[vpn-help] Connection Complete after a few minutes (to Netscreen 208)

ga38257@ja2 ga38257 at ja2.so-net.ne.jp
Wed Apr 21 10:17:56 CDT 2010


Hi, I use shrew soft vpn client Ver2.1.5. I am using a Netscreen

208.When I use Shrew soft VPN Client to connect Netscreen 208, almost
every time, it takes a few minitues to connect netscreen 208. On the
Connection window, Network tab , I see for exapample Security
Associations Established = 4 , Expired = 4, and IF i wait a few minutes
, at last , conection complete, Successful Conection. Ping to my Office
Server Enable.
I don't want a few minutse until conection complete. I want Quick
Connction. So, What would I do?

Below is a log, and config file. Please Help me.

Thank you

10/04/13 23:57:07 ## : IKE Daemon, ver 2.1.5
10/04/13 23:57:07 ## : Copyright 2009 Shrew Soft Inc.
10/04/13 23:57:07 ## : This product linked OpenSSL 0.9.8h 28 May 2008
10/04/13 23:57:07 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client\debug\iked.log'
10/04/13 23:57:07 ii : rebuilding vnet device list ...
10/04/13 23:57:07 ii : device ROOT\VNET\0000 disabled
10/04/13 23:57:07 ii : network process thread begin ...
10/04/13 23:57:07 ii : pfkey process thread begin ...
10/04/13 23:57:07 ii : ipc server process thread begin ...
10/04/13 23:57:08 ii : ipc client process thread begin ...
10/04/13 23:57:08 <A : peer config add message
10/04/13 23:57:08 DB : peer added ( obj count = 1 )
10/04/13 23:57:08 ii : local address 10.1.1.100 selected for peer
10/04/13 23:57:08 DB : tunnel added ( obj count = 1 )
10/04/13 23:57:08 <A : proposal config message
10/04/13 23:57:08 <A : proposal config message
10/04/13 23:57:08 <A : client config message
10/04/13 23:57:08 <A : xauth username message
10/04/13 23:57:08 <A : xauth password message
10/04/13 23:57:08 <A : local id 'PC001 at yxzyxz' message
10/04/13 23:57:08 <A : preshared key message
10/04/13 23:57:08 <A : remote resource message
10/04/13 23:57:08 <A : peer tunnel enable message
10/04/13 23:57:08 DB : new phase1 ( ISAKMP initiator )
10/04/13 23:57:08 DB : exchange type is aggressive
10/04/13 23:57:08 DB : 10.1.1.100:500 <-> 200.200.200.200:500
10/04/13 23:57:08 DB : c0610788fefff431:0000000000000000
10/04/13 23:57:08 DB : phase1 added ( obj count = 1 )
10/04/13 23:57:08 >> : security association payload
10/04/13 23:57:08 >> : - proposal #1 payload
10/04/13 23:57:08 >> : -- transform #1 payload
10/04/13 23:57:08 >> : key exchange payload
10/04/13 23:57:08 >> : nonce payload
10/04/13 23:57:08 >> : identification payload
10/04/13 23:57:08 >> : vendor id payload
10/04/13 23:57:08 ii : local supports XAUTH
10/04/13 23:57:08 >> : vendor id payload
10/04/13 23:57:08 ii : local supports nat-t ( draft v00 )
10/04/13 23:57:08 >> : vendor id payload
10/04/13 23:57:08 ii : local supports nat-t ( draft v01 )
10/04/13 23:57:08 >> : vendor id payload
10/04/13 23:57:08 ii : local supports nat-t ( draft v02 )
10/04/13 23:57:08 >> : vendor id payload
10/04/13 23:57:08 ii : local supports nat-t ( draft v03 )
10/04/13 23:57:08 >> : vendor id payload
10/04/13 23:57:08 ii : local supports nat-t ( rfc )
10/04/13 23:57:08 >> : vendor id payload
10/04/13 23:57:08 ii : local supports FRAGMENTATION
10/04/13 23:57:08 >> : vendor id payload
10/04/13 23:57:08 ii : local supports DPDv1
10/04/13 23:57:08 >> : vendor id payload
10/04/13 23:57:08 ii : local is SHREW SOFT compatible
10/04/13 23:57:08 >> : vendor id payload
10/04/13 23:57:08 ii : local is NETSCREEN compatible
10/04/13 23:57:08 >> : vendor id payload
10/04/13 23:57:08 ii : local is SIDEWINDER compatible
10/04/13 23:57:08 >> : vendor id payload
10/04/13 23:57:08 ii : local is CISCO UNITY compatible
10/04/13 23:57:08 >= : cookies c0610788fefff431:0000000000000000
10/04/13 23:57:08 >= : message 00000000
10/04/13 23:57:08 -> : send IKE packet 10.1.1.100:500 ->
200.200.200.200:500 ( 530 bytes )
10/04/13 23:57:08 DB : phase1 resend event scheduled ( ref count = 2 )
10/04/13 23:57:09 <- : recv IKE packet 200.200.200.200:500 ->
10.1.1.100:500 ( 428 bytes )
10/04/13 23:57:09 DB : phase1 found
10/04/13 23:57:09 ii : processing phase1 packet ( 428 bytes )
10/04/13 23:57:09 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:09 =< : message 00000000
10/04/13 23:57:09 << : security association payload
10/04/13 23:57:09 << : - propsal #1 payload
10/04/13 23:57:09 << : -- transform #1 payload
10/04/13 23:57:09 ii : matched isakmp proposal #1 transform #1
10/04/13 23:57:09 ii : - transform = ike
10/04/13 23:57:09 ii : - cipher type = 3des
10/04/13 23:57:09 ii : - key length = default
10/04/13 23:57:09 ii : - hash type = sha1
10/04/13 23:57:09 ii : - dh group = modp-1024
10/04/13 23:57:09 ii : - auth type = xauth-initiator-psk
10/04/13 23:57:09 ii : - life seconds = 28800
10/04/13 23:57:09 ii : - life kbytes = 0
10/04/13 23:57:09 << : vendor id payload
10/04/13 23:57:09 ii : unknown vendor id ( 28 bytes )
10/04/13 23:57:09 0x : 166f931d 55eb64d8 e4df4fd3 7e2313f0 d0fd8451
00000000 00000000
10/04/13 23:57:09 << : vendor id payload
10/04/13 23:57:09 ii : peer supports XAUTH
10/04/13 23:57:09 << : vendor id payload
10/04/13 23:57:09 ii : peer supports DPDv1
10/04/13 23:57:09 << : vendor id payload
10/04/13 23:57:09 ii : peer supports HEARTBEAT-NOTIFY
10/04/13 23:57:09 << : key exchange payload
10/04/13 23:57:09 << : nonce payload
10/04/13 23:57:09 << : identification payload
10/04/13 23:57:09 ii : phase1 id target is any
10/04/13 23:57:09 ii : phase1 id match
10/04/13 23:57:09 ii : received = ipv4-host 200.200.200.200
10/04/13 23:57:09 << : hash payload
10/04/13 23:57:09 << : vendor id payload
10/04/13 23:57:09 ii : peer supports nat-t ( draft v02 )
10/04/13 23:57:09 << : nat discovery payload
10/04/13 23:57:09 << : nat discovery payload
10/04/13 23:57:09 ii : nat discovery - local address is translated
10/04/13 23:57:09 ii : switching to src nat-t udp port 4500
10/04/13 23:57:09 ii : switching to dst nat-t udp port 4500
10/04/13 23:57:09 == : DH shared secret ( 128 bytes )
10/04/13 23:57:09 == : SETKEYID ( 20 bytes )
10/04/13 23:57:09 == : SETKEYID_d ( 20 bytes )
10/04/13 23:57:09 == : SETKEYID_a ( 20 bytes )
10/04/13 23:57:09 == : SETKEYID_e ( 20 bytes )
10/04/13 23:57:09 == : cipher key ( 40 bytes )
10/04/13 23:57:09 == : cipher iv ( 8 bytes )
10/04/13 23:57:09 == : phase1 hash_i ( computed ) ( 20 bytes )
10/04/13 23:57:09 >> : hash payload
10/04/13 23:57:09 >> : nat discovery payload
10/04/13 23:57:09 >> : nat discovery payload
10/04/13 23:57:09 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:09 >= : message 00000000
10/04/13 23:57:09 >= : encrypt iv ( 8 bytes )
10/04/13 23:57:09 == : encrypt packet ( 100 bytes )
10/04/13 23:57:09 == : stored iv ( 8 bytes )
10/04/13 23:57:09 DB : phase1 resend event canceled ( ref count = 1 )
10/04/13 23:57:09 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 132 bytes )
10/04/13 23:57:09 == : phase1 hash_r ( computed ) ( 20 bytes )
10/04/13 23:57:09 == : phase1 hash_r ( received ) ( 20 bytes )
10/04/13 23:57:09 ii : phase1 sa established
10/04/13 23:57:09 ii : 200.200.200.200:4500 <-> 10.1.1.100:4500
10/04/13 23:57:09 ii : c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:09 ii : sending peer INITIAL-CONTACT notification
10/04/13 23:57:09 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/13 23:57:09 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:09 ii : - data size 0
10/04/13 23:57:09 >> : hash payload
10/04/13 23:57:09 >> : notification payload
10/04/13 23:57:09 == : new informational hash ( 20 bytes )
10/04/13 23:57:09 == : new informational iv ( 8 bytes )
10/04/13 23:57:09 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:09 >= : message dba5e483
10/04/13 23:57:09 >= : encrypt iv ( 8 bytes )
10/04/13 23:57:09 == : encrypt packet ( 80 bytes )
10/04/13 23:57:09 == : stored iv ( 8 bytes )
10/04/13 23:57:09 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/13 23:57:09 DB : phase2 not found
10/04/13 23:57:09 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:57:09 DB : phase1 found
10/04/13 23:57:09 ii : processing config packet ( 76 bytes )
10/04/13 23:57:09 DB : config not found
10/04/13 23:57:09 DB : config added ( obj count = 1 )
10/04/13 23:57:09 == : new config iv ( 8 bytes )
10/04/13 23:57:09 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:09 =< : message f22a3ea7
10/04/13 23:57:09 =< : decrypt iv ( 8 bytes )
10/04/13 23:57:09 == : decrypt packet ( 76 bytes )
10/04/13 23:57:09 <= : trimmed packet padding ( 4 bytes )
10/04/13 23:57:09 <= : stored iv ( 8 bytes )
10/04/13 23:57:09 << : hash payload
10/04/13 23:57:09 << : attribute payload
10/04/13 23:57:09 == : configure hash_i ( computed ) ( 20 bytes )
10/04/13 23:57:09 == : configure hash_c ( computed ) ( 20 bytes )
10/04/13 23:57:09 ii : configure hash verified
10/04/13 23:57:09 ii : - xauth authentication type
10/04/13 23:57:09 ii : - xauth username
10/04/13 23:57:09 ii : - xauth password
10/04/13 23:57:09 ii : received basic xauth request -
10/04/13 23:57:09 ii : - standard xauth username
10/04/13 23:57:09 ii : - standard xauth password
10/04/13 23:57:09 ii : sending xauth response for 1123
10/04/13 23:57:09 >> : hash payload
10/04/13 23:57:09 >> : attribute payload
10/04/13 23:57:09 == : new configure hash ( 20 bytes )
10/04/13 23:57:09 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:09 >= : message f22a3ea7
10/04/13 23:57:09 >= : encrypt iv ( 8 bytes )
10/04/13 23:57:09 == : encrypt packet ( 84 bytes )
10/04/13 23:57:09 == : stored iv ( 8 bytes )
10/04/13 23:57:09 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/13 23:57:09 DB : config resend event scheduled ( ref count = 2 )
10/04/13 23:57:09 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 116 bytes )
10/04/13 23:57:09 DB : phase1 found
10/04/13 23:57:09 ii : processing config packet ( 116 bytes )
10/04/13 23:57:09 DB : config found
10/04/13 23:57:09 == : new config iv ( 8 bytes )
10/04/13 23:57:09 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:09 =< : message 90ae440f
10/04/13 23:57:09 =< : decrypt iv ( 8 bytes )
10/04/13 23:57:09 == : decrypt packet ( 116 bytes )
10/04/13 23:57:09 <= : trimmed packet padding ( 8 bytes )
10/04/13 23:57:09 <= : stored iv ( 8 bytes )
10/04/13 23:57:09 << : hash payload
10/04/13 23:57:09 << : attribute payload
10/04/13 23:57:09 == : configure hash_i ( computed ) ( 20 bytes )
10/04/13 23:57:09 == : configure hash_c ( computed ) ( 20 bytes )
10/04/13 23:57:09 ii : configure hash verified
10/04/13 23:57:09 ii : received config push request
10/04/13 23:57:09 ii : - IP4 Address = 172.16.19.9
10/04/13 23:57:09 ii : - IP4 Netmask = 255.255.255.255
10/04/13 23:57:09 ii : - IP4 DNS Server = 172.16.226.4
10/04/13 23:57:09 ii : - IP4 DNS Server = 172.16.226.5
10/04/13 23:57:09 ii : - IP4 WINS Server = 172.16.226.4
10/04/13 23:57:09 ii : - IP4 WINS Server = 172.16.226.5
10/04/13 23:57:09 ii : building config attribute list
10/04/13 23:57:09 ii : - IP4 Address
10/04/13 23:57:09 ii : - Address Expiry
10/04/13 23:57:09 ii : - IP4 Netamask
10/04/13 23:57:09 ii : - IP4 DNS Server
10/04/13 23:57:09 ii : - IP4 WINS Server
10/04/13 23:57:09 ii : sending config push acknowledge
10/04/13 23:57:09 >> : hash payload
10/04/13 23:57:09 >> : attribute payload
10/04/13 23:57:09 == : new configure hash ( 20 bytes )
10/04/13 23:57:09 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:09 >= : message 90ae440f
10/04/13 23:57:09 >= : encrypt iv ( 8 bytes )
10/04/13 23:57:09 == : encrypt packet ( 80 bytes )
10/04/13 23:57:09 == : stored iv ( 8 bytes )
10/04/13 23:57:09 DB : config resend event canceled ( ref count = 1 )
10/04/13 23:57:09 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/13 23:57:09 DB : config resend event scheduled ( ref count = 2 )
10/04/13 23:57:09 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 68 bytes )
10/04/13 23:57:09 DB : phase1 found
10/04/13 23:57:09 ii : processing config packet ( 68 bytes )
10/04/13 23:57:09 DB : config found
10/04/13 23:57:09 == : new config iv ( 8 bytes )
10/04/13 23:57:09 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:09 =< : message 086992bf
10/04/13 23:57:09 =< : decrypt iv ( 8 bytes )
10/04/13 23:57:09 == : decrypt packet ( 68 bytes )
