUG: isakmp.c:233:isakmp_handler(): ===
    2004-07-26 16:23:22: DEBUG: isakmp.c:234:isakmp_handler(): 120 bytes
    message received from 2.2.2.2[500]
    2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
    77260cb1 24e74d13 00000000 00000000 01100200 00000000 00000078 0d000034
    00000001 00000001 00000028 01010001 00000020 01010000 80010005 80020001
    80040002 80030001 800b0001 800c2710 0d000014 7d9419a6 5310ca6f 2c179d92
    15529d56 00000014 90cb8091 3ebb696e 086381b5 ec427b1f
    2004-07-26 16:23:22: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
    2004-07-26 16:23:22: DEBUG: remoteconf.c:129:getrmconf(): anonymous
    configuration selected for 2.2.2.2[500].
    2004-07-26 16:23:22: DEBUG: isakmp.c:899:isakmp_ph1begin_r(): ===
    2004-07-26 16:23:22: INFO: isakmp.c:904:isakmp_ph1begin_r(): respond new
    phase 1 negotiation: 1.1.1.1[500]<=>2.2.2.2[500]
    2004-07-26 16:23:22: INFO: isakmp.c:909:isakmp_ph1begin_r(): begin
    Identity Protection mode.
    2004-07-26 16:23:22: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin.
    2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
    nptype=1(sa)
    2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
    nptype=13(vid)
    2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
    nptype=13(vid)
    2004-07-26 16:23:22: DEBUG: isakmp.c:1188:isakmp_parsewoh(): succeed.
    2004-07-26 16:23:22: DEBUG: vendorid.c:137:check_vendorid(): received
    unknown Vendor ID
    2004-07-26 16:23:22: DEBUG: vendorid.c:137:check_vendorid(): received
    unknown Vendor ID
    2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1117:get_proppair(): total SA
    len=48
    2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
    00000001 00000001 00000028 01010001 00000020 01010000 80010005 80020001
    80040002 80030001 800b0001 800c2710
    2004-07-26 16:23:22: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin.
    2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
    nptype=2(prop)
    2004-07-26 16:23:22: DEBUG: isakmp.c:1188:isakmp_parsewoh(): succeed.
    2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1170:get_proppair(): proposal #1
    len=40
    2004-07-26 16:23:22: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin.
    2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
    nptype=3(trns)
    2004-07-26 16:23:22: DEBUG: isakmp.c:1188:isakmp_parsewoh(): succeed.
    2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1311:get_transform(): transform
    #1 len=32
    2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1870:check_attr_isakmp():
    type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
    2004-07-26 16:23:22: DEBUG: algorithm.c:386:alg_oakley_encdef():
    encription(3des)
    2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1870:check_attr_isakmp():
    type=Hash Algorithm, flag=0x8000, lorv=MD5
    2004-07-26 16:23:22: DEBUG: algorithm.c:256:alg_oakley_hashdef():
    hash(md5)
    2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1870:check_attr_isakmp():
    type=Group Description, flag=0x8000, lorv=1024-bit MODP group
    2004-07-26 16:23:22: DEBUG: algorithm.c:614:alg_oakley_dhdef():
    hmac(modp1024)
    2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1870:check_attr_isakmp():
    type=Authentication Method, flag=0x8000, lorv=pre-shared key
    2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1870:check_attr_isakmp():
    type=Life Type, flag=0x8000, lorv=seconds
    2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1870:check_attr_isakmp():
    type=Life Duration, flag=0x8000, lorv=10000
    2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1213:get_proppair(): pair 1:
    2004-07-26 16:23:22: DEBUG: proposal.c:895:print_proppair0():
    0x80a8dd0: next=0x0 tnext=0x0
    2004-07-26 16:23:22: DEBUG: ipsec_doi.c:1248:get_proppair(): proposal
    #1: 1 transform
    2004-07-26 16:23:22: DEBUG: ipsec_doi.c:322:get_ph1approvalx(): prop#=1,
    prot-id=ISAKMP, spi-size=0, #trns=1
    2004-07-26 16:23:22: DEBUG: ipsec_doi.c:327:get_ph1approvalx(): trns#=1,
    trns-id=IKE
    2004-07-26 16:23:22: DEBUG: ipsec_doi.c:491:t2isakmpsa():
    type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
    2004-07-26 16:23:22: DEBUG: ipsec_doi.c:491:t2isakmpsa(): type=Hash
    Algorithm, flag=0x8000, lorv=MD5
    2004-07-26 16:23:22: DEBUG: ipsec_doi.c:491:t2isakmpsa(): type=Group
    Description, flag=0x8000, lorv=1024-bit MODP group
    2004-07-26 16:23:22: DEBUG: ipsec_doi.c:491:t2isakmpsa():
    type=Authentication Method, flag=0x8000, lorv=pre-shared key
    2004-07-26 16:23:22: DEBUG: ipsec_doi.c:491:t2isakmpsa(): type=Life
    Type, flag=0x8000, lorv=seconds
    2004-07-26 16:23:22: DEBUG: ipsec_doi.c:491:t2isakmpsa(): type=Life
    Duration, flag=0x8000, lorv=10000
    2004-07-26 16:23:22: DEBUG: ipsec_doi.c:338:get_ph1approvalx():
    Compared: DB:Peer
    2004-07-26 16:23:22: DEBUG: ipsec_doi.c:339:get_ph1approvalx():
    (lifetime = 10000:10000)
    2004-07-26 16:23:22: DEBUG: ipsec_doi.c:341:get_ph1approvalx():
    (lifebyte = 0:0)
    2004-07-26 16:23:22: DEBUG: ipsec_doi.c:343:get_ph1approvalx(): enctype
    = 3DES-CBC:3DES-CBC
    2004-07-26 16:23:22: DEBUG: ipsec_doi.c:348:get_ph1approvalx(): (encklen
    = 0:0)
    2004-07-26 16:23:22: DEBUG: ipsec_doi.c:350:get_ph1approvalx(): hashtype
    = MD5:MD5
    2004-07-26 16:23:22: DEBUG: ipsec_doi.c:355:get_ph1approvalx():
    authmethod = pre-shared key:pre-shared key
    2004-07-26 16:23:22: DEBUG: ipsec_doi.c:360:get_ph1approvalx(): dh_group
    = 1024-bit MODP group:1024-bit MODP group
    2004-07-26 16:23:22: DEBUG: ipsec_doi.c:248:get_ph1approval(): an
    acceptable proposal found.