10/04/13 23:57:09 <= : trimmed packet padding ( 4 bytes )
10/04/13 23:57:09 <= : stored iv ( 8 bytes )
10/04/13 23:57:09 << : hash payload
10/04/13 23:57:09 << : attribute payload
10/04/13 23:57:09 == : configure hash_i ( computed ) ( 20 bytes )
10/04/13 23:57:09 == : configure hash_c ( computed ) ( 20 bytes )
10/04/13 23:57:09 ii : configure hash verified
10/04/13 23:57:09 ii : received xauth result -
10/04/13 23:57:09 ii : user 1123 authentication succeeded
10/04/13 23:57:09 ii : sending xauth acknowledge
10/04/13 23:57:09 >> : hash payload
10/04/13 23:57:09 >> : attribute payload
10/04/13 23:57:09 == : new configure hash ( 20 bytes )
10/04/13 23:57:09 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:09 >= : message 086992bf
10/04/13 23:57:09 >= : encrypt iv ( 8 bytes )
10/04/13 23:57:09 == : encrypt packet ( 60 bytes )
10/04/13 23:57:09 == : stored iv ( 8 bytes )
10/04/13 23:57:09 DB : config resend event canceled ( ref count = 1 )
10/04/13 23:57:09 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 92 bytes )
10/04/13 23:57:09 DB : config resend event scheduled ( ref count = 2 )
10/04/13 23:57:09 DB : config resend event canceled ( ref count = 1 )
10/04/13 23:57:10 ii : VNET adapter MTU is 1500
10/04/13 23:57:10 ii : enabled adapter ROOT\VNET\0000
10/04/13 23:57:10 ii : creating IPSEC INBOUND policy ANY:172.16.0.0/12:*
-> ANY:172.16.19.9:*
10/04/13 23:57:10 DB : policy added ( obj count = 1 )
10/04/13 23:57:10 K> : send pfkey X_SPDADD UNSPEC message
10/04/13 23:57:10 ii : creating IPSEC OUTBOUND policy ANY:172.16.19.9:*
-> ANY:172.16.0.0/12:*
10/04/13 23:57:10 K< : recv pfkey X_SPDADD UNSPEC message
10/04/13 23:57:10 DB : policy found
10/04/13 23:57:11 ii : created IPSEC policy route for 172.16.0.0/12
10/04/13 23:57:11 DB : policy added ( obj count = 2 )
10/04/13 23:57:11 K> : send pfkey X_SPDADD UNSPEC message
10/04/13 23:57:11 ii : split DNS is disabled
10/04/13 23:57:11 K< : recv pfkey X_SPDADD UNSPEC message
10/04/13 23:57:11 DB : policy found
10/04/13 23:57:12 K< : recv pfkey ACQUIRE UNSPEC message
10/04/13 23:57:12 DB : policy found
10/04/13 23:57:12 DB : policy found
10/04/13 23:57:12 DB : tunnel found
10/04/13 23:57:12 DB : new phase2 ( IPSEC initiator )
10/04/13 23:57:12 DB : phase2 added ( obj count = 1 )
10/04/13 23:57:12 K> : send pfkey GETSPI ESP message
10/04/13 23:57:12 K< : recv pfkey GETSPI ESP message
10/04/13 23:57:12 DB : phase2 found
10/04/13 23:57:12 ii : updated spi for 1 ipsec-esp proposal
10/04/13 23:57:12 DB : phase1 found
10/04/13 23:57:12 >> : hash payload
10/04/13 23:57:12 >> : security association payload
10/04/13 23:57:12 >> : - proposal #1 payload
10/04/13 23:57:12 >> : -- transform #1 payload
10/04/13 23:57:12 >> : nonce payload
10/04/13 23:57:12 >> : key exchange payload
10/04/13 23:57:12 >> : identification payload
10/04/13 23:57:12 >> : identification payload
10/04/13 23:57:12 == : phase2 hash_i ( input ) ( 244 bytes )
10/04/13 23:57:12 == : phase2 hash_i ( computed ) ( 20 bytes )
10/04/13 23:57:12 == : new phase2 iv ( 8 bytes )
10/04/13 23:57:12 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:12 >= : message 34a744e4
10/04/13 23:57:12 >= : encrypt iv ( 8 bytes )
10/04/13 23:57:12 == : encrypt packet ( 292 bytes )
10/04/13 23:57:12 == : stored iv ( 8 bytes )
10/04/13 23:57:12 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 324 bytes )
10/04/13 23:57:12 DB : phase2 resend event scheduled ( ref count = 2 )
10/04/13 23:57:12 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 300 bytes )
10/04/13 23:57:12 DB : phase1 found
10/04/13 23:57:12 ii : processing phase2 packet ( 300 bytes )
10/04/13 23:57:12 DB : phase2 found
10/04/13 23:57:12 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:12 =< : message 34a744e4
10/04/13 23:57:12 =< : decrypt iv ( 8 bytes )
10/04/13 23:57:12 == : decrypt packet ( 300 bytes )
10/04/13 23:57:12 <= : trimmed packet padding ( 8 bytes )
10/04/13 23:57:12 <= : stored iv ( 8 bytes )
10/04/13 23:57:12 << : hash payload
10/04/13 23:57:12 << : security association payload
10/04/13 23:57:12 << : - propsal #1 payload
10/04/13 23:57:12 << : -- transform #1 payload
10/04/13 23:57:12 << : nonce payload
10/04/13 23:57:12 << : key exchange payload
10/04/13 23:57:12 << : identification payload
10/04/13 23:57:12 << : identification payload
10/04/13 23:57:12 == : phase2 hash_r ( input ) ( 264 bytes )
10/04/13 23:57:12 == : phase2 hash_r ( computed ) ( 20 bytes )
10/04/13 23:57:12 == : phase2 hash_r ( received ) ( 20 bytes )
10/04/13 23:57:12 ii : matched ipsec-esp proposal #1 transform #1
10/04/13 23:57:12 ii : - transform = esp-3des
10/04/13 23:57:12 ii : - key length = default
10/04/13 23:57:12 ii : - encap mode = udp-tunnel ( draft )
10/04/13 23:57:12 ii : - msg auth = hmac-sha
10/04/13 23:57:12 ii : - pfs dh group = modp-1024
10/04/13 23:57:12 ii : - life seconds = 3600
10/04/13 23:57:12 ii : - life kbytes = 0
10/04/13 23:57:12 DB : policy found
10/04/13 23:57:12 K> : send pfkey GETSPI ESP message
10/04/13 23:57:12 ii : phase2 ids accepted
10/04/13 23:57:12 ii : - loc ANY:172.16.19.9:* -> ANY:172.16.0.0/12:*
10/04/13 23:57:12 ii : - rmt ANY:172.16.0.0/12:* -> ANY:172.16.19.9:*
10/04/13 23:57:12 ii : phase2 sa established
10/04/13 23:57:12 ii : 10.1.1.100:4500 <-> 200.200.200.200:4500
10/04/13 23:57:12 K< : recv pfkey GETSPI ESP message
10/04/13 23:57:12 DB : phase2 found
10/04/13 23:57:12 == : phase2 hash_p ( input ) ( 45 bytes )
10/04/13 23:57:12 == : phase2 hash_p ( computed ) ( 20 bytes )
10/04/13 23:57:12 >> : hash payload
10/04/13 23:57:12 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:12 >= : message 34a744e4
10/04/13 23:57:12 >= : encrypt iv ( 8 bytes )
10/04/13 23:57:12 == : encrypt packet ( 52 bytes )
10/04/13 23:57:12 == : stored iv ( 8 bytes )
10/04/13 23:57:12 DB : phase2 resend event canceled ( ref count = 1 )
10/04/13 23:57:12 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 84 bytes )
10/04/13 23:57:12 == : PFS DH shared secret ( 128 bytes )
10/04/13 23:57:12 == : spi cipher key data ( 24 bytes )
10/04/13 23:57:12 == : spi hmac key data ( 20 bytes )
10/04/13 23:57:12 K> : send pfkey UPDATE ESP message
10/04/13 23:57:12 == : spi cipher key data ( 24 bytes )
10/04/13 23:57:12 == : spi hmac key data ( 20 bytes )
10/04/13 23:57:12 K> : send pfkey UPDATE ESP message
10/04/13 23:57:12 K< : recv pfkey UPDATE ESP message
10/04/13 23:57:12 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:57:12 DB : phase1 found
10/04/13 23:57:12 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:57:12 DB : phase2 found
10/04/13 23:57:12 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:57:12 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:57:12 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:57:12 DB : phase1 found
10/04/13 23:57:12 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:57:12 DB : phase2 found
10/04/13 23:57:12 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:57:12 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:57:12 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:57:12 DB : phase1 found
10/04/13 23:57:12 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:57:12 DB : phase2 found
10/04/13 23:57:12 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:57:12 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:57:12 K< : recv pfkey UPDATE ESP message
10/04/13 23:57:12 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:57:12 DB : phase1 found
10/04/13 23:57:12 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:57:12 DB : phase2 found
10/04/13 23:57:12 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:57:12 ii : resend limit exceeded for phase2 exchange
10/04/13 23:57:12 DB : phase2 soft event canceled ( ref count = 2 )
10/04/13 23:57:12 DB : phase2 hard event canceled ( ref count = 1 )
10/04/13 23:57:12 DB : phase1 found
10/04/13 23:57:12 ii : sending peer DELETE message
10/04/13 23:57:12 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/13 23:57:12 ii : - ipsec-esp spi = 0x941551f9
10/04/13 23:57:12 ii : - data size 0
10/04/13 23:57:12 >> : hash payload
10/04/13 23:57:12 >> : delete payload
10/04/13 23:57:12 == : new informational hash ( 20 bytes )
10/04/13 23:57:12 == : new informational iv ( 8 bytes )
10/04/13 23:57:12 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:12 >= : message 71b8abc4
10/04/13 23:57:12 >= : encrypt iv ( 8 bytes )
10/04/13 23:57:12 == : encrypt packet ( 68 bytes )
10/04/13 23:57:12 == : stored iv ( 8 bytes )
10/04/13 23:57:12 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 100 bytes )
10/04/13 23:57:12 K> : send pfkey DELETE ESP message
10/04/13 23:57:12 K> : send pfkey DELETE ESP message
10/04/13 23:57:12 ii : phase2 removal before expire time
10/04/13 23:57:12 DB : phase2 deleted ( obj count = 0 )
10/04/13 23:57:12 K< : recv pfkey DELETE ESP message
10/04/13 23:57:12 K< : recv pfkey DELETE ESP message
10/04/13 23:57:14 DB : phase1 found
10/04/13 23:57:14 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:57:19 DB : phase1 found
10/04/13 23:57:19 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:57:24 DB : phase1 found
10/04/13 23:57:24 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:57:24 DB : phase1 found
10/04/13 23:57:24 ii : sending peer DPDV1-R-U-THERE notification
10/04/13 23:57:24 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/13 23:57:24 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:24 ii : - data size 4
10/04/13 23:57:24 >> : hash payload
10/04/13 23:57:24 >> : notification payload
10/04/13 23:57:24 == : new informational hash ( 20 bytes )
10/04/13 23:57:24 == : new informational iv ( 8 bytes )
10/04/13 23:57:24 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:24 >= : message 0a889b6f
10/04/13 23:57:24 >= : encrypt iv ( 8 bytes )
10/04/13 23:57:24 == : encrypt packet ( 84 bytes )
10/04/13 23:57:24 == : stored iv ( 8 bytes )
10/04/13 23:57:24 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/13 23:57:24 ii : DPD ARE-YOU-THERE sequence 3188184a requested
10/04/13 23:57:24 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/13 23:57:24 DB : phase1 found
10/04/13 23:57:24 ii : processing informational packet ( 92 bytes )
10/04/13 23:57:24 == : new informational iv ( 8 bytes )
10/04/13 23:57:24 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:24 =< : message 50143698
10/04/13 23:57:24 =< : decrypt iv ( 8 bytes )
10/04/13 23:57:24 == : decrypt packet ( 92 bytes )
10/04/13 23:57:24 <= : trimmed packet padding ( 8 bytes )
10/04/13 23:57:24 <= : stored iv ( 8 bytes )
10/04/13 23:57:24 << : hash payload
10/04/13 23:57:24 << : notification payload
10/04/13 23:57:24 == : informational hash_i ( computed ) ( 20 bytes )
10/04/13 23:57:24 == : informational hash_c ( received ) ( 20 bytes )
10/04/13 23:57:24 ii : informational hash verified
10/04/13 23:57:24 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/13 23:57:24 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/13 23:57:24 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:24 ii : - data size 4
10/04/13 23:57:24 ii : DPD ARE-YOU-THERE-ACK sequence 3188184a accepted
10/04/13 23:57:24 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/13 23:57:28 K< : recv pfkey ACQUIRE UNSPEC message
10/04/13 23:57:28 DB : policy found
10/04/13 23:57:28 DB : policy found
10/04/13 23:57:28 DB : tunnel found
10/04/13 23:57:28 DB : new phase2 ( IPSEC initiator )
10/04/13 23:57:28 DB : phase2 added ( obj count = 1 )
10/04/13 23:57:28 K> : send pfkey GETSPI ESP message
10/04/13 23:57:28 K< : recv pfkey GETSPI ESP message
10/04/13 23:57:28 DB : phase2 found
10/04/13 23:57:28 ii : updated spi for 1 ipsec-esp proposal
10/04/13 23:57:28 DB : phase1 found
10/04/13 23:57:28 >> : hash payload
10/04/13 23:57:28 >> : security association payload
10/04/13 23:57:28 >> : - proposal #1 payload
10/04/13 23:57:28 >> : -- transform #1 payload
10/04/13 23:57:28 >> : nonce payload
10/04/13 23:57:28 >> : key exchange payload
10/04/13 23:57:28 >> : identification payload
10/04/13 23:57:28 >> : identification payload
10/04/13 23:57:28 == : phase2 hash_i ( input ) ( 244 bytes )
10/04/13 23:57:28 == : phase2 hash_i ( computed ) ( 20 bytes )