    2004-07-26 16:23:22: DEBUG: algorithm.c:614:alg_oakley_dhdef():
    hmac(modp1024)
    2004-07-26 16:23:22: DEBUG: isakmp.c:2006:isakmp_newcookie(): new
    cookie:
    e352ee142f02e4f2
    2004-07-26 16:23:22: DEBUG: isakmp.c:2130:set_isakmp_payload_c(): add
    payload of len 48, next type 1
    2004-07-26 16:23:22: DEBUG: isakmp.c:2130:set_isakmp_payload_c(): add
    payload of len 16, next type 13
    2004-07-26 16:23:22: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
    2004-07-26 16:23:22: DEBUG: sockmisc.c:421:sendfromto(): sockname
    1.1.1.1[500]
    2004-07-26 16:23:22: DEBUG: sockmisc.c:423:sendfromto(): send packet
    from 1.1.1.1[500]
    2004-07-26 16:23:22: DEBUG: sockmisc.c:425:sendfromto(): send packet to
    2.2.2.2[500]
    2004-07-26 16:23:22: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 100
    bytes message will be sent to 2.2.2.2[500]
    2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
    77260cb1 24e74d13 e352ee14 2f02e4f2 01100200 00000000 00000064 0d000034
    00000001 00000001 00000028 01010001 00000020 01010000 80010005 80020001
    80040002 80030001 800b0001 800c2710 00000014 7003cbc1 097dbe9c 2600ba69
    83bc8b35
    2004-07-26 16:23:22: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend
    phase1 packet 77260cb124e74d13:e352ee142f02e4f2
    2004-07-26 16:23:22: DEBUG: isakmp.c:233:isakmp_handler(): ===
    2004-07-26 16:23:22: DEBUG: isakmp.c:234:isakmp_handler(): 256 bytes
    message received from 2.2.2.2[500]
    2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
    77260cb1 24e74d13 e352ee14 2f02e4f2 04100200 00000000 00000100 0a000084
    7cda6ebd d8f6e21d 3d39cbc5 52a3e564 d119a7cf c16164a3 cbfee711 2f40edb3
    3d234f52 a66b11ac 57374d1c ab1c658d 1f1aa6c3 0fa6e476 3bd5f898 5ae8836b
    1d7117e2 55186f70 462fadc7 0c71a9f4 445da4e7 92a3aee8 30293d7a 98a9cdcf
    e8b367c6 0133fc87 75b708e4 7cf6afba 47ec96e6 30ab0f33 3fd05435 0d54ecff
    0d000018 5dfca701 956f4c3b 22b474e9 8c80ac6a ca6bb414 0d000014 12f5f28c
    457168a9 702d9fe2 74cc0100 0d000014 afcad713 68a1f1c9 6b8696fc 77570100
    0d000014 82e1abac 24e64d13 946773ca 77f7fe51 0000000c 09002689 dfd6b712
    2004-07-26 16:23:22: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
    2004-07-26 16:23:22: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin.
    2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
    nptype=4(ke)
    2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
    nptype=10(nonce)
    2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
    nptype=13(vid)
    2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
    nptype=13(vid)
    2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
    nptype=13(vid)
    2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
    nptype=13(vid)
    2004-07-26 16:23:22: DEBUG: isakmp.c:1188:isakmp_parsewoh(): succeed.
    2004-07-26 16:23:22: DEBUG: vendorid.c:137:check_vendorid(): received
    unknown Vendor ID
    2004-07-26 16:23:22: DEBUG: vendorid.c:137:check_vendorid(): received
    unknown Vendor ID
    2004-07-26 16:23:22: DEBUG: vendorid.c:137:check_vendorid(): received
    unknown Vendor ID
    2004-07-26 16:23:22: DEBUG: vendorid.c:137:check_vendorid(): received
    unknown Vendor ID
    2004-07-26 16:23:22: DEBUG: isakmp.c:633:ph1_main(): ===
    2004-07-26 16:23:22: DEBUG: oakley.c:300:oakley_dh_generate(): compute
    DH's private.
    2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
    5cb32b6c 3e9febc3 cb777a15 eb049ce2 af60588b e214f80a 4d66df7b 1b5a26fc
    766653b1 003fa259 d79a535c f058b6b8 d538319e abf71adf 02581d58 d73a1f51
    c1a2b67a 9c6679b1 5b8b7850 63cbfdd0 f9639b97 35f96eef d1a8ee09 c8601300
    a0d62f2d bf777d05 4e23592a e7995311 ac35184f b09dac2f ecb4b1a0 c1661e3b
    2004-07-26 16:23:22: DEBUG: oakley.c:302:oakley_dh_generate(): compute
    DH's public.
    2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
    5dac51d5 9e392b0c e6498701 05274556 d0c674e7 b348619f 85fb1e81 8580c8ff
    bc068150 28759450 a7b0d15c 418eb074 85e64c7b fc4eea90 763cdc0c 596a2a4a
    730016b9 1e4888aa b7bc8004 a90ffc90 75d22d09 459100d3 42c61c7c e0e28fa6
    071c6baa a649db63 6fa65ad7 1f3fe91c aee336f0 ad18dcc5 352a6e0b 22e40dde
    2004-07-26 16:23:22: DEBUG: isakmp.c:2130:set_isakmp_payload_c(): add
    payload of len 128, next type 4
    2004-07-26 16:23:22: DEBUG: isakmp.c:2130:set_isakmp_payload_c(): add
    payload of len 16, next type 10
    2004-07-26 16:23:22: DEBUG: isakmp.c:2130:set_isakmp_payload_c(): add
    payload of len 16, next type 13
    2004-07-26 16:23:22: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
    2004-07-26 16:23:22: DEBUG: sockmisc.c:421:sendfromto(): sockname
    1.1.1.1[500]
    2004-07-26 16:23:22: DEBUG: sockmisc.c:423:sendfromto(): send packet
    from 1.1.1.1[500]
    2004-07-26 16:23:22: DEBUG: sockmisc.c:425:sendfromto(): send packet to
    2.2.2.2[500]
    2004-07-26 16:23:22: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 200
    bytes message will be sent to 2.2.2.2[500]
    2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
    77260cb1 24e74d13 e352ee14 2f02e4f2 04100200 00000000 000000c8 0a000084
    5dac51d5 9e392b0c e6498701 05274556 d0c674e7 b348619f 85fb1e81 8580c8ff
    bc068150 28759450 a7b0d15c 418eb074 85e64c7b fc4eea90 763cdc0c 596a2a4a
    730016b9 1e4888aa b7bc8004 a90ffc90 75d22d09 459100d3 42c61c7c e0e28fa6
    071c6baa a649db63 6fa65ad7 1f3fe91c aee336f0 ad18dcc5 352a6e0b 22e40dde
    0d000014 fcdeb51e a872e9f3 32fb0b9d 20262525 00000014 7003cbc1 097dbe9c
    2600ba69 83bc8b35
    2004-07-26 16:23:22: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend
    phase1 packet 77260cb124e74d13:e352ee142f02e4f2
    2004-07-26 16:23:22: DEBUG: oakley.c:250:oakley_dh_compute(): compute
    DH's shared.