10/04/13 23:57:28 == : new phase2 iv ( 8 bytes )
10/04/13 23:57:28 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:28 >= : message 4ce9d55e
10/04/13 23:57:28 >= : encrypt iv ( 8 bytes )
10/04/13 23:57:28 == : encrypt packet ( 292 bytes )
10/04/13 23:57:28 == : stored iv ( 8 bytes )
10/04/13 23:57:28 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 324 bytes )
10/04/13 23:57:28 DB : phase2 resend event scheduled ( ref count = 2 )
10/04/13 23:57:28 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 300 bytes )
10/04/13 23:57:28 DB : phase1 found
10/04/13 23:57:28 ii : processing phase2 packet ( 300 bytes )
10/04/13 23:57:28 DB : phase2 found
10/04/13 23:57:28 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:28 =< : message 4ce9d55e
10/04/13 23:57:28 =< : decrypt iv ( 8 bytes )
10/04/13 23:57:28 == : decrypt packet ( 300 bytes )
10/04/13 23:57:28 <= : trimmed packet padding ( 8 bytes )
10/04/13 23:57:28 <= : stored iv ( 8 bytes )
10/04/13 23:57:28 << : hash payload
10/04/13 23:57:28 << : security association payload
10/04/13 23:57:28 << : - propsal #1 payload
10/04/13 23:57:28 << : -- transform #1 payload
10/04/13 23:57:28 << : nonce payload
10/04/13 23:57:28 << : key exchange payload
10/04/13 23:57:28 << : identification payload
10/04/13 23:57:28 << : identification payload
10/04/13 23:57:28 == : phase2 hash_r ( input ) ( 264 bytes )
10/04/13 23:57:28 == : phase2 hash_r ( computed ) ( 20 bytes )
10/04/13 23:57:28 == : phase2 hash_r ( received ) ( 20 bytes )
10/04/13 23:57:28 ii : matched ipsec-esp proposal #1 transform #1
10/04/13 23:57:28 ii : - transform = esp-3des
10/04/13 23:57:28 ii : - key length = default
10/04/13 23:57:28 ii : - encap mode = udp-tunnel ( draft )
10/04/13 23:57:28 ii : - msg auth = hmac-sha
10/04/13 23:57:28 ii : - pfs dh group = modp-1024
10/04/13 23:57:28 ii : - life seconds = 3600
10/04/13 23:57:28 ii : - life kbytes = 0
10/04/13 23:57:28 DB : policy found
10/04/13 23:57:28 K> : send pfkey GETSPI ESP message
10/04/13 23:57:28 ii : phase2 ids accepted
10/04/13 23:57:28 ii : - loc ANY:172.16.19.9:* -> ANY:172.16.0.0/12:*
10/04/13 23:57:28 ii : - rmt ANY:172.16.0.0/12:* -> ANY:172.16.19.9:*
10/04/13 23:57:28 K< : recv pfkey GETSPI ESP message
10/04/13 23:57:28 DB : phase2 found
10/04/13 23:57:28 ii : phase2 sa established
10/04/13 23:57:28 ii : 10.1.1.100:4500 <-> 200.200.200.200:4500
10/04/13 23:57:28 == : phase2 hash_p ( input ) ( 45 bytes )
10/04/13 23:57:28 == : phase2 hash_p ( computed ) ( 20 bytes )
10/04/13 23:57:28 >> : hash payload
10/04/13 23:57:28 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:28 >= : message 4ce9d55e
10/04/13 23:57:28 >= : encrypt iv ( 8 bytes )
10/04/13 23:57:28 == : encrypt packet ( 52 bytes )
10/04/13 23:57:28 == : stored iv ( 8 bytes )
10/04/13 23:57:28 DB : phase2 resend event canceled ( ref count = 1 )
10/04/13 23:57:28 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 84 bytes )
10/04/13 23:57:28 == : PFS DH shared secret ( 128 bytes )
10/04/13 23:57:28 == : spi cipher key data ( 24 bytes )
10/04/13 23:57:28 == : spi hmac key data ( 20 bytes )
10/04/13 23:57:28 K> : send pfkey UPDATE ESP message
10/04/13 23:57:28 == : spi cipher key data ( 24 bytes )
10/04/13 23:57:28 == : spi hmac key data ( 20 bytes )
10/04/13 23:57:28 K> : send pfkey UPDATE ESP message
10/04/13 23:57:28 K< : recv pfkey UPDATE ESP message
10/04/13 23:57:28 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:57:28 DB : phase1 found
10/04/13 23:57:28 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:57:28 DB : phase2 found
10/04/13 23:57:28 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:57:28 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:57:28 K< : recv pfkey UPDATE ESP message
10/04/13 23:57:28 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:57:28 DB : phase1 found
10/04/13 23:57:28 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:57:28 DB : phase2 found
10/04/13 23:57:28 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:57:28 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:57:28 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:57:28 DB : phase1 found
10/04/13 23:57:28 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:57:28 DB : phase2 found
10/04/13 23:57:28 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:57:28 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:57:28 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:57:28 DB : phase1 found
10/04/13 23:57:28 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:57:28 DB : phase2 found
10/04/13 23:57:28 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:57:28 ii : resend limit exceeded for phase2 exchange
10/04/13 23:57:28 DB : phase2 soft event canceled ( ref count = 2 )
10/04/13 23:57:28 DB : phase2 hard event canceled ( ref count = 1 )
10/04/13 23:57:28 DB : phase1 found
10/04/13 23:57:28 ii : sending peer DELETE message
10/04/13 23:57:28 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/13 23:57:28 ii : - ipsec-esp spi = 0xd9e0744c
10/04/13 23:57:28 ii : - data size 0
10/04/13 23:57:28 >> : hash payload
10/04/13 23:57:28 >> : delete payload
10/04/13 23:57:28 == : new informational hash ( 20 bytes )
10/04/13 23:57:28 == : new informational iv ( 8 bytes )
10/04/13 23:57:28 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:28 >= : message 7cd69a72
10/04/13 23:57:28 >= : encrypt iv ( 8 bytes )
10/04/13 23:57:28 == : encrypt packet ( 68 bytes )
10/04/13 23:57:28 == : stored iv ( 8 bytes )
10/04/13 23:57:28 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 100 bytes )
10/04/13 23:57:28 K> : send pfkey DELETE ESP message
10/04/13 23:57:28 K> : send pfkey DELETE ESP message
10/04/13 23:57:28 ii : phase2 removal before expire time
10/04/13 23:57:28 DB : phase2 deleted ( obj count = 0 )
10/04/13 23:57:28 K< : recv pfkey DELETE ESP message
10/04/13 23:57:29 K< : recv pfkey DELETE ESP message
10/04/13 23:57:29 DB : phase1 found
10/04/13 23:57:29 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:57:34 DB : phase1 found
10/04/13 23:57:34 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:57:39 DB : phase1 found
10/04/13 23:57:39 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:57:39 DB : phase1 found
10/04/13 23:57:39 ii : sending peer DPDV1-R-U-THERE notification
10/04/13 23:57:39 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/13 23:57:39 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:39 ii : - data size 4
10/04/13 23:57:39 >> : hash payload
10/04/13 23:57:39 >> : notification payload
10/04/13 23:57:39 == : new informational hash ( 20 bytes )
10/04/13 23:57:39 == : new informational iv ( 8 bytes )
10/04/13 23:57:39 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:39 >= : message 87db9874
10/04/13 23:57:39 >= : encrypt iv ( 8 bytes )
10/04/13 23:57:39 == : encrypt packet ( 84 bytes )
10/04/13 23:57:39 == : stored iv ( 8 bytes )
10/04/13 23:57:39 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/13 23:57:39 ii : DPD ARE-YOU-THERE sequence 3188184b requested
10/04/13 23:57:39 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/13 23:57:39 DB : phase1 found
10/04/13 23:57:39 ii : processing informational packet ( 92 bytes )
10/04/13 23:57:39 == : new informational iv ( 8 bytes )
10/04/13 23:57:39 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:39 =< : message b7c09e97
10/04/13 23:57:39 =< : decrypt iv ( 8 bytes )
10/04/13 23:57:39 == : decrypt packet ( 92 bytes )
10/04/13 23:57:39 <= : trimmed packet padding ( 8 bytes )
10/04/13 23:57:39 <= : stored iv ( 8 bytes )
10/04/13 23:57:39 << : hash payload
10/04/13 23:57:39 << : notification payload
10/04/13 23:57:39 == : informational hash_i ( computed ) ( 20 bytes )
10/04/13 23:57:39 == : informational hash_c ( received ) ( 20 bytes )
10/04/13 23:57:39 ii : informational hash verified
10/04/13 23:57:39 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/13 23:57:39 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/13 23:57:39 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:39 ii : - data size 4
10/04/13 23:57:39 ii : DPD ARE-YOU-THERE-ACK sequence 3188184b accepted
10/04/13 23:57:39 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/13 23:57:44 DB : phase1 found
10/04/13 23:57:44 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:57:44 K< : recv pfkey ACQUIRE UNSPEC message
10/04/13 23:57:44 DB : policy found
10/04/13 23:57:44 DB : policy found
10/04/13 23:57:44 DB : tunnel found
10/04/13 23:57:44 DB : new phase2 ( IPSEC initiator )
10/04/13 23:57:44 DB : phase2 added ( obj count = 1 )
10/04/13 23:57:44 K> : send pfkey GETSPI ESP message
10/04/13 23:57:44 K< : recv pfkey GETSPI ESP message
10/04/13 23:57:44 DB : phase2 found
10/04/13 23:57:44 ii : updated spi for 1 ipsec-esp proposal
10/04/13 23:57:44 DB : phase1 found
10/04/13 23:57:44 >> : hash payload
10/04/13 23:57:44 >> : security association payload
10/04/13 23:57:44 >> : - proposal #1 payload
10/04/13 23:57:44 >> : -- transform #1 payload
10/04/13 23:57:44 >> : nonce payload
10/04/13 23:57:44 >> : key exchange payload
10/04/13 23:57:44 >> : identification payload
10/04/13 23:57:44 >> : identification payload
10/04/13 23:57:44 == : phase2 hash_i ( input ) ( 244 bytes )
10/04/13 23:57:44 == : phase2 hash_i ( computed ) ( 20 bytes )
10/04/13 23:57:44 == : new phase2 iv ( 8 bytes )
10/04/13 23:57:44 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:44 >= : message 53ec7136
10/04/13 23:57:44 >= : encrypt iv ( 8 bytes )
10/04/13 23:57:44 == : encrypt packet ( 292 bytes )
10/04/13 23:57:44 == : stored iv ( 8 bytes )
10/04/13 23:57:44 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 324 bytes )
10/04/13 23:57:44 DB : phase2 resend event scheduled ( ref count = 2 )
10/04/13 23:57:44 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 300 bytes )
10/04/13 23:57:44 DB : phase1 found
10/04/13 23:57:44 ii : processing phase2 packet ( 300 bytes )
10/04/13 23:57:44 DB : phase2 found
10/04/13 23:57:44 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:44 =< : message 53ec7136
10/04/13 23:57:44 =< : decrypt iv ( 8 bytes )
10/04/13 23:57:44 == : decrypt packet ( 300 bytes )
10/04/13 23:57:44 <= : trimmed packet padding ( 8 bytes )
10/04/13 23:57:44 <= : stored iv ( 8 bytes )
10/04/13 23:57:44 << : hash payload
10/04/13 23:57:44 << : security association payload
10/04/13 23:57:44 << : - propsal #1 payload
10/04/13 23:57:44 << : -- transform #1 payload
10/04/13 23:57:44 << : nonce payload
10/04/13 23:57:44 << : key exchange payload
10/04/13 23:57:44 << : identification payload
10/04/13 23:57:44 << : identification payload
10/04/13 23:57:44 == : phase2 hash_r ( input ) ( 264 bytes )
10/04/13 23:57:44 == : phase2 hash_r ( computed ) ( 20 bytes )
10/04/13 23:57:44 == : phase2 hash_r ( received ) ( 20 bytes )
10/04/13 23:57:44 ii : matched ipsec-esp proposal #1 transform #1
10/04/13 23:57:44 ii : - transform = esp-3des
10/04/13 23:57:44 ii : - key length = default
10/04/13 23:57:44 ii : - encap mode = udp-tunnel ( draft )
10/04/13 23:57:44 ii : - msg auth = hmac-sha
10/04/13 23:57:44 ii : - pfs dh group = modp-1024
10/04/13 23:57:44 ii : - life seconds = 3600
10/04/13 23:57:44 ii : - life kbytes = 0
10/04/13 23:57:44 DB : policy found
10/04/13 23:57:44 K> : send pfkey GETSPI ESP message
10/04/13 23:57:44 ii : phase2 ids accepted
10/04/13 23:57:44 ii : - loc ANY:172.16.19.9:* -> ANY:172.16.0.0/12:*
10/04/13 23:57:44 ii : - rmt ANY:172.16.0.0/12:* -> ANY:172.16.19.9:*
10/04/13 23:57:44 ii : phase2 sa established
10/04/13 23:57:44 ii : 10.1.1.100:4500 <-> 200.200.200.200:4500
10/04/13 23:57:44 K< : recv pfkey GETSPI ESP message
10/04/13 23:57:44 DB : phase2 found
10/04/13 23:57:44 == : phase2 hash_p ( input ) ( 45 bytes )
10/04/13 23:57:44 == : phase2 hash_p ( computed ) ( 20 bytes )
10/04/13 23:57:44 >> : hash payload
10/04/13 23:57:44 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:44 >= : message 53ec7136
10/04/13 23:57:44 >= : encrypt iv ( 8 bytes )
10/04/13 23:57:44 == : encrypt packet ( 52 bytes )
10/04/13 23:57:44 == : stored iv ( 8 bytes )
10/04/13 23:57:44 DB : phase2 resend event canceled ( ref count = 1 )
10/04/13 23:57:44 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 84 bytes )
10/04/13 23:57:44 == : PFS DH shared secret ( 128 bytes )
10/04/13 23:57:44 == : spi cipher key data ( 24 bytes )
10/04/13 23:57:44 == : spi hmac key data ( 20 bytes )
10/04/13 23:57:44 K> : send pfkey UPDATE ESP message
10/04/13 23:57:44 == : spi cipher key data ( 24 bytes )
10/04/13 23:57:44 == : spi hmac key data ( 20 bytes )
10/04/13 23:57:44 K< : recv pfkey UPDATE ESP message
10/04/13 23:57:44 K> : send pfkey UPDATE ESP message
10/04/13 23:57:44 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:57:44 DB : phase1 found
10/04/13 23:57:44 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:57:44 DB : phase2 found
10/04/13 23:57:44 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:57:44 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:57:44 K< : recv pfkey UPDATE ESP message
10/04/13 23:57:44 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:57:44 DB : phase1 found
10/04/13 23:57:44 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:57:44 DB : phase2 found
10/04/13 23:57:44 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:57:44 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:57:44 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:57:44 DB : phase1 found
10/04/13 23:57:44 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:57:44 DB : phase2 found
10/04/13 23:57:44 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:57:44 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:57:44 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:57:44 DB : phase1 found
10/04/13 23:57:44 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:57:44 DB : phase2 found
10/04/13 23:57:44 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:57:44 ii : resend limit exceeded for phase2 exchange
10/04/13 23:57:44 DB : phase2 soft event canceled ( ref count = 2 )
10/04/13 23:57:44 DB : phase2 hard event canceled ( ref count = 1 )
10/04/13 23:57:44 DB : phase1 found
10/04/13 23:57:44 ii : sending peer DELETE message
10/04/13 23:57:44 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/13 23:57:44 ii : - ipsec-esp spi = 0xcd3b438c
10/04/13 23:57:44 ii : - data size 0
10/04/13 23:57:44 >> : hash payload
10/04/13 23:57:44 >> : delete payload
10/04/13 23:57:44 == : new informational hash ( 20 bytes )
10/04/13 23:57:44 == : new informational iv ( 8 bytes )
10/04/13 23:57:44 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:44 >= : message 9f58dca3
10/04/13 23:57:44 >= : encrypt iv ( 8 bytes )
10/04/13 23:57:44 == : encrypt packet ( 68 bytes )
10/04/13 23:57:44 == : stored iv ( 8 bytes )
10/04/13 23:57:44 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 100 bytes )
10/04/13 23:57:44 K> : send pfkey DELETE ESP message
10/04/13 23:57:44 K> : send pfkey DELETE ESP message
10/04/13 23:57:44 ii : phase2 removal before expire time
10/04/13 23:57:44 DB : phase2 deleted ( obj count = 0 )
10/04/13 23:57:44 K< : recv pfkey DELETE ESP message
10/04/13 23:57:45 K< : recv pfkey DELETE ESP message
10/04/13 23:57:49 DB : phase1 found
10/04/13 23:57:49 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:57:54 DB : phase1 found
10/04/13 23:57:54 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:57:54 DB : phase1 found
10/04/13 23:57:54 ii : sending peer DPDV1-R-U-THERE notification
10/04/13 23:57:54 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/13 23:57:54 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:54 ii : - data size 4
10/04/13 23:57:54 >> : hash payload
10/04/13 23:57:54 >> : notification payload
10/04/13 23:57:54 == : new informational hash ( 20 bytes )
10/04/13 23:57:54 == : new informational iv ( 8 bytes )
10/04/13 23:57:54 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:54 >= : message ae935c48
10/04/13 23:57:54 >= : encrypt iv ( 8 bytes )
10/04/13 23:57:54 == : encrypt packet ( 84 bytes )
10/04/13 23:57:54 == : stored iv ( 8 bytes )
10/04/13 23:57:54 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/13 23:57:54 ii : DPD ARE-YOU-THERE sequence 3188184c requested
10/04/13 23:57:54 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/13 23:57:54 DB : phase1 found
10/04/13 23:57:54 ii : processing informational packet ( 92 bytes )
10/04/13 23:57:54 == : new informational iv ( 8 bytes )
10/04/13 23:57:54 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:54 =< : message d42bad6f
10/04/13 23:57:54 =< : decrypt iv ( 8 bytes )
10/04/13 23:57:54 == : decrypt packet ( 92 bytes )
10/04/13 23:57:54 <= : trimmed packet padding ( 8 bytes )
10/04/13 23:57:54 <= : stored iv ( 8 bytes )
10/04/13 23:57:54 << : hash payload
10/04/13 23:57:54 << : notification payload
10/04/13 23:57:54 == : informational hash_i ( computed ) ( 20 bytes )
10/04/13 23:57:54 == : informational hash_c ( received ) ( 20 bytes )
10/04/13 23:57:54 ii : informational hash verified
10/04/13 23:57:54 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/13 23:57:54 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/13 23:57:54 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/13 23:57:54 ii : - data size 4
10/04/13 23:57:54 ii : DPD ARE-YOU-THERE-ACK sequence 3188184c accepted
10/04/13 23:57:54 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/13 23:57:59 DB : phase1 found
10/04/13 23:57:59 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:58:02 K< : recv pfkey ACQUIRE UNSPEC message
10/04/13 23:58:02 DB : policy found
10/04/13 23:58:02 DB : policy found
10/04/13 23:58:02 DB : tunnel found
10/04/13 23:58:02 DB : new phase2 ( IPSEC initiator )
10/04/13 23:58:02 DB : phase2 added ( obj count = 1 )
10/04/13 23:58:02 K> : send pfkey GETSPI ESP message
10/04/13 23:58:02 K< : recv pfkey GETSPI ESP message
10/04/13 23:58:02 DB : phase2 found
10/04/13 23:58:02 ii : updated spi for 1 ipsec-esp proposal
10/04/13 23:58:02 DB : phase1 found
10/04/13 23:58:02 >> : hash payload
10/04/13 23:58:02 >> : security association payload
10/04/13 23:58:02 >> : - proposal #1 payload
10/04/13 23:58:02 >> : -- transform #1 payload
10/04/13 23:58:02 >> : nonce payload
10/04/13 23:58:02 >> : key exchange payload
10/04/13 23:58:02 >> : identification payload
10/04/13 23:58:02 >> : identification payload
10/04/13 23:58:02 == : phase2 hash_i ( input ) ( 244 bytes )
10/04/13 23:58:02 == : phase2 hash_i ( computed ) ( 20 bytes )
10/04/13 23:58:02 == : new phase2 iv ( 8 bytes )
10/04/13 23:58:02 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:02 >= : message 3db4f3c6
10/04/13 23:58:02 >= : encrypt iv ( 8 bytes )
10/04/13 23:58:02 == : encrypt packet ( 292 bytes )
10/04/13 23:58:02 == : stored iv ( 8 bytes )
10/04/13 23:58:02 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 324 bytes )
10/04/13 23:58:02 DB : phase2 resend event scheduled ( ref count = 2 )
10/04/13 23:58:02 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 300 bytes )
10/04/13 23:58:02 DB : phase1 found
10/04/13 23:58:02 ii : processing phase2 packet ( 300 bytes )
10/04/13 23:58:02 DB : phase2 found
10/04/13 23:58:02 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:02 =< : message 3db4f3c6
10/04/13 23:58:02 =< : decrypt iv ( 8 bytes )
10/04/13 23:58:02 == : decrypt packet ( 300 bytes )
10/04/13 23:58:02 <= : trimmed packet padding ( 8 bytes )
10/04/13 23:58:02 <= : stored iv ( 8 bytes )
10/04/13 23:58:02 << : hash payload
10/04/13 23:58:02 << : security association payload
10/04/13 23:58:02 << : - propsal #1 payload
10/04/13 23:58:02 << : -- transform #1 payload
10/04/13 23:58:02 << : nonce payload
10/04/13 23:58:02 << : key exchange payload
10/04/13 23:58:02 << : identification payload
10/04/13 23:58:02 << : identification payload
10/04/13 23:58:02 == : phase2 hash_r ( input ) ( 264 bytes )
10/04/13 23:58:02 == : phase2 hash_r ( computed ) ( 20 bytes )
10/04/13 23:58:02 == : phase2 hash_r ( received ) ( 20 bytes )
10/04/13 23:58:02 ii : matched ipsec-esp proposal #1 transform #1
10/04/13 23:58:02 ii : - transform = esp-3des
10/04/13 23:58:02 ii : - key length = default
10/04/13 23:58:02 ii : - encap mode = udp-tunnel ( draft )
10/04/13 23:58:02 ii : - msg auth = hmac-sha
10/04/13 23:58:02 ii : - pfs dh group = modp-1024
10/04/13 23:58:02 ii : - life seconds = 3600
10/04/13 23:58:02 ii : - life kbytes = 0
10/04/13 23:58:02 DB : policy found
10/04/13 23:58:02 K> : send pfkey GETSPI ESP message
10/04/13 23:58:02 ii : phase2 ids accepted
10/04/13 23:58:02 ii : - loc ANY:172.16.19.9:* -> ANY:172.16.0.0/12:*
10/04/13 23:58:02 ii : - rmt ANY:172.16.0.0/12:* -> ANY:172.16.19.9:*
10/04/13 23:58:02 K< : recv pfkey GETSPI ESP message
10/04/13 23:58:02 ii : phase2 sa established
10/04/13 23:58:02 ii : 10.1.1.100:4500 <-> 200.200.200.200:4500
10/04/13 23:58:02 == : phase2 hash_p ( input ) ( 45 bytes )
10/04/13 23:58:02 == : phase2 hash_p ( computed ) ( 20 bytes )
10/04/13 23:58:02 DB : phase2 found
10/04/13 23:58:02 >> : hash payload
10/04/13 23:58:02 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:02 >= : message 3db4f3c6
10/04/13 23:58:02 >= : encrypt iv ( 8 bytes )
10/04/13 23:58:02 == : encrypt packet ( 52 bytes )
10/04/13 23:58:02 == : stored iv ( 8 bytes )
10/04/13 23:58:02 DB : phase2 resend event canceled ( ref count = 1 )
10/04/13 23:58:02 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 84 bytes )
10/04/13 23:58:03 == : PFS DH shared secret ( 128 bytes )
10/04/13 23:58:03 == : spi cipher key data ( 24 bytes )
10/04/13 23:58:03 == : spi hmac key data ( 20 bytes )
10/04/13 23:58:03 K> : send pfkey UPDATE ESP message
10/04/13 23:58:03 == : spi cipher key data ( 24 bytes )
10/04/13 23:58:03 == : spi hmac key data ( 20 bytes )
10/04/13 23:58:03 K< : recv pfkey UPDATE ESP message
10/04/13 23:58:03 K> : send pfkey UPDATE ESP message
10/04/13 23:58:03 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:58:03 DB : phase1 found
10/04/13 23:58:03 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:58:03 DB : phase2 found
10/04/13 23:58:03 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:58:03 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:58:03 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:58:03 DB : phase1 found
10/04/13 23:58:03 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:58:03 DB : phase2 found
10/04/13 23:58:03 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:58:03 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:58:03 K< : recv pfkey UPDATE ESP message
10/04/13 23:58:03 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:58:03 DB : phase1 found
10/04/13 23:58:03 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:58:03 DB : phase2 found
10/04/13 23:58:03 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:58:03 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:58:03 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:58:03 DB : phase1 found
10/04/13 23:58:03 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:58:03 DB : phase2 found
10/04/13 23:58:03 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:58:03 ii : resend limit exceeded for phase2 exchange
10/04/13 23:58:03 DB : phase2 soft event canceled ( ref count = 2 )
10/04/13 23:58:03 DB : phase2 hard event canceled ( ref count = 1 )
10/04/13 23:58:03 DB : phase1 found
10/04/13 23:58:03 ii : sending peer DELETE message
10/04/13 23:58:03 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/13 23:58:03 ii : - ipsec-esp spi = 0x392e7996
10/04/13 23:58:03 ii : - data size 0
10/04/13 23:58:03 >> : hash payload
10/04/13 23:58:03 >> : delete payload
10/04/13 23:58:03 == : new informational hash ( 20 bytes )
10/04/13 23:58:03 == : new informational iv ( 8 bytes )
10/04/13 23:58:03 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:03 >= : message 3ad24ad3
10/04/13 23:58:03 >= : encrypt iv ( 8 bytes )
10/04/13 23:58:03 == : encrypt packet ( 68 bytes )
10/04/13 23:58:03 == : stored iv ( 8 bytes )
10/04/13 23:58:03 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 100 bytes )
10/04/13 23:58:03 K> : send pfkey DELETE ESP message
10/04/13 23:58:03 K> : send pfkey DELETE ESP message
10/04/13 23:58:03 ii : phase2 removal before expire time
10/04/13 23:58:03 DB : phase2 deleted ( obj count = 0 )
10/04/13 23:58:03 K< : recv pfkey DELETE ESP message
10/04/13 23:58:03 K< : recv pfkey DELETE ESP message
10/04/13 23:58:04 DB : phase1 found