    2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
    c21a9cbd 3ae743af 5f192a54 cd8dfc36 9c52f78b 46034118 40cddd67 bac653c7
    83d6eaa7 6a932acf 159aa5ce 539771ba be3758e7 c30d3144 d504590d 23d78696
    aec8dd1a 63644f4a 97a634ba 3cdd9e16 d6d24d0c dbac61ef 43bf6bd8 0a8fb60c
    84e7f5b6 07924df2 fbc791e2 1ee817be e1f284d7 a91f389e 534e4378 87bae3ca
    2004-07-26 16:23:22: DEBUG: oakley.c:2104:oakley_skeyid(): the psk
    found.
    2004-07-26 16:23:22: DEBUG2: oakley.c:2106:oakley_skeyid(): psk:
    2004-07-26 16:23:22: DEBUG2: plog.c:193:plogdump():
    646f6e74 74656c6c 09
    2004-07-26 16:23:22: DEBUG: oakley.c:2119:oakley_skeyid(): nonce 1:
    2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
    5dfca701 956f4c3b 22b474e9 8c80ac6a ca6bb414
    2004-07-26 16:23:22: DEBUG: oakley.c:2125:oakley_skeyid(): nonce 2:
    2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
    fcdeb51e a872e9f3 32fb0b9d 20262525
    2004-07-26 16:23:22: DEBUG: algorithm.c:326:alg_oakley_hmacdef():
    hmac(hmac_md5)
    2004-07-26 16:23:22: DEBUG: oakley.c:2178:oakley_skeyid(): SKEYID
    computed:
    2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
    db29fe9b 5653409a 8fcdf873 bc86a047
    2004-07-26 16:23:22: DEBUG: algorithm.c:326:alg_oakley_hmacdef():
    hmac(hmac_md5)
    2004-07-26 16:23:22: DEBUG: oakley.c:2235:oakley_skeyid_dae(): SKEYID_d
    computed:
    2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
    2a646ff0 3bc34de2 25fd5ddf 0757a73e
    2004-07-26 16:23:22: DEBUG: algorithm.c:326:alg_oakley_hmacdef():
    hmac(hmac_md5)
    2004-07-26 16:23:22: DEBUG: oakley.c:2264:oakley_skeyid_dae(): SKEYID_a
    computed:
    2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
    7de0c436 ec679d9e db8a7a5d 27d24b5a
    2004-07-26 16:23:22: DEBUG: algorithm.c:326:alg_oakley_hmacdef():
    hmac(hmac_md5)
    2004-07-26 16:23:22: DEBUG: oakley.c:2293:oakley_skeyid_dae(): SKEYID_e
    computed:
    2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
    db9aa285 c2e8a677 7ccad205 6c715386
    2004-07-26 16:23:22: DEBUG: algorithm.c:386:alg_oakley_encdef():
    encription(3des)
    2004-07-26 16:23:22: DEBUG: algorithm.c:256:alg_oakley_hashdef():
    hash(md5)
    2004-07-26 16:23:22: DEBUG: oakley.c:2362:oakley_compute_enckey():
    len(SKEYID_e) < len(Ka) (16 < 24), generating long key (Ka = K1 | K2 |
    ...)
    2004-07-26 16:23:22: DEBUG: algorithm.c:326:alg_oakley_hmacdef():
    hmac(hmac_md5)
    2004-07-26 16:23:22: DEBUG: oakley.c:2387:oakley_compute_enckey():
    compute intermediate encryption key K1
    2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
    00
    2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
    26608024 059a46b0 628febfe 8c7346ef
    2004-07-26 16:23:22: DEBUG: algorithm.c:326:alg_oakley_hmacdef():
    hmac(hmac_md5)
    2004-07-26 16:23:22: DEBUG: oakley.c:2387:oakley_compute_enckey():
    compute intermediate encryption key K2
    2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
    26608024 059a46b0 628febfe 8c7346ef
    2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
    df13ef04 7d56da3e 206d090d afd4883b
    2004-07-26 16:23:22: DEBUG: oakley.c:2435:oakley_compute_enckey(): final
    encryption key computed:
    2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
    26608024 059a46b0 628febfe 8c7346ef df13ef04 7d56da3e
    2004-07-26 16:23:22: DEBUG: algorithm.c:256:alg_oakley_hashdef():
    hash(md5)
    2004-07-26 16:23:22: DEBUG: algorithm.c:386:alg_oakley_encdef():
    encription(3des)
    2004-07-26 16:23:22: DEBUG: oakley.c:2546:oakley_newiv(): IV computed:
    2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
    8ee7499c 701de062
    2004-07-26 16:23:22: DEBUG: isakmp.c:233:isakmp_handler(): ===
    2004-07-26 16:23:22: DEBUG: isakmp.c:234:isakmp_handler(): 92 bytes
    message received from 2.2.2.2[500]
    2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
    77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c bb8f2217
    02104944 c9cfc9d8 49cacdf0 02f41bfa 77bdde66 2366bc28 4d3cd75b b7857b3d
    8a00929b 20137047 433a2951 2f560ab3 4e3fa11b 613146f4 eb71529f
    2004-07-26 16:23:22: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
    2004-07-26 16:23:22: DEBUG: oakley.c:2666:oakley_do_decrypt(): begin
    decryption.
    2004-07-26 16:23:22: DEBUG: algorithm.c:386:alg_oakley_encdef():
    encription(3des)
    2004-07-26 16:23:22: DEBUG: oakley.c:2680:oakley_do_decrypt(): IV was
    saved for next processing:
    2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
    613146f4 eb71529f
    2004-07-26 16:23:22: DEBUG: algorithm.c:386:alg_oakley_encdef():
    encription(3des)
    2004-07-26 16:23:22: DEBUG: oakley.c:2705:oakley_do_decrypt(): with key:
    2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
    26608024 059a46b0 628febfe 8c7346ef df13ef04 7d56da3e
    2004-07-26 16:23:22: DEBUG: oakley.c:2713:oakley_do_decrypt(): decrypted
    payload by IV:
    2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
    613146f4 eb71529f
    2004-07-26 16:23:22: DEBUG: oakley.c:2716:oakley_do_decrypt(): decrypted
    payload, but not trimed.