10/04/13 23:58:04 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:58:09 DB : phase1 found
10/04/13 23:58:09 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:58:09 DB : phase1 found
10/04/13 23:58:09 ii : sending peer DPDV1-R-U-THERE notification
10/04/13 23:58:09 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/13 23:58:09 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:09 ii : - data size 4
10/04/13 23:58:09 >> : hash payload
10/04/13 23:58:09 >> : notification payload
10/04/13 23:58:09 == : new informational hash ( 20 bytes )
10/04/13 23:58:09 == : new informational iv ( 8 bytes )
10/04/13 23:58:09 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:09 >= : message 84f540a3
10/04/13 23:58:09 >= : encrypt iv ( 8 bytes )
10/04/13 23:58:09 == : encrypt packet ( 84 bytes )
10/04/13 23:58:09 == : stored iv ( 8 bytes )
10/04/13 23:58:09 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/13 23:58:09 ii : DPD ARE-YOU-THERE sequence 3188184d requested
10/04/13 23:58:09 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/13 23:58:09 DB : phase1 found
10/04/13 23:58:09 ii : processing informational packet ( 92 bytes )
10/04/13 23:58:09 == : new informational iv ( 8 bytes )
10/04/13 23:58:09 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:09 =< : message fa339e94
10/04/13 23:58:09 =< : decrypt iv ( 8 bytes )
10/04/13 23:58:09 == : decrypt packet ( 92 bytes )
10/04/13 23:58:09 <= : trimmed packet padding ( 8 bytes )
10/04/13 23:58:09 <= : stored iv ( 8 bytes )
10/04/13 23:58:09 << : hash payload
10/04/13 23:58:09 << : notification payload
10/04/13 23:58:09 == : informational hash_i ( computed ) ( 20 bytes )
10/04/13 23:58:09 == : informational hash_c ( received ) ( 20 bytes )
10/04/13 23:58:09 ii : informational hash verified
10/04/13 23:58:09 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/13 23:58:09 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/13 23:58:09 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:09 ii : - data size 4
10/04/13 23:58:09 ii : DPD ARE-YOU-THERE-ACK sequence 3188184d accepted
10/04/13 23:58:09 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/13 23:58:14 DB : phase1 found
10/04/13 23:58:14 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:58:19 DB : phase1 found
10/04/13 23:58:19 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:58:20 K< : recv pfkey ACQUIRE UNSPEC message
10/04/13 23:58:20 DB : policy found
10/04/13 23:58:20 DB : policy found
10/04/13 23:58:20 DB : tunnel found
10/04/13 23:58:20 DB : new phase2 ( IPSEC initiator )
10/04/13 23:58:20 DB : phase2 added ( obj count = 1 )
10/04/13 23:58:20 K> : send pfkey GETSPI ESP message
10/04/13 23:58:20 K< : recv pfkey GETSPI ESP message
10/04/13 23:58:20 DB : phase2 found
10/04/13 23:58:20 ii : updated spi for 1 ipsec-esp proposal
10/04/13 23:58:20 DB : phase1 found
10/04/13 23:58:20 >> : hash payload
10/04/13 23:58:20 >> : security association payload
10/04/13 23:58:20 >> : - proposal #1 payload
10/04/13 23:58:20 >> : -- transform #1 payload
10/04/13 23:58:20 >> : nonce payload
10/04/13 23:58:20 >> : key exchange payload
10/04/13 23:58:20 >> : identification payload
10/04/13 23:58:20 >> : identification payload
10/04/13 23:58:20 == : phase2 hash_i ( input ) ( 244 bytes )
10/04/13 23:58:20 == : phase2 hash_i ( computed ) ( 20 bytes )
10/04/13 23:58:20 == : new phase2 iv ( 8 bytes )
10/04/13 23:58:20 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:20 >= : message b760c457
10/04/13 23:58:20 >= : encrypt iv ( 8 bytes )
10/04/13 23:58:20 == : encrypt packet ( 292 bytes )
10/04/13 23:58:20 == : stored iv ( 8 bytes )
10/04/13 23:58:20 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 324 bytes )
10/04/13 23:58:20 DB : phase2 resend event scheduled ( ref count = 2 )
10/04/13 23:58:20 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 300 bytes )
10/04/13 23:58:20 DB : phase1 found
10/04/13 23:58:20 ii : processing phase2 packet ( 300 bytes )
10/04/13 23:58:20 DB : phase2 found
10/04/13 23:58:20 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:20 =< : message b760c457
10/04/13 23:58:20 =< : decrypt iv ( 8 bytes )
10/04/13 23:58:20 == : decrypt packet ( 300 bytes )
10/04/13 23:58:20 <= : trimmed packet padding ( 8 bytes )
10/04/13 23:58:20 <= : stored iv ( 8 bytes )
10/04/13 23:58:20 << : hash payload
10/04/13 23:58:20 << : security association payload
10/04/13 23:58:20 << : - propsal #1 payload
10/04/13 23:58:20 << : -- transform #1 payload
10/04/13 23:58:20 << : nonce payload
10/04/13 23:58:20 << : key exchange payload
10/04/13 23:58:20 << : identification payload
10/04/13 23:58:20 << : identification payload
10/04/13 23:58:20 == : phase2 hash_r ( input ) ( 264 bytes )
10/04/13 23:58:20 == : phase2 hash_r ( computed ) ( 20 bytes )
10/04/13 23:58:20 == : phase2 hash_r ( received ) ( 20 bytes )
10/04/13 23:58:20 ii : matched ipsec-esp proposal #1 transform #1
10/04/13 23:58:20 ii : - transform = esp-3des
10/04/13 23:58:20 ii : - key length = default
10/04/13 23:58:20 ii : - encap mode = udp-tunnel ( draft )
10/04/13 23:58:20 ii : - msg auth = hmac-sha
10/04/13 23:58:20 ii : - pfs dh group = modp-1024
10/04/13 23:58:20 ii : - life seconds = 3600
10/04/13 23:58:20 ii : - life kbytes = 0
10/04/13 23:58:20 DB : policy found
10/04/13 23:58:20 K> : send pfkey GETSPI ESP message
10/04/13 23:58:20 ii : phase2 ids accepted
10/04/13 23:58:20 ii : - loc ANY:172.16.19.9:* -> ANY:172.16.0.0/12:*
10/04/13 23:58:20 ii : - rmt ANY:172.16.0.0/12:* -> ANY:172.16.19.9:*
10/04/13 23:58:20 K< : recv pfkey GETSPI ESP message
10/04/13 23:58:20 DB : phase2 found
10/04/13 23:58:20 ii : phase2 sa established
10/04/13 23:58:20 ii : 10.1.1.100:4500 <-> 200.200.200.200:4500
10/04/13 23:58:20 == : phase2 hash_p ( input ) ( 45 bytes )
10/04/13 23:58:20 == : phase2 hash_p ( computed ) ( 20 bytes )
10/04/13 23:58:20 >> : hash payload
10/04/13 23:58:20 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:20 >= : message b760c457
10/04/13 23:58:20 >= : encrypt iv ( 8 bytes )
10/04/13 23:58:20 == : encrypt packet ( 52 bytes )
10/04/13 23:58:20 == : stored iv ( 8 bytes )
10/04/13 23:58:20 DB : phase2 resend event canceled ( ref count = 1 )
10/04/13 23:58:20 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 84 bytes )
10/04/13 23:58:20 == : PFS DH shared secret ( 128 bytes )
10/04/13 23:58:20 == : spi cipher key data ( 24 bytes )
10/04/13 23:58:20 == : spi hmac key data ( 20 bytes )
10/04/13 23:58:20 K> : send pfkey UPDATE ESP message
10/04/13 23:58:20 == : spi cipher key data ( 24 bytes )
10/04/13 23:58:20 == : spi hmac key data ( 20 bytes )
10/04/13 23:58:20 K> : send pfkey UPDATE ESP message
10/04/13 23:58:20 K< : recv pfkey UPDATE ESP message
10/04/13 23:58:20 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:58:20 DB : phase1 found
10/04/13 23:58:20 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:58:20 DB : phase2 found
10/04/13 23:58:20 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:58:20 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:58:20 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:58:20 DB : phase1 found
10/04/13 23:58:20 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:58:20 DB : phase2 found
10/04/13 23:58:20 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:58:20 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:58:21 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:58:21 DB : phase1 found
10/04/13 23:58:21 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:58:21 DB : phase2 found
10/04/13 23:58:21 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:58:21 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:58:21 K< : recv pfkey UPDATE ESP message
10/04/13 23:58:21 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:58:21 DB : phase1 found
10/04/13 23:58:21 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:58:21 DB : phase2 found
10/04/13 23:58:21 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:58:21 ii : resend limit exceeded for phase2 exchange
10/04/13 23:58:21 DB : phase2 soft event canceled ( ref count = 2 )
10/04/13 23:58:21 DB : phase2 hard event canceled ( ref count = 1 )
10/04/13 23:58:21 DB : phase1 found
10/04/13 23:58:21 ii : sending peer DELETE message
10/04/13 23:58:21 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/13 23:58:21 ii : - ipsec-esp spi = 0x1ede7cc4
10/04/13 23:58:21 ii : - data size 0
10/04/13 23:58:21 >> : hash payload
10/04/13 23:58:21 >> : delete payload
10/04/13 23:58:21 == : new informational hash ( 20 bytes )
10/04/13 23:58:21 == : new informational iv ( 8 bytes )
10/04/13 23:58:21 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:21 >= : message 36b66af7
10/04/13 23:58:21 >= : encrypt iv ( 8 bytes )
10/04/13 23:58:21 == : encrypt packet ( 68 bytes )
10/04/13 23:58:21 == : stored iv ( 8 bytes )
10/04/13 23:58:21 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 100 bytes )
10/04/13 23:58:21 K> : send pfkey DELETE ESP message
10/04/13 23:58:21 K> : send pfkey DELETE ESP message
10/04/13 23:58:21 ii : phase2 removal before expire time
10/04/13 23:58:21 DB : phase2 deleted ( obj count = 0 )
10/04/13 23:58:21 K< : recv pfkey DELETE ESP message
10/04/13 23:58:21 K< : recv pfkey DELETE ESP message
10/04/13 23:58:24 DB : phase1 found
10/04/13 23:58:24 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:58:24 DB : phase1 found
10/04/13 23:58:24 ii : sending peer DPDV1-R-U-THERE notification
10/04/13 23:58:24 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/13 23:58:24 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:24 ii : - data size 4
10/04/13 23:58:24 >> : hash payload
10/04/13 23:58:24 >> : notification payload
10/04/13 23:58:24 == : new informational hash ( 20 bytes )
10/04/13 23:58:24 == : new informational iv ( 8 bytes )
10/04/13 23:58:24 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:24 >= : message 073ec441
10/04/13 23:58:24 >= : encrypt iv ( 8 bytes )
10/04/13 23:58:24 == : encrypt packet ( 84 bytes )
10/04/13 23:58:24 == : stored iv ( 8 bytes )
10/04/13 23:58:24 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/13 23:58:24 ii : DPD ARE-YOU-THERE sequence 3188184e requested
10/04/13 23:58:24 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/13 23:58:24 DB : phase1 found
10/04/13 23:58:24 ii : processing informational packet ( 92 bytes )
10/04/13 23:58:24 == : new informational iv ( 8 bytes )
10/04/13 23:58:24 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:24 =< : message 58e38fa7
10/04/13 23:58:24 =< : decrypt iv ( 8 bytes )
10/04/13 23:58:24 == : decrypt packet ( 92 bytes )
10/04/13 23:58:24 <= : trimmed packet padding ( 8 bytes )
10/04/13 23:58:24 <= : stored iv ( 8 bytes )
10/04/13 23:58:24 << : hash payload
10/04/13 23:58:24 << : notification payload
10/04/13 23:58:24 == : informational hash_i ( computed ) ( 20 bytes )
10/04/13 23:58:24 == : informational hash_c ( received ) ( 20 bytes )
10/04/13 23:58:24 ii : informational hash verified
10/04/13 23:58:24 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/13 23:58:24 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/13 23:58:24 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:24 ii : - data size 4
10/04/13 23:58:24 ii : DPD ARE-YOU-THERE-ACK sequence 3188184e accepted
10/04/13 23:58:24 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/13 23:58:29 DB : phase1 found
10/04/13 23:58:29 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:58:34 DB : phase1 found
10/04/13 23:58:34 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:58:37 K< : recv pfkey ACQUIRE UNSPEC message
10/04/13 23:58:37 DB : policy found
10/04/13 23:58:37 DB : policy found
10/04/13 23:58:37 DB : tunnel found
10/04/13 23:58:37 DB : new phase2 ( IPSEC initiator )
10/04/13 23:58:37 DB : phase2 added ( obj count = 1 )
10/04/13 23:58:37 K> : send pfkey GETSPI ESP message
10/04/13 23:58:37 K< : recv pfkey GETSPI ESP message
10/04/13 23:58:37 DB : phase2 found
10/04/13 23:58:37 ii : updated spi for 1 ipsec-esp proposal
10/04/13 23:58:37 DB : phase1 found
10/04/13 23:58:37 >> : hash payload
10/04/13 23:58:37 >> : security association payload
10/04/13 23:58:37 >> : - proposal #1 payload
10/04/13 23:58:37 >> : -- transform #1 payload
10/04/13 23:58:37 >> : nonce payload
10/04/13 23:58:37 >> : key exchange payload
10/04/13 23:58:37 >> : identification payload
10/04/13 23:58:37 >> : identification payload
10/04/13 23:58:37 == : phase2 hash_i ( input ) ( 244 bytes )
10/04/13 23:58:37 == : phase2 hash_i ( computed ) ( 20 bytes )
10/04/13 23:58:37 == : new phase2 iv ( 8 bytes )
10/04/13 23:58:37 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:37 >= : message b4752168
10/04/13 23:58:37 >= : encrypt iv ( 8 bytes )
10/04/13 23:58:37 == : encrypt packet ( 292 bytes )
10/04/13 23:58:37 == : stored iv ( 8 bytes )
10/04/13 23:58:37 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 324 bytes )
10/04/13 23:58:37 DB : phase2 resend event scheduled ( ref count = 2 )
10/04/13 23:58:38 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 300 bytes )
10/04/13 23:58:38 DB : phase1 found
10/04/13 23:58:38 ii : processing phase2 packet ( 300 bytes )
10/04/13 23:58:38 DB : phase2 found
10/04/13 23:58:38 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:38 =< : message b4752168
10/04/13 23:58:38 =< : decrypt iv ( 8 bytes )
10/04/13 23:58:38 == : decrypt packet ( 300 bytes )
10/04/13 23:58:38 <= : trimmed packet padding ( 8 bytes )
10/04/13 23:58:38 <= : stored iv ( 8 bytes )
10/04/13 23:58:38 << : hash payload
10/04/13 23:58:38 << : security association payload
10/04/13 23:58:38 << : - propsal #1 payload
10/04/13 23:58:38 << : -- transform #1 payload
10/04/13 23:58:38 << : nonce payload
10/04/13 23:58:38 << : key exchange payload
10/04/13 23:58:38 << : identification payload
10/04/13 23:58:38 << : identification payload
10/04/13 23:58:38 == : phase2 hash_r ( input ) ( 264 bytes )
10/04/13 23:58:38 == : phase2 hash_r ( computed ) ( 20 bytes )
10/04/13 23:58:38 == : phase2 hash_r ( received ) ( 20 bytes )
10/04/13 23:58:38 ii : matched ipsec-esp proposal #1 transform #1
10/04/13 23:58:38 ii : - transform = esp-3des
10/04/13 23:58:38 ii : - key length = default
10/04/13 23:58:38 ii : - encap mode = udp-tunnel ( draft )
10/04/13 23:58:38 ii : - msg auth = hmac-sha
10/04/13 23:58:38 ii : - pfs dh group = modp-1024
10/04/13 23:58:38 ii : - life seconds = 3600
10/04/13 23:58:38 ii : - life kbytes = 0
10/04/13 23:58:38 DB : policy found
10/04/13 23:58:38 K> : send pfkey GETSPI ESP message
10/04/13 23:58:38 ii : phase2 ids accepted
10/04/13 23:58:38 ii : - loc ANY:172.16.19.9:* -> ANY:172.16.0.0/12:*
10/04/13 23:58:38 ii : - rmt ANY:172.16.0.0/12:* -> ANY:172.16.19.9:*
10/04/13 23:58:38 ii : phase2 sa established
10/04/13 23:58:38 ii : 10.1.1.100:4500 <-> 200.200.200.200:4500
10/04/13 23:58:38 K< : recv pfkey GETSPI ESP message
10/04/13 23:58:38 DB : phase2 found
10/04/13 23:58:38 == : phase2 hash_p ( input ) ( 45 bytes )
10/04/13 23:58:38 == : phase2 hash_p ( computed ) ( 20 bytes )
10/04/13 23:58:38 >> : hash payload
10/04/13 23:58:38 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:38 >= : message b4752168
10/04/13 23:58:38 >= : encrypt iv ( 8 bytes )
10/04/13 23:58:38 == : encrypt packet ( 52 bytes )
10/04/13 23:58:38 == : stored iv ( 8 bytes )
10/04/13 23:58:38 DB : phase2 resend event canceled ( ref count = 1 )
10/04/13 23:58:38 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 84 bytes )
10/04/13 23:58:38 == : PFS DH shared secret ( 128 bytes )
10/04/13 23:58:38 == : spi cipher key data ( 24 bytes )
10/04/13 23:58:38 == : spi hmac key data ( 20 bytes )
10/04/13 23:58:38 K> : send pfkey UPDATE ESP message
10/04/13 23:58:38 == : spi cipher key data ( 24 bytes )
10/04/13 23:58:38 == : spi hmac key data ( 20 bytes )
10/04/13 23:58:38 K> : send pfkey UPDATE ESP message
10/04/13 23:58:38 K< : recv pfkey UPDATE ESP message
10/04/13 23:58:38 K< : recv pfkey UPDATE ESP message
10/04/13 23:58:39 DB : phase1 found
10/04/13 23:58:39 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:58:39 DB : phase1 found
10/04/13 23:58:39 ii : sending peer DPDV1-R-U-THERE notification
10/04/13 23:58:39 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/13 23:58:39 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:39 ii : - data size 4
10/04/13 23:58:39 >> : hash payload
10/04/13 23:58:39 >> : notification payload
10/04/13 23:58:39 == : new informational hash ( 20 bytes )
10/04/13 23:58:39 == : new informational iv ( 8 bytes )
10/04/13 23:58:39 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:39 >= : message 660aaa43
10/04/13 23:58:39 >= : encrypt iv ( 8 bytes )
10/04/13 23:58:39 == : encrypt packet ( 84 bytes )
10/04/13 23:58:39 == : stored iv ( 8 bytes )
10/04/13 23:58:39 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/13 23:58:39 ii : DPD ARE-YOU-THERE sequence 3188184f requested
10/04/13 23:58:39 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/13 23:58:39 DB : phase1 found
10/04/13 23:58:39 ii : processing informational packet ( 92 bytes )
10/04/13 23:58:39 == : new informational iv ( 8 bytes )
10/04/13 23:58:39 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:39 =< : message 5e31b0f0
10/04/13 23:58:39 =< : decrypt iv ( 8 bytes )
10/04/13 23:58:39 == : decrypt packet ( 92 bytes )
10/04/13 23:58:39 <= : trimmed packet padding ( 8 bytes )
10/04/13 23:58:39 <= : stored iv ( 8 bytes )
10/04/13 23:58:39 << : hash payload
10/04/13 23:58:39 << : notification payload
10/04/13 23:58:39 == : informational hash_i ( computed ) ( 20 bytes )
10/04/13 23:58:39 == : informational hash_c ( received ) ( 20 bytes )
10/04/13 23:58:39 ii : informational hash verified
10/04/13 23:58:39 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/13 23:58:39 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/13 23:58:39 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:39 ii : - data size 4
10/04/13 23:58:39 ii : DPD ARE-YOU-THERE-ACK sequence 3188184f accepted
10/04/13 23:58:39 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/13 23:58:42 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 300 bytes )
10/04/13 23:58:42 DB : phase1 found
10/04/13 23:58:42 ii : processing phase2 packet ( 300 bytes )
10/04/13 23:58:42 DB : phase2 found
10/04/13 23:58:42 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:58:42 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:58:42 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:58:42 DB : phase1 found
10/04/13 23:58:42 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:58:42 DB : phase2 found
10/04/13 23:58:42 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:58:42 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:58:42 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:58:42 DB : phase1 found
10/04/13 23:58:42 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:58:42 DB : phase2 found
10/04/13 23:58:42 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:58:42 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:58:42 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:58:42 DB : phase1 found
10/04/13 23:58:42 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:58:42 DB : phase2 found
10/04/13 23:58:42 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:58:42 ii : resend limit exceeded for phase2 exchange
10/04/13 23:58:42 DB : phase2 soft event canceled ( ref count = 2 )
10/04/13 23:58:42 DB : phase2 hard event canceled ( ref count = 1 )
10/04/13 23:58:42 DB : phase1 found
10/04/13 23:58:42 ii : sending peer DELETE message
10/04/13 23:58:42 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/13 23:58:42 ii : - ipsec-esp spi = 0x3450e7a4
10/04/13 23:58:42 ii : - data size 0
10/04/13 23:58:42 >> : hash payload
10/04/13 23:58:42 >> : delete payload
10/04/13 23:58:42 == : new informational hash ( 20 bytes )
10/04/13 23:58:42 == : new informational iv ( 8 bytes )
10/04/13 23:58:42 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:42 >= : message 4fa7855d
10/04/13 23:58:42 >= : encrypt iv ( 8 bytes )
10/04/13 23:58:42 == : encrypt packet ( 68 bytes )
10/04/13 23:58:42 == : stored iv ( 8 bytes )
10/04/13 23:58:42 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 100 bytes )
10/04/13 23:58:42 K> : send pfkey DELETE ESP message
10/04/13 23:58:42 K> : send pfkey DELETE ESP message
10/04/13 23:58:42 ii : phase2 removal before expire time
10/04/13 23:58:42 DB : phase2 deleted ( obj count = 0 )
10/04/13 23:58:42 K< : recv pfkey DELETE ESP message
10/04/13 23:58:42 K< : recv pfkey DELETE ESP message
10/04/13 23:58:44 DB : phase1 found
10/04/13 23:58:44 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:58:49 DB : phase1 found
10/04/13 23:58:49 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:58:54 DB : phase1 found
10/04/13 23:58:54 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:58:54 K< : recv pfkey ACQUIRE UNSPEC message
10/04/13 23:58:54 DB : policy found
10/04/13 23:58:54 DB : policy found
10/04/13 23:58:54 DB : tunnel found
10/04/13 23:58:54 DB : new phase2 ( IPSEC initiator )
10/04/13 23:58:54 DB : phase2 added ( obj count = 1 )
10/04/13 23:58:54 K> : send pfkey GETSPI ESP message
10/04/13 23:58:54 K< : recv pfkey GETSPI ESP message
10/04/13 23:58:54 DB : phase2 found
10/04/13 23:58:54 ii : updated spi for 1 ipsec-esp proposal
10/04/13 23:58:54 DB : phase1 found
10/04/13 23:58:54 >> : hash payload
10/04/13 23:58:54 >> : security association payload
10/04/13 23:58:54 >> : - proposal #1 payload
10/04/13 23:58:54 >> : -- transform #1 payload
10/04/13 23:58:54 >> : nonce payload
10/04/13 23:58:54 >> : key exchange payload
10/04/13 23:58:54 >> : identification payload
10/04/13 23:58:54 >> : identification payload
10/04/13 23:58:54 == : phase2 hash_i ( input ) ( 244 bytes )
10/04/13 23:58:54 == : phase2 hash_i ( computed ) ( 20 bytes )
10/04/13 23:58:54 == : new phase2 iv ( 8 bytes )
10/04/13 23:58:54 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:54 >= : message fb48a07b
10/04/13 23:58:54 >= : encrypt iv ( 8 bytes )
10/04/13 23:58:54 == : encrypt packet ( 292 bytes )
10/04/13 23:58:54 == : stored iv ( 8 bytes )
10/04/13 23:58:54 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 324 bytes )
10/04/13 23:58:54 DB : phase2 resend event scheduled ( ref count = 2 )
10/04/13 23:58:54 DB : phase1 found
10/04/13 23:58:54 ii : sending peer DPDV1-R-U-THERE notification
10/04/13 23:58:54 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/13 23:58:54 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:54 ii : - data size 4
10/04/13 23:58:54 >> : hash payload
10/04/13 23:58:54 >> : notification payload
10/04/13 23:58:54 == : new informational hash ( 20 bytes )
10/04/13 23:58:54 == : new informational iv ( 8 bytes )
10/04/13 23:58:54 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:54 >= : message ec65a5d9
10/04/13 23:58:54 >= : encrypt iv ( 8 bytes )
10/04/13 23:58:54 == : encrypt packet ( 84 bytes )
10/04/13 23:58:54 == : stored iv ( 8 bytes )
10/04/13 23:58:54 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/13 23:58:54 ii : DPD ARE-YOU-THERE sequence 31881850 requested
10/04/13 23:58:54 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/13 23:58:54 DB : phase1 found
10/04/13 23:58:54 ii : processing informational packet ( 92 bytes )
10/04/13 23:58:54 == : new informational iv ( 8 bytes )
10/04/13 23:58:54 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:54 =< : message 509fba9e
10/04/13 23:58:54 =< : decrypt iv ( 8 bytes )
10/04/13 23:58:54 == : decrypt packet ( 92 bytes )
10/04/13 23:58:54 <= : trimmed packet padding ( 8 bytes )
10/04/13 23:58:54 <= : stored iv ( 8 bytes )
10/04/13 23:58:54 << : hash payload
10/04/13 23:58:54 << : notification payload
10/04/13 23:58:54 == : informational hash_i ( computed ) ( 20 bytes )
10/04/13 23:58:54 == : informational hash_c ( received ) ( 20 bytes )
10/04/13 23:58:54 ii : informational hash verified
10/04/13 23:58:54 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/13 23:58:54 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/13 23:58:54 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/13 23:58:54 ii : - data size 4
10/04/13 23:58:54 ii : DPD ARE-YOU-THERE-ACK sequence 31881850 accepted
10/04/13 23:58:54 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/13 23:58:59 DB : phase1 found