    2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
    2b7aada3 390dbdf3 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558
    ea21c6cf 684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7
    2004-07-26 16:23:22: DEBUG: oakley.c:2725:oakley_do_decrypt(): padding
    len=167
    2004-07-26 16:23:22: DEBUG: oakley.c:2739:oakley_do_decrypt(): skip to
    trim padding.
    2004-07-26 16:23:22: DEBUG: oakley.c:2754:oakley_do_decrypt():
    decrypted.
    2004-07-26 16:23:22: DEBUG: plog.c:193:plogdump():
    77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c 2b7aada3
    390dbdf3 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558 ea21c6cf
    684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7
    2004-07-26 16:23:22: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
    2004-07-26 16:23:22: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin.
    2004-07-26 16:23:22: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
    nptype=5(id)
    2004-07-26 16:23:22: DEBUG: isakmp.c:1155:isakmp_parsewoh(): invalid
    length of payload
    2004-07-26 16:23:32: DEBUG: isakmp.c:233:isakmp_handler(): ===
    2004-07-26 16:23:32: DEBUG: isakmp.c:234:isakmp_handler(): 92 bytes
    message received from 2.2.2.2[500]
    2004-07-26 16:23:32: DEBUG: plog.c:193:plogdump():
    77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c bb8f2217
    02104944 c9cfc9d8 49cacdf0 02f41bfa 77bdde66 2366bc28 4d3cd75b b7857b3d
    8a00929b 20137047 433a2951 2f560ab3 4e3fa11b 613146f4 eb71529f
    2004-07-26 16:23:32: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
    2004-07-26 16:23:32: DEBUG: oakley.c:2666:oakley_do_decrypt(): begin
    decryption.
    2004-07-26 16:23:32: DEBUG: algorithm.c:386:alg_oakley_encdef():
    encription(3des)
    2004-07-26 16:23:32: DEBUG: oakley.c:2680:oakley_do_decrypt(): IV was
    saved for next processing:
    2004-07-26 16:23:32: DEBUG: plog.c:193:plogdump():
    613146f4 eb71529f
    2004-07-26 16:23:32: DEBUG: algorithm.c:386:alg_oakley_encdef():
    encription(3des)
    2004-07-26 16:23:32: DEBUG: oakley.c:2705:oakley_do_decrypt(): with key:
    2004-07-26 16:23:32: DEBUG: plog.c:193:plogdump():
    26608024 059a46b0 628febfe 8c7346ef df13ef04 7d56da3e
    2004-07-26 16:23:32: DEBUG: oakley.c:2713:oakley_do_decrypt(): decrypted
    payload by IV:
    2004-07-26 16:23:32: DEBUG: plog.c:193:plogdump():
    613146f4 eb71529f
    2004-07-26 16:23:32: DEBUG: oakley.c:2716:oakley_do_decrypt(): decrypted
    payload, but not trimed.
    2004-07-26 16:23:32: DEBUG: plog.c:193:plogdump():
    c4aca2cb a2610f0e 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558
    ea21c6cf 684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7
    2004-07-26 16:23:32: DEBUG: oakley.c:2725:oakley_do_decrypt(): padding
    len=167
    2004-07-26 16:23:32: DEBUG: oakley.c:2739:oakley_do_decrypt(): skip to
    trim padding.
    2004-07-26 16:23:32: DEBUG: oakley.c:2754:oakley_do_decrypt():
    decrypted.
    2004-07-26 16:23:32: DEBUG: plog.c:193:plogdump():
    77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c c4aca2cb
    a2610f0e 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558 ea21c6cf
    684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7
    2004-07-26 16:23:32: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
    2004-07-26 16:23:32: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin.
    2004-07-26 16:23:32: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
    nptype=5(id)
    2004-07-26 16:23:32: DEBUG: isakmp.c:1155:isakmp_parsewoh(): invalid
    length of payload
    2004-07-26 16:23:42: DEBUG: isakmp.c:233:isakmp_handler(): ===
    2004-07-26 16:23:42: DEBUG: isakmp.c:234:isakmp_handler(): 92 bytes
    message received from 2.2.2.2[500]
    2004-07-26 16:23:42: DEBUG: plog.c:193:plogdump():
    77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c bb8f2217
    02104944 c9cfc9d8 49cacdf0 02f41bfa 77bdde66 2366bc28 4d3cd75b b7857b3d
    8a00929b 20137047 433a2951 2f560ab3 4e3fa11b 613146f4 eb71529f
    2004-07-26 16:23:42: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
    2004-07-26 16:23:42: DEBUG: oakley.c:2666:oakley_do_decrypt(): begin
    decryption.
    2004-07-26 16:23:42: DEBUG: algorithm.c:386:alg_oakley_encdef():
    encription(3des)
    2004-07-26 16:23:42: DEBUG: oakley.c:2680:oakley_do_decrypt(): IV was
    saved for next processing:
    2004-07-26 16:23:42: DEBUG: plog.c:193:plogdump():
    613146f4 eb71529f
    2004-07-26 16:23:42: DEBUG: algorithm.c:386:alg_oakley_encdef():
    encription(3des)
    2004-07-26 16:23:42: DEBUG: oakley.c:2705:oakley_do_decrypt(): with key:
    2004-07-26 16:23:42: DEBUG: plog.c:193:plogdump():
    26608024 059a46b0 628febfe 8c7346ef df13ef04 7d56da3e
    2004-07-26 16:23:42: DEBUG: oakley.c:2713:oakley_do_decrypt(): decrypted
    payload by IV:
    2004-07-26 16:23:42: DEBUG: plog.c:193:plogdump():
    613146f4 eb71529f
    2004-07-26 16:23:42: DEBUG: oakley.c:2716:oakley_do_decrypt(): decrypted
    payload, but not trimed.
    2004-07-26 16:23:42: DEBUG: plog.c:193:plogdump():
    c4aca2cb a2610f0e 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558
    ea21c6cf 684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7
    2004-07-26 16:23:42: DEBUG: oakley.c:2725:oakley_do_decrypt(): padding
    len=167
    2004-07-26 16:23:42: DEBUG: oakley.c:2739:oakley_do_decrypt(): skip to
    trim padding.
    2004-07-26 16:23:42: DEBUG: oakley.c:2754:oakley_do_decrypt():
    decrypted.
    2004-07-26 16:23:42: DEBUG: plog.c:193:plogdump():
    77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c c4aca2cb
    a2610f0e 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558 ea21c6cf
    684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7
    2004-07-26 16:23:42: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
    2004-07-26 16:23:42: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin.