10/04/13 23:58:59 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:58:59 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:59:04 DB : phase1 found
10/04/13 23:59:04 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:59:04 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:59:04 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 300 bytes )
10/04/13 23:59:04 DB : phase1 found
10/04/13 23:59:04 ii : processing phase2 packet ( 300 bytes )
10/04/13 23:59:04 DB : phase2 found
10/04/13 23:59:04 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:04 =< : message fb48a07b
10/04/13 23:59:04 =< : decrypt iv ( 8 bytes )
10/04/13 23:59:04 == : decrypt packet ( 300 bytes )
10/04/13 23:59:04 <= : trimmed packet padding ( 8 bytes )
10/04/13 23:59:04 <= : stored iv ( 8 bytes )
10/04/13 23:59:04 << : hash payload
10/04/13 23:59:04 << : security association payload
10/04/13 23:59:04 << : - propsal #1 payload
10/04/13 23:59:04 << : -- transform #1 payload
10/04/13 23:59:04 << : nonce payload
10/04/13 23:59:04 << : key exchange payload
10/04/13 23:59:04 << : identification payload
10/04/13 23:59:04 << : identification payload
10/04/13 23:59:04 == : phase2 hash_r ( input ) ( 264 bytes )
10/04/13 23:59:04 == : phase2 hash_r ( computed ) ( 20 bytes )
10/04/13 23:59:04 == : phase2 hash_r ( received ) ( 20 bytes )
10/04/13 23:59:04 ii : matched ipsec-esp proposal #1 transform #1
10/04/13 23:59:04 ii : - transform = esp-3des
10/04/13 23:59:04 ii : - key length = default
10/04/13 23:59:04 ii : - encap mode = udp-tunnel ( draft )
10/04/13 23:59:04 ii : - msg auth = hmac-sha
10/04/13 23:59:04 ii : - pfs dh group = modp-1024
10/04/13 23:59:04 ii : - life seconds = 3600
10/04/13 23:59:04 ii : - life kbytes = 0
10/04/13 23:59:04 DB : policy found
10/04/13 23:59:04 K> : send pfkey GETSPI ESP message
10/04/13 23:59:04 ii : phase2 ids accepted
10/04/13 23:59:04 ii : - loc ANY:172.16.19.9:* -> ANY:172.16.0.0/12:*
10/04/13 23:59:04 ii : - rmt ANY:172.16.0.0/12:* -> ANY:172.16.19.9:*
10/04/13 23:59:04 ii : phase2 sa established
10/04/13 23:59:04 ii : 10.1.1.100:4500 <-> 200.200.200.200:4500
10/04/13 23:59:04 == : phase2 hash_p ( input ) ( 45 bytes )
10/04/13 23:59:04 == : phase2 hash_p ( computed ) ( 20 bytes )
10/04/13 23:59:04 K< : recv pfkey GETSPI ESP message
10/04/13 23:59:04 >> : hash payload
10/04/13 23:59:04 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:04 DB : phase2 found
10/04/13 23:59:04 >= : message fb48a07b
10/04/13 23:59:04 >= : encrypt iv ( 8 bytes )
10/04/13 23:59:04 == : encrypt packet ( 52 bytes )
10/04/13 23:59:04 == : stored iv ( 8 bytes )
10/04/13 23:59:04 DB : phase2 resend event canceled ( ref count = 1 )
10/04/13 23:59:04 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 84 bytes )
10/04/13 23:59:04 == : PFS DH shared secret ( 128 bytes )
10/04/13 23:59:04 == : spi cipher key data ( 24 bytes )
10/04/13 23:59:04 == : spi hmac key data ( 20 bytes )
10/04/13 23:59:04 K> : send pfkey UPDATE ESP message
10/04/13 23:59:04 == : spi cipher key data ( 24 bytes )
10/04/13 23:59:04 == : spi hmac key data ( 20 bytes )
10/04/13 23:59:04 K> : send pfkey UPDATE ESP message
10/04/13 23:59:04 K< : recv pfkey UPDATE ESP message
10/04/13 23:59:04 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:59:04 DB : phase1 found
10/04/13 23:59:04 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:59:04 DB : phase2 found
10/04/13 23:59:04 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:59:04 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:59:05 K< : recv pfkey UPDATE ESP message
10/04/13 23:59:05 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:59:05 DB : phase1 found
10/04/13 23:59:05 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:59:05 DB : phase2 found
10/04/13 23:59:05 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:59:05 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:59:05 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:59:05 DB : phase1 found
10/04/13 23:59:05 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:59:05 DB : phase2 found
10/04/13 23:59:05 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:59:05 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:59:05 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:59:05 DB : phase1 found
10/04/13 23:59:05 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:59:05 DB : phase2 found
10/04/13 23:59:05 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:59:05 ii : resend limit exceeded for phase2 exchange
10/04/13 23:59:05 DB : phase2 soft event canceled ( ref count = 2 )
10/04/13 23:59:05 DB : phase2 hard event canceled ( ref count = 1 )
10/04/13 23:59:05 DB : phase1 found
10/04/13 23:59:05 ii : sending peer DELETE message
10/04/13 23:59:05 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/13 23:59:05 ii : - ipsec-esp spi = 0x7f38fa27
10/04/13 23:59:05 ii : - data size 0
10/04/13 23:59:05 >> : hash payload
10/04/13 23:59:05 >> : delete payload
10/04/13 23:59:05 == : new informational hash ( 20 bytes )
10/04/13 23:59:05 == : new informational iv ( 8 bytes )
10/04/13 23:59:05 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:05 >= : message 78a5ab59
10/04/13 23:59:05 >= : encrypt iv ( 8 bytes )
10/04/13 23:59:05 == : encrypt packet ( 68 bytes )
10/04/13 23:59:05 == : stored iv ( 8 bytes )
10/04/13 23:59:05 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 100 bytes )
10/04/13 23:59:05 K> : send pfkey DELETE ESP message
10/04/13 23:59:05 K> : send pfkey DELETE ESP message
10/04/13 23:59:05 ii : phase2 removal before expire time
10/04/13 23:59:05 DB : phase2 deleted ( obj count = 0 )
10/04/13 23:59:05 K< : recv pfkey DELETE ESP message
10/04/13 23:59:05 K< : recv pfkey DELETE ESP message
10/04/13 23:59:09 DB : phase1 found
10/04/13 23:59:09 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:59:09 DB : phase1 found
10/04/13 23:59:09 ii : sending peer DPDV1-R-U-THERE notification
10/04/13 23:59:09 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/13 23:59:09 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:09 ii : - data size 4
10/04/13 23:59:09 >> : hash payload
10/04/13 23:59:09 >> : notification payload
10/04/13 23:59:09 == : new informational hash ( 20 bytes )
10/04/13 23:59:09 == : new informational iv ( 8 bytes )
10/04/13 23:59:09 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:09 >= : message a4d4df41
10/04/13 23:59:09 >= : encrypt iv ( 8 bytes )
10/04/13 23:59:09 == : encrypt packet ( 84 bytes )
10/04/13 23:59:09 == : stored iv ( 8 bytes )
10/04/13 23:59:09 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/13 23:59:09 ii : DPD ARE-YOU-THERE sequence 31881851 requested
10/04/13 23:59:10 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/13 23:59:10 DB : phase1 found
10/04/13 23:59:10 ii : processing informational packet ( 92 bytes )
10/04/13 23:59:10 == : new informational iv ( 8 bytes )
10/04/13 23:59:10 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:10 =< : message 572f377f
10/04/13 23:59:10 =< : decrypt iv ( 8 bytes )
10/04/13 23:59:10 == : decrypt packet ( 92 bytes )
10/04/13 23:59:10 <= : trimmed packet padding ( 8 bytes )
10/04/13 23:59:10 <= : stored iv ( 8 bytes )
10/04/13 23:59:10 << : hash payload
10/04/13 23:59:10 << : notification payload
10/04/13 23:59:10 == : informational hash_i ( computed ) ( 20 bytes )
10/04/13 23:59:10 == : informational hash_c ( received ) ( 20 bytes )
10/04/13 23:59:10 ii : informational hash verified
10/04/13 23:59:10 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/13 23:59:10 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/13 23:59:10 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:10 ii : - data size 4
10/04/13 23:59:10 ii : DPD ARE-YOU-THERE-ACK sequence 31881851 accepted
10/04/13 23:59:10 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/13 23:59:11 K< : recv pfkey ACQUIRE UNSPEC message
10/04/13 23:59:11 DB : policy found
10/04/13 23:59:11 DB : policy found
10/04/13 23:59:11 DB : tunnel found
10/04/13 23:59:11 DB : new phase2 ( IPSEC initiator )
10/04/13 23:59:11 DB : phase2 added ( obj count = 1 )
10/04/13 23:59:11 K> : send pfkey GETSPI ESP message
10/04/13 23:59:11 K< : recv pfkey GETSPI ESP message
10/04/13 23:59:11 DB : phase2 found
10/04/13 23:59:11 ii : updated spi for 1 ipsec-esp proposal
10/04/13 23:59:11 DB : phase1 found
10/04/13 23:59:11 >> : hash payload
10/04/13 23:59:11 >> : security association payload
10/04/13 23:59:11 >> : - proposal #1 payload
10/04/13 23:59:11 >> : -- transform #1 payload
10/04/13 23:59:11 >> : nonce payload
10/04/13 23:59:11 >> : key exchange payload
10/04/13 23:59:11 >> : identification payload
10/04/13 23:59:11 >> : identification payload
10/04/13 23:59:11 == : phase2 hash_i ( input ) ( 244 bytes )
10/04/13 23:59:11 == : phase2 hash_i ( computed ) ( 20 bytes )
10/04/13 23:59:11 == : new phase2 iv ( 8 bytes )
10/04/13 23:59:11 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:11 >= : message 68603cee
10/04/13 23:59:11 >= : encrypt iv ( 8 bytes )
10/04/13 23:59:11 == : encrypt packet ( 292 bytes )
10/04/13 23:59:11 == : stored iv ( 8 bytes )
10/04/13 23:59:11 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 324 bytes )
10/04/13 23:59:11 DB : phase2 resend event scheduled ( ref count = 2 )
10/04/13 23:59:11 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 300 bytes )
10/04/13 23:59:11 DB : phase1 found
10/04/13 23:59:11 ii : processing phase2 packet ( 300 bytes )
10/04/13 23:59:11 DB : phase2 found
10/04/13 23:59:11 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:11 =< : message 68603cee
10/04/13 23:59:11 =< : decrypt iv ( 8 bytes )
10/04/13 23:59:11 == : decrypt packet ( 300 bytes )
10/04/13 23:59:11 <= : trimmed packet padding ( 8 bytes )
10/04/13 23:59:11 <= : stored iv ( 8 bytes )
10/04/13 23:59:11 << : hash payload
10/04/13 23:59:11 << : security association payload
10/04/13 23:59:11 << : - propsal #1 payload
10/04/13 23:59:11 << : -- transform #1 payload
10/04/13 23:59:11 << : nonce payload
10/04/13 23:59:11 << : key exchange payload
10/04/13 23:59:11 << : identification payload
10/04/13 23:59:11 << : identification payload
10/04/13 23:59:11 == : phase2 hash_r ( input ) ( 264 bytes )
10/04/13 23:59:11 == : phase2 hash_r ( computed ) ( 20 bytes )
10/04/13 23:59:11 == : phase2 hash_r ( received ) ( 20 bytes )
10/04/13 23:59:11 ii : matched ipsec-esp proposal #1 transform #1
10/04/13 23:59:11 ii : - transform = esp-3des
10/04/13 23:59:11 ii : - key length = default
10/04/13 23:59:11 ii : - encap mode = udp-tunnel ( draft )
10/04/13 23:59:11 ii : - msg auth = hmac-sha
10/04/13 23:59:11 ii : - pfs dh group = modp-1024
10/04/13 23:59:11 ii : - life seconds = 3600
10/04/13 23:59:11 ii : - life kbytes = 0
10/04/13 23:59:11 DB : policy found
10/04/13 23:59:11 K> : send pfkey GETSPI ESP message
10/04/13 23:59:11 ii : phase2 ids accepted
10/04/13 23:59:11 ii : - loc ANY:172.16.19.9:* -> ANY:172.16.0.0/12:*
10/04/13 23:59:11 ii : - rmt ANY:172.16.0.0/12:* -> ANY:172.16.19.9:*
10/04/13 23:59:11 ii : phase2 sa established
10/04/13 23:59:11 ii : 10.1.1.100:4500 <-> 200.200.200.200:4500
10/04/13 23:59:11 K< : recv pfkey GETSPI ESP message
10/04/13 23:59:11 DB : phase2 found
10/04/13 23:59:11 == : phase2 hash_p ( input ) ( 45 bytes )
10/04/13 23:59:11 == : phase2 hash_p ( computed ) ( 20 bytes )
10/04/13 23:59:11 >> : hash payload
10/04/13 23:59:11 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:11 >= : message 68603cee
10/04/13 23:59:11 >= : encrypt iv ( 8 bytes )
10/04/13 23:59:11 == : encrypt packet ( 52 bytes )
10/04/13 23:59:11 == : stored iv ( 8 bytes )
10/04/13 23:59:11 DB : phase2 resend event canceled ( ref count = 1 )
10/04/13 23:59:11 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 84 bytes )
10/04/13 23:59:11 == : PFS DH shared secret ( 128 bytes )
10/04/13 23:59:11 == : spi cipher key data ( 24 bytes )
10/04/13 23:59:11 == : spi hmac key data ( 20 bytes )
10/04/13 23:59:11 K> : send pfkey UPDATE ESP message
10/04/13 23:59:11 == : spi cipher key data ( 24 bytes )
10/04/13 23:59:11 == : spi hmac key data ( 20 bytes )
10/04/13 23:59:11 K> : send pfkey UPDATE ESP message
10/04/13 23:59:11 K< : recv pfkey UPDATE ESP message
10/04/13 23:59:11 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:59:11 DB : phase1 found