    2004-07-26 16:23:42: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
    nptype=5(id)
    2004-07-26 16:23:42: DEBUG: isakmp.c:1155:isakmp_parsewoh(): invalid
    length of payload
    2004-07-26 16:23:42: DEBUG: sockmisc.c:421:sendfromto(): sockname
    1.1.1.1[500]
    2004-07-26 16:23:42: DEBUG: sockmisc.c:423:sendfromto(): send packet
    from 1.1.1.1[500]
    2004-07-26 16:23:42: DEBUG: sockmisc.c:425:sendfromto(): send packet to
    2.2.2.2[500]
    2004-07-26 16:23:42: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 200
    bytes message will be sent to 2.2.2.2[500]
    2004-07-26 16:23:42: DEBUG: plog.c:193:plogdump():
    77260cb1 24e74d13 e352ee14 2f02e4f2 04100200 00000000 000000c8 0a000084
    5dac51d5 9e392b0c e6498701 05274556 d0c674e7 b348619f 85fb1e81 8580c8ff
    bc068150 28759450 a7b0d15c 418eb074 85e64c7b fc4eea90 763cdc0c 596a2a4a
    730016b9 1e4888aa b7bc8004 a90ffc90 75d22d09 459100d3 42c61c7c e0e28fa6
    071c6baa a649db63 6fa65ad7 1f3fe91c aee336f0 ad18dcc5 352a6e0b 22e40dde
    0d000014 fcdeb51e a872e9f3 32fb0b9d 20262525 00000014 7003cbc1 097dbe9c
    2600ba69 83bc8b35
    2004-07-26 16:23:42: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend
    phase1 packet 77260cb124e74d13:e352ee142f02e4f2
    2004-07-26 16:24:02: DEBUG: sockmisc.c:421:sendfromto(): sockname
    1.1.1.1[500]
    2004-07-26 16:24:02: DEBUG: sockmisc.c:423:sendfromto(): send packet
    from 1.1.1.1[500]
    2004-07-26 16:24:02: DEBUG: sockmisc.c:425:sendfromto(): send packet to
    2.2.2.2[500]
    2004-07-26 16:24:02: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 200
    bytes message will be sent to 2.2.2.2[500]
    2004-07-26 16:24:02: DEBUG: plog.c:193:plogdump():
    77260cb1 24e74d13 e352ee14 2f02e4f2 04100200 00000000 000000c8 0a000084
    5dac51d5 9e392b0c e6498701 05274556 d0c674e7 b348619f 85fb1e81 8580c8ff
    bc068150 28759450 a7b0d15c 418eb074 85e64c7b fc4eea90 763cdc0c 596a2a4a
    730016b9 1e4888aa b7bc8004 a90ffc90 75d22d09 459100d3 42c61c7c e0e28fa6
    071c6baa a649db63 6fa65ad7 1f3fe91c aee336f0 ad18dcc5 352a6e0b 22e40dde
    0d000014 fcdeb51e a872e9f3 32fb0b9d 20262525 00000014 7003cbc1 097dbe9c
    2600ba69 83bc8b35
    2004-07-26 16:24:02: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend
    phase1 packet 77260cb124e74d13:e352ee142f02e4f2
    2004-07-26 16:24:03: DEBUG: isakmp.c:233:isakmp_handler(): ===
    2004-07-26 16:24:03: DEBUG: isakmp.c:234:isakmp_handler(): 92 bytes
    message received from 2.2.2.2[500]
    2004-07-26 16:24:03: DEBUG: plog.c:193:plogdump():
    77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c bb8f2217
    02104944 c9cfc9d8 49cacdf0 02f41bfa 77bdde66 2366bc28 4d3cd75b b7857b3d
    8a00929b 20137047 433a2951 2f560ab3 4e3fa11b 613146f4 eb71529f
    2004-07-26 16:24:03: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
    2004-07-26 16:24:03: DEBUG: oakley.c:2666:oakley_do_decrypt(): begin
    decryption.
    2004-07-26 16:24:03: DEBUG: algorithm.c:386:alg_oakley_encdef():
    encription(3des)
    2004-07-26 16:24:03: DEBUG: oakley.c:2680:oakley_do_decrypt(): IV was
    saved for next processing:
    2004-07-26 16:24:03: DEBUG: plog.c:193:plogdump():
    613146f4 eb71529f
    2004-07-26 16:24:03: DEBUG: algorithm.c:386:alg_oakley_encdef():
    encription(3des)
    2004-07-26 16:24:03: DEBUG: oakley.c:2705:oakley_do_decrypt(): with key:
    2004-07-26 16:24:03: DEBUG: plog.c:193:plogdump():
    26608024 059a46b0 628febfe 8c7346ef df13ef04 7d56da3e
    2004-07-26 16:24:03: DEBUG: oakley.c:2713:oakley_do_decrypt(): decrypted
    payload by IV:
    2004-07-26 16:24:03: DEBUG: plog.c:193:plogdump():
    613146f4 eb71529f
    2004-07-26 16:24:03: DEBUG: oakley.c:2716:oakley_do_decrypt(): decrypted
    payload, but not trimed.
    2004-07-26 16:24:03: DEBUG: plog.c:193:plogdump():
    c4aca2cb a2610f0e 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558
    ea21c6cf 684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7
    2004-07-26 16:24:03: DEBUG: oakley.c:2725:oakley_do_decrypt(): padding
    len=167
    2004-07-26 16:24:03: DEBUG: oakley.c:2739:oakley_do_decrypt(): skip to
    trim padding.
    2004-07-26 16:24:03: DEBUG: oakley.c:2754:oakley_do_decrypt():
    decrypted.
    2004-07-26 16:24:03: DEBUG: plog.c:193:plogdump():
    77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c c4aca2cb
    a2610f0e 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558 ea21c6cf
    684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7
    2004-07-26 16:24:03: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
    2004-07-26 16:24:03: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin.
    2004-07-26 16:24:03: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
    nptype=5(id)
    2004-07-26 16:24:03: DEBUG: isakmp.c:1155:isakmp_parsewoh(): invalid
    length of payload
    2004-07-26 16:24:13: DEBUG: isakmp.c:233:isakmp_handler(): ===
    2004-07-26 16:24:13: DEBUG: isakmp.c:234:isakmp_handler(): 92 bytes
    message received from 2.2.2.2[500]
    2004-07-26 16:24:13: DEBUG: plog.c:193:plogdump():
    77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c bb8f2217
    02104944 c9cfc9d8 49cacdf0 02f41bfa 77bdde66 2366bc28 4d3cd75b b7857b3d
    8a00929b 20137047 433a2951 2f560ab3 4e3fa11b 613146f4 eb71529f
    2004-07-26 16:24:13: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
    2004-07-26 16:24:13: DEBUG: oakley.c:2666:oakley_do_decrypt(): begin
    decryption.
    2004-07-26 16:24:13: DEBUG: algorithm.c:386:alg_oakley_encdef():
    encription(3des)
    2004-07-26 16:24:13: DEBUG: oakley.c:2680:oakley_do_decrypt(): IV was
    saved for next processing:
    2004-07-26 16:24:13: DEBUG: plog.c:193:plogdump():
    613146f4 eb71529f
    2004-07-26 16:24:13: DEBUG: algorithm.c:386:alg_oakley_encdef():
    encription(3des)
    2004-07-26 16:24:13: DEBUG: oakley.c:2705:oakley_do_decrypt(): with key:
    2004-07-26 16:24:13: DEBUG: plog.c:193:plogdump():
    26608024 059a46b0 628febfe 8c7346ef df13ef04 7d56da3e
    2004-07-26 16:24:13: DEBUG: oakley.c:2713:oakley_do_decrypt(): decrypted
    payload by IV:
    2004-07-26 16:24:13: DEBUG: plog.c:193:plogdump():
    613146f4 eb71529f
    2004-07-26 16:24:13: DEBUG: oakley.c:2716:oakley_do_decrypt(): decrypted
    payload, but not trimed.
    2004-07-26 16:24:13: DEBUG: plog.c:193:plogdump():
    c4aca2cb a2610f0e 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558
    ea21c6cf 684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7
    2004-07-26 16:24:13: DEBUG: oakley.c:2725:oakley_do_decrypt(): padding
    len=167
    2004-07-26 16:24:13: DEBUG: oakley.c:2739:oakley_do_decrypt(): skip to
    trim padding.
    2004-07-26 16:24:13: DEBUG: oakley.c:2754:oakley_do_decrypt():
    decrypted.
    2004-07-26 16:24:13: DEBUG: plog.c:193:plogdump():
    77260cb1 24e74d13 e352ee14 2f02e4f2 05100201 00000000 0000005c c4aca2cb
    a2610f0e 404a202e 8c926c32 c92b0770 7e02809a 837f454f d8510558 ea21c6cf
    684d01f3 ef0bcae9 70838df6 4334ac03 2463bc17 085b87f3 3a1deda7
    2004-07-26 16:24:13: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin.
    2004-07-26 16:24:13: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin.
    2004-07-26 16:24:13: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
    nptype=5(id)
    2004-07-26 16:24:13: DEBUG: isakmp.c:1155:isakmp_parsewoh(): invalid
    length of payload
    2004-07-26 16:24:22: DEBUG: sockmisc.c:421:sendfromto(): sockname
    1.1.1.1[500]
    2004-07-26 16:24:22: DEBUG: sockmisc.c:423:sendfromto(): send packet
    from 1.1.1.1[500]
    2004-07-26 16:24:22: DEBUG: sockmisc.c:425:sendfromto(): send packet to
    2.2.2.2[500]
    2004-07-26 16:24:22: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 200
    bytes message will be sent to 2.2.2.2[500]
    2004-07-26 16:24:22: DEBUG: plog.c:193:plogdump():
    77260cb1 24e74d13 e352ee14 2f02e4f2 04100200 00000000 000000c8 0a000084
    5dac51d5 9e392b0c e6498701 05274556 d0c674e7 b348619f 85fb1e81 8580c8ff
    bc068150 28759450 a7b0d15c 418eb074 85e64c7b fc4eea90 763cdc0c 596a2a4a
    730016b9 1e4888aa b7bc8004 a90ffc90 75d22d09 459100d3 42c61c7c e0e28fa6
    071c6baa a649db63 6fa65ad7 1f3fe91c aee336f0 ad18dcc5 352a6e0b 22e40dde
    0d000014 fcdeb51e a872e9f3 32fb0b9d 20262525 00000014 7003cbc1 097dbe9c
    2600ba69 83bc8b35
    2004-07-26 16:24:22: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend
    phase1 packet 77260cb124e74d13:e352ee142f02e4f2
    2004-07-26 16:24:42: DEBUG: sockmisc.c:421:sendfromto(): sockname
    1.1.1.1[500]
    2004-07-26 16:24:42: DEBUG: sockmisc.c:423:sendfromto(): send packet
    from 1.1.1.1[500]
    2004-07-26 16:24:42: DEBUG: sockmisc.c:425:sendfromto(): send packet to
    2.2.2.2[500]
    2004-07-26 16:24:42: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 200
    bytes message will be sent to 2.2.2.2[500]
    2004-07-26 16:24:42: DEBUG: plog.c:193:plogdump():
    77260cb1 24e74d13 e352ee14 2f02e4f2 04100200 00000000 000000c8 0a000084
    5dac51d5 9e392b0c e6498701 05274556 d0c674e7 b348619f 85fb1e81 8580c8ff
    bc068150 28759450 a7b0d15c 418eb074 85e64c7b fc4eea90 763cdc0c 596a2a4a
    730016b9 1e4888aa b7bc8004 a90ffc90 75d22d09 459100d3 42c61c7c e0e28fa6
    071c6baa a649db63 6fa65ad7 1f3fe91c aee336f0 ad18dcc5 352a6e0b 22e40dde
    0d000014 fcdeb51e a872e9f3 32fb0b9d 20262525 00000014 7003cbc1 097dbe9c
    2600ba69 83bc8b35
    2004-07-26 16:24:42: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend
    phase1 packet 77260cb124e74d13:e352ee142f02e4f2
    2004-07-26 16:25:02: DEBUG: sockmisc.c:421:sendfromto(): sockname
    1.1.1.1[500]
    2004-07-26 16:25:02: DEBUG: sockmisc.c:423:sendfromto(): send packet
    from 1.1.1.1[500]
    2004-07-26 16:25:02: DEBUG: sockmisc.c:425:sendfromto(): send packet to
    2.2.2.2[500]
    2004-07-26 16:25:02: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 200
    bytes message will be sent to 2.2.2.2[500]
    2004-07-26 16:25:02: DEBUG: plog.c:193:plogdump():
    77260cb1 24e74d13 e352ee14 2f02e4f2 04100200 00000000 000000c8 0a000084
    5dac51d5 9e392b0c e6498701 05274556 d0c674e7 b348619f 85fb1e81 8580c8ff
    bc068150 28759450 a7b0d15c 418eb074 85e64c7b fc4eea90 763cdc0c 596a2a4a
    730016b9 1e4888aa b7bc8004 a90ffc90 75d22d09 459100d3 42c61c7c e0e28fa6
    071c6baa a649db63 6fa65ad7 1f3fe91c aee336f0 ad18dcc5 352a6e0b 22e40dde
    0d000014 fcdeb51e a872e9f3 32fb0b9d 20262525 00000014 7003cbc1 097dbe9c
    2600ba69 83bc8b35
    2004-07-26 16:25:02: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend
    phase1 packet 77260cb124e74d13:e352ee142f02e4f2
    2004-07-26 16:25:22: ERROR: isakmp.c:1447:isakmp_ph1resend(): phase1
    negotiation failed due to time up. 77260cb124e74d13:e352ee142f02e4f2

    Cisco log

    *Mar 1 06:30:02.879: ISAKMP: received ke message (1/1)
    *Mar 1 06:30:02.879: ISAKMP (0:0): SA request profile is (NULL)
    *Mar 1 06:30:02.879: ISAKMP: local port 500, remote port 500
    *Mar 1 06:30:02.879: ISAKMP: set new node 0 to QM_IDLE
    *Mar 1 06:30:02.879: ISAKMP: insert sa successfully sa = 818EC56C
    *Mar 1 06:30:02.879: ISAKMP (0:1): Can not start Aggressive mode,
    trying Main mode.
    *Mar 1 06:30:02.879: ISAKMP: Looking for a matching key for 1.1.1.1 in
    default : success
    *Mar 1 06:30:02.879: ISAKMP (0:1): found peer pre-shared key matching
    1.1.1.1
    *Mar 1 06:30:02.879: ISAKMP (0:1): constructed NAT-T vendor-03 ID
    *Mar 1 06:30:02.879: ISAKMP (0:1): constructed NAT-T vendor-02 ID
    *Mar 1 06:30:02.879: ISAKMP (0:1): Input = IKE_MESG_FROM_IPSEC,
    IKE_SA_REQ_MM
    *Mar 1 06:30:02.879: ISAKMP (0:1): Old State = IKE_READY New State =
    IKE_I_MM1

    *Mar 1 06:30:02.883: ISAKMP (0:1): beginning Main Mode exchange
    *Mar 1 06:30:02.883: ISAKMP (0:1): sending pack
    bbeameliarouteet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_NO_STATE
    *Mar 1 06:30:02.899: ISAKMP (0:1): received packet from 1.1.1.1 dport
    500 sport 500 Global (I) MM_NO_STATE
    *Mar 1 06:30:02.899: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER,
    IKE_MM_EXCH
    *Mar 1 06:30:02.899: ISAKMP (0:1): Old State = IKE_I_MM1 New State =
    IKE_I_MM2

    *Mar 1 06:30:02.899: ISAKMP (0:1): processing SA payload. message ID =
    0
    *Mar 1 06:30:02.899: ISAKMP (0:1): processing vendor id payload
    *Mar 1 06:30:02.899: ISAKMP (0:1): vendor ID seems Unity/DPD but major
    139 mismatch
    *Mar 1 06:30:02.899: ISAKMP: Looking for a matching key for 1.1.1.1 in
    default : success
    *Mar 1 06:30:02.899: ISAKMP (0:1): found peer pre-shared key matching
    1.1.1.1
    *Mar 1 06:30:02.899: ISAKMP (0:1) local preshared key found
    *Mar 1 06:30:02.899: ISAKMP : Scanning profiles for xauth ...
    *Mar 1 06:30:02.899: ISAKMP (0:1): Checking ISAKMP transform 1 against
    priority 1 policy
    *Mar 1 06:30:02.903: ISAKMP: encryption 3DES-CBC
    *Mar 1 06:30:02.903: ISAKMP: hash MD5
    *Mar 1 06:30:02.903: ISAKMP: default group 2
    *Mar 1 06:30:02.903: ISAKMP: auth pre-share
    *Mar 1 06:30:02.903: ISAKMP: life type in seconds
    *Mar 1 06:30:02.903: ISAKMP: life duration (basic) of 10000
    *Mar 1 06:30:02.903: ISAKMP (0:1): atts are acceptable. Next payload is
    0
    *Mar 1 06:30:03.035: ISAKMP (0:1): processing vendor id payload
    *Mar 1 06:30:03.035: ISAKMP (0:1): vendor ID seems Unity/DPD but major
    139 mismatch
    *Mar 1 06:30:03.035: ISAKMP (0:1): Input = IKE_MESG_INTERNAL,
    IKE_PROCESS_MAIN_MODE
    *Mar 1 06:30:03.035: ISAKMP (0:1): Old State = IKE_I_MM2 New State =
    IKE_I_MM2

    *Mar 1 06:30:03.039: ISAKMP (0:1): sending packet to 1.1.1.1 my_port
    500 peer_port 500 (I) MM_SA_SETUP
    *Mar 1 06:30:03.039: ISAKMP (0:1): Input = IKE_MESG_INTERNAL,
    IKE_PROCESS_COMPLETE
    *Mar 1 06:30:03.039: ISAKMP (0:1): Old State = IKE_I_MM2 New State =
    IKE_I_MM3

    *Mar 1 06:30:03.099: ISAKMP (0:1): received packet from 1.1.1.1 dport
    500 sport 500 Global (I) MM_SA_SETUP
    *Mar 1 06:30:03.099: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER,
    IKE_MM_EXCH
    *Mar 1 06:30:03.099: ISAKMP (0:1): Old State = IKE_I_MM3 New State =
    IKE_I_MM4

    *Mar 1 06:30:03.103: ISAKMP (0:1): processing KE payload. message ID =
    0
    *Mar 1 06:30:03.267: ISAKMP (0:1): processing NONCE payload. message ID
    = 0
    *Mar 1 06:30:03.267: ISAKMP: Looking for a matching key for 1.1.1.1 in
    default : success
    *Mar 1 06:30:03.267: ISAKMP (0:1): found peer pre-shared key matching
    1.1.1.1
    *Mar 1 06:30:03.271: ISAKMP (0:1): SKEYID state generated
    *Mar 1 06:30:03.271: ISAKMP (0:1): processing vendor id payload
    *Mar 1 06:30:03.271: ISAKMP (0:1): vendor ID seems Unity/DPD but major
    139 mismatch
    *Mar 1 06:30:03.271: ISAKMP (0:1): Input = IKE_MESG_INTERNAL,
    IKE_PROCESS_MAIN_MODE
    *Mar 1 06:30:03.271: ISAKMP (0:1): Old State = IKE_I_MM4 New State =
    IKE_I_MM4

    *Mar 1 06:30:03.271: ISAKMP (0:1): Send initial contact
    *Mar 1 06:30:03.271: ISAKMP (0:1): SA is doing pre-shared key
    authentication using id type ID_IPV4_ADDR
    *Mar 1 06:30:03.271: ISAKMP (1): ID payload
            next-payload : 8
            type : 1
            addr : 2.2.2.2
            protocol : 17
            port : 500
            length : 8
    *Mar 1 06:30:03.271: ISAKMP (1): Total payload length: 12
    *Mar 1 06:30:03.275: ISAKMP (0:1): sending packet to 1.1.1.1 my_port
    500 peer_port 500 (I) MM_KEY_EXCH
    *Mar 1 06:30:03.275: ISAKMP (0:1): Input = IKE_MESG_INTERNAL,
    IKE_PROCESS_COMPLETE
    *Mar 1 06:30:03.275: ISAKMP (0:1): Old State = IKE_I_MM4 New State =
    IKE_I_MM5
    r#
    bbeameliarouter#
    *Mar 1 06:30:13.276: ISAKMP (0:1): retransmitting phase 1
    MM_KEY_EXCH...
    *Mar 1 06:30:13.276: ISAKMP (0:1): incrementing error counter on sa:
    retransmit phase 1
    *Mar 1 06:30:13.276: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
    *Mar 1 06:30:13.276: ISAKMP (0:1): sending packet to 1.1.1.1 my_port
    500 peer_port 500 (I) MM_KEY_EXCH
    bbeameliarouter#
    *Mar 1 06:30:23.276: ISAKMP (0:1): retransmitting phase 1
    MM_KEY_EXCH...
    *Mar 1 06:30:23.276: ISAKMP (0:1): incrementing error counter on sa:
    retransmit phase 1
    *Mar 1 06:30:23.276: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
    *Mar 1 06:30:23.276: ISAKMP (0:1): sending packet to 1.1.1.1 my_port
    500 peer_port 500 (I) MM_KEY_EXCH
    *Mar 1 06:30:23.284: ISAKMP (0:1): received packet from 1.1.1.1 dport
    500 sport 500 Global (I) MM_KEY_EXCH
    *Mar 1 06:30:23.284: ISAKMP (0:1): phase 1 packet is a duplicate of a
    previous packet.
    *Mar 1 06:30:23.284: ISAKMP (0:1): retransmission skipped for phase 1
    (time since last transmission 8)
    bbeameliarouter#
    *Mar 1 06:30:32.876: ISAKMP: received ke message (1/1)
    *Mar 1 06:30:32.876: ISAKMP: set new node 0 to QM_IDLE
    *Mar 1 06:30:32.876: ISAKMP (0:1): SA is still budding. Attached new
    ipsec request to it. (local 2.2.2.2, remote 1.1.1.1)
    bbeameliarouter#
    *Mar 1 06:30:43.293: ISAKMP (0:1): received packet from 1.1.1.1 dport
    500 sport 500 Global (I) MM_KEY_EXCH
    *Mar 1 06:30:43.293: ISAKMP (0:1): phase 1 packet is a duplicate of a
    previous packet.
    *Mar 1 06:30:43.293: ISAKMP (0:1): retransmitting due to retransmit
    phase 1
    *Mar 1 06:30:43.293: ISAKMP (0:1): retransmitting phase 1
    MM_KEY_EXCH...
    *Mar 1 06:30:43.794: ISAKMP (0:1): retransmitting phase 1
    MM_KEY_EXCH...
    *Mar 1 06:30:43.794: ISAKMP (0:1): incrementing error counter on sa:
    retransmit phase 1
    *Mar 1 06:30:43.794: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
    bbeameliarouter#
    *Mar 1 06:30:43.794: ISAKMP (0:1): sending packet to 1.1.1.1 my_port
    500 peer_port 500 (I) MM_KEY_EXCH
    bbeameliarouter#
    *Mar 1 06:30:53.794: ISAKMP (0:1): retransmitting phase 1
    MM_KEY_EXCH...
    *Mar 1 06:30:53.794: ISAKMP (0:1): incrementing error counter on sa:
    retransmit phase 1
    *Mar 1 06:30:53.794: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
    *Mar 1 06:30:53.794: ISAKMP (0:1): sending packet to 1.1.1.1 my_port
    500 peer_port 500 (I) MM_KEY_EXCH
    bbeameliarouter#
    *Mar 1 06:31:02.809: ISAKMP (0:1): received packet from 1.1.1.1 dport
    500 sport 500 Global (I) MM_KEY_EXCH
    *Mar 1 06:31:02.809: ISAKMP (0:1): phase 1 packet is a duplicate of a
    previous packet.
    *Mar 1 06:31:02.809: ISAKMP (0:1): retransmitting due to retransmit
    phase 1
    *Mar 1 06:31:02.809: ISAKMP (0:1): retransmitting phase 1
    MM_KEY_EXCH...
    *Mar 1 06:31:02.877: ISAKMP: received ke message (3/1)
    *Mar 1 06:31:02.877: ISAKMP (0:1): peer does not do paranoid
    keepalives.

    *Mar 1 06:31:02.877: ISAKMP (0:1): deleting SA reason
    "gen_ipsec_isakmp_delete but doi isakmp" state (I) MM_KEY_EXCH (peer
    1.1.1.1) input queue 0
    bbeameliarouter#
    *Mar 1 06:31:02.877: ISAKMP (0:1): deleting SA reason
    "gen_ipsec_isakmp_delete but doi isakmp" state (I) MM_KEY_EXCH (peer
    1.1.1.1) input queue 0
    *Mar 1 06:31:02.877: ISAKMP (0:1): deleting node -1933861384 error TRUE
    reason "gen_ipsec_isakmp_delete but doi isakmp"
    *Mar 1 06:31:02.877: ISAKMP (0:1): deleting node 1271049171 error TRUE
    reason "gen_ipsec_isakmp_delete but doi isakmp"
    *Mar 1 06:31:02.877: ISAKMP (0:1): Input = IKE_MESG_INTERNAL,
    IKE_PHASE1_DEL
    *Mar 1 06:31:02.877: ISAKMP (0:1): Old State = IKE_I_MM5 New State =
    IKE_DEST_SA

    bbeameliarouter#
    *Mar 1 06:31:22.818: ISAKMP (0:1): received packet from 1.1.1.1 dport
    500 sport 500 Global (I) MM_NO_STATE

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Nick Twaddell: "Ipfw config"