10/04/13 23:59:11 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:59:11 DB : phase2 found
10/04/13 23:59:11 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:59:11 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:59:11 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:59:11 DB : phase1 found
10/04/13 23:59:11 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:59:11 DB : phase2 found
10/04/13 23:59:11 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:59:11 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:59:11 K< : recv pfkey UPDATE ESP message
10/04/13 23:59:11 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:59:11 DB : phase1 found
10/04/13 23:59:11 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:59:11 DB : phase2 found
10/04/13 23:59:11 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:59:11 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:59:11 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:59:11 DB : phase1 found
10/04/13 23:59:11 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:59:11 DB : phase2 found
10/04/13 23:59:11 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:59:11 ii : resend limit exceeded for phase2 exchange
10/04/13 23:59:11 DB : phase2 soft event canceled ( ref count = 2 )
10/04/13 23:59:11 DB : phase2 hard event canceled ( ref count = 1 )
10/04/13 23:59:11 DB : phase1 found
10/04/13 23:59:11 ii : sending peer DELETE message
10/04/13 23:59:11 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/13 23:59:11 ii : - ipsec-esp spi = 0xdc5d6fa1
10/04/13 23:59:11 ii : - data size 0
10/04/13 23:59:11 >> : hash payload
10/04/13 23:59:11 >> : delete payload
10/04/13 23:59:11 == : new informational hash ( 20 bytes )
10/04/13 23:59:11 == : new informational iv ( 8 bytes )
10/04/13 23:59:11 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:11 >= : message f1cac4b6
10/04/13 23:59:11 >= : encrypt iv ( 8 bytes )
10/04/13 23:59:11 == : encrypt packet ( 68 bytes )
10/04/13 23:59:11 == : stored iv ( 8 bytes )
10/04/13 23:59:11 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 100 bytes )
10/04/13 23:59:11 K> : send pfkey DELETE ESP message
10/04/13 23:59:11 K> : send pfkey DELETE ESP message
10/04/13 23:59:11 ii : phase2 removal before expire time
10/04/13 23:59:11 DB : phase2 deleted ( obj count = 0 )
10/04/13 23:59:11 K< : recv pfkey DELETE ESP message
10/04/13 23:59:12 K< : recv pfkey DELETE ESP message
10/04/13 23:59:14 DB : phase1 found
10/04/13 23:59:14 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:59:19 DB : phase1 found
10/04/13 23:59:19 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:59:24 DB : phase1 found
10/04/13 23:59:24 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:59:25 DB : phase1 found
10/04/13 23:59:25 ii : sending peer DPDV1-R-U-THERE notification
10/04/13 23:59:25 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/13 23:59:25 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:25 ii : - data size 4
10/04/13 23:59:25 >> : hash payload
10/04/13 23:59:25 >> : notification payload
10/04/13 23:59:25 == : new informational hash ( 20 bytes )
10/04/13 23:59:25 == : new informational iv ( 8 bytes )
10/04/13 23:59:25 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:25 >= : message e337551d
10/04/13 23:59:25 >= : encrypt iv ( 8 bytes )
10/04/13 23:59:25 == : encrypt packet ( 84 bytes )
10/04/13 23:59:25 == : stored iv ( 8 bytes )
10/04/13 23:59:25 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/13 23:59:25 ii : DPD ARE-YOU-THERE sequence 31881852 requested
10/04/13 23:59:25 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/13 23:59:25 DB : phase1 found
10/04/13 23:59:25 ii : processing informational packet ( 92 bytes )
10/04/13 23:59:25 == : new informational iv ( 8 bytes )
10/04/13 23:59:25 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:25 =< : message 3ac5d3b8
10/04/13 23:59:25 =< : decrypt iv ( 8 bytes )
10/04/13 23:59:25 == : decrypt packet ( 92 bytes )
10/04/13 23:59:25 <= : trimmed packet padding ( 8 bytes )
10/04/13 23:59:25 <= : stored iv ( 8 bytes )
10/04/13 23:59:25 << : hash payload
10/04/13 23:59:25 << : notification payload
10/04/13 23:59:25 == : informational hash_i ( computed ) ( 20 bytes )
10/04/13 23:59:25 == : informational hash_c ( received ) ( 20 bytes )
10/04/13 23:59:25 ii : informational hash verified
10/04/13 23:59:25 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/13 23:59:25 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/13 23:59:25 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:25 ii : - data size 4
10/04/13 23:59:25 ii : DPD ARE-YOU-THERE-ACK sequence 31881852 accepted
10/04/13 23:59:25 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/13 23:59:28 K< : recv pfkey ACQUIRE UNSPEC message
10/04/13 23:59:28 DB : policy found
10/04/13 23:59:28 DB : policy found
10/04/13 23:59:28 DB : tunnel found
10/04/13 23:59:28 DB : new phase2 ( IPSEC initiator )
10/04/13 23:59:28 DB : phase2 added ( obj count = 1 )
10/04/13 23:59:28 K> : send pfkey GETSPI ESP message
10/04/13 23:59:28 K< : recv pfkey GETSPI ESP message
10/04/13 23:59:28 DB : phase2 found
10/04/13 23:59:28 ii : updated spi for 1 ipsec-esp proposal
10/04/13 23:59:28 DB : phase1 found
10/04/13 23:59:28 >> : hash payload
10/04/13 23:59:28 >> : security association payload
10/04/13 23:59:28 >> : - proposal #1 payload
10/04/13 23:59:28 >> : -- transform #1 payload
10/04/13 23:59:28 >> : nonce payload
10/04/13 23:59:28 >> : key exchange payload
10/04/13 23:59:28 >> : identification payload
10/04/13 23:59:28 >> : identification payload
10/04/13 23:59:28 == : phase2 hash_i ( input ) ( 244 bytes )
10/04/13 23:59:28 == : phase2 hash_i ( computed ) ( 20 bytes )
10/04/13 23:59:28 == : new phase2 iv ( 8 bytes )
10/04/13 23:59:28 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:28 >= : message 8c19606f
10/04/13 23:59:28 >= : encrypt iv ( 8 bytes )
10/04/13 23:59:28 == : encrypt packet ( 292 bytes )
10/04/13 23:59:28 == : stored iv ( 8 bytes )
10/04/13 23:59:28 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 324 bytes )
10/04/13 23:59:28 DB : phase2 resend event scheduled ( ref count = 2 )
10/04/13 23:59:29 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 300 bytes )
10/04/13 23:59:29 DB : phase1 found
10/04/13 23:59:29 ii : processing phase2 packet ( 300 bytes )
10/04/13 23:59:29 DB : phase2 found
10/04/13 23:59:29 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:29 =< : message 8c19606f
10/04/13 23:59:29 =< : decrypt iv ( 8 bytes )
10/04/13 23:59:29 == : decrypt packet ( 300 bytes )
10/04/13 23:59:29 <= : trimmed packet padding ( 8 bytes )
10/04/13 23:59:29 <= : stored iv ( 8 bytes )
10/04/13 23:59:29 << : hash payload
10/04/13 23:59:29 << : security association payload
10/04/13 23:59:29 << : - propsal #1 payload
10/04/13 23:59:29 << : -- transform #1 payload
10/04/13 23:59:29 << : nonce payload
10/04/13 23:59:29 << : key exchange payload
10/04/13 23:59:29 << : identification payload
10/04/13 23:59:29 << : identification payload
10/04/13 23:59:29 == : phase2 hash_r ( input ) ( 264 bytes )
10/04/13 23:59:29 == : phase2 hash_r ( computed ) ( 20 bytes )
10/04/13 23:59:29 == : phase2 hash_r ( received ) ( 20 bytes )
10/04/13 23:59:29 ii : matched ipsec-esp proposal #1 transform #1
10/04/13 23:59:29 ii : - transform = esp-3des
10/04/13 23:59:29 ii : - key length = default
10/04/13 23:59:29 ii : - encap mode = udp-tunnel ( draft )
10/04/13 23:59:29 ii : - msg auth = hmac-sha
10/04/13 23:59:29 ii : - pfs dh group = modp-1024
10/04/13 23:59:29 ii : - life seconds = 3600
10/04/13 23:59:29 ii : - life kbytes = 0
10/04/13 23:59:29 DB : policy found
10/04/13 23:59:29 K> : send pfkey GETSPI ESP message
10/04/13 23:59:29 ii : phase2 ids accepted
10/04/13 23:59:29 ii : - loc ANY:172.16.19.9:* -> ANY:172.16.0.0/12:*
10/04/13 23:59:29 ii : - rmt ANY:172.16.0.0/12:* -> ANY:172.16.19.9:*
10/04/13 23:59:29 ii : phase2 sa established
10/04/13 23:59:29 ii : 10.1.1.100:4500 <-> 200.200.200.200:4500
10/04/13 23:59:29 K< : recv pfkey GETSPI ESP message
10/04/13 23:59:29 == : phase2 hash_p ( input ) ( 45 bytes )
10/04/13 23:59:29 DB : phase2 found
10/04/13 23:59:29 == : phase2 hash_p ( computed ) ( 20 bytes )
10/04/13 23:59:29 >> : hash payload
10/04/13 23:59:29 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:29 >= : message 8c19606f
10/04/13 23:59:29 >= : encrypt iv ( 8 bytes )
10/04/13 23:59:29 == : encrypt packet ( 52 bytes )
10/04/13 23:59:29 == : stored iv ( 8 bytes )
10/04/13 23:59:29 DB : phase2 resend event canceled ( ref count = 1 )
10/04/13 23:59:29 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 84 bytes )
10/04/13 23:59:29 == : PFS DH shared secret ( 128 bytes )
10/04/13 23:59:29 == : spi cipher key data ( 24 bytes )
10/04/13 23:59:29 == : spi hmac key data ( 20 bytes )
10/04/13 23:59:29 K> : send pfkey UPDATE ESP message
10/04/13 23:59:29 == : spi cipher key data ( 24 bytes )
10/04/13 23:59:29 == : spi hmac key data ( 20 bytes )
10/04/13 23:59:29 K< : recv pfkey UPDATE ESP message
10/04/13 23:59:29 K> : send pfkey UPDATE ESP message
10/04/13 23:59:29 K< : recv pfkey UPDATE ESP message
10/04/13 23:59:29 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:59:29 DB : phase1 found
10/04/13 23:59:29 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:59:29 DB : phase2 found
10/04/13 23:59:29 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:59:29 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:59:29 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:59:29 DB : phase1 found
10/04/13 23:59:29 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:59:29 DB : phase2 found
10/04/13 23:59:29 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:59:29 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:59:29 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:59:29 DB : phase1 found
10/04/13 23:59:29 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:59:29 DB : phase2 found
10/04/13 23:59:29 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:59:29 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:59:29 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:59:29 DB : phase1 found
10/04/13 23:59:29 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:59:29 DB : phase2 found
10/04/13 23:59:29 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:59:29 ii : resend limit exceeded for phase2 exchange
10/04/13 23:59:29 DB : phase2 soft event canceled ( ref count = 2 )
10/04/13 23:59:29 DB : phase2 hard event canceled ( ref count = 1 )
10/04/13 23:59:29 DB : phase1 found
10/04/13 23:59:29 ii : sending peer DELETE message
10/04/13 23:59:29 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/13 23:59:29 ii : - ipsec-esp spi = 0x67e5c8a1
10/04/13 23:59:29 ii : - data size 0
10/04/13 23:59:29 >> : hash payload
10/04/13 23:59:29 >> : delete payload
10/04/13 23:59:29 == : new informational hash ( 20 bytes )
10/04/13 23:59:29 == : new informational iv ( 8 bytes )
10/04/13 23:59:29 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:29 >= : message 9b36e92e
10/04/13 23:59:29 >= : encrypt iv ( 8 bytes )
10/04/13 23:59:29 == : encrypt packet ( 68 bytes )
10/04/13 23:59:29 == : stored iv ( 8 bytes )
10/04/13 23:59:29 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 100 bytes )
10/04/13 23:59:29 K> : send pfkey DELETE ESP message
10/04/13 23:59:29 K> : send pfkey DELETE ESP message
10/04/13 23:59:29 ii : phase2 removal before expire time
10/04/13 23:59:29 DB : phase2 deleted ( obj count = 0 )
10/04/13 23:59:29 K< : recv pfkey DELETE ESP message
10/04/13 23:59:29 DB : phase1 found
10/04/13 23:59:29 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:59:29 K< : recv pfkey DELETE ESP message
10/04/13 23:59:34 DB : phase1 found
10/04/13 23:59:34 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:59:39 DB : phase1 found
10/04/13 23:59:39 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:59:40 DB : phase1 found
10/04/13 23:59:40 ii : sending peer DPDV1-R-U-THERE notification
10/04/13 23:59:40 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/13 23:59:40 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:40 ii : - data size 4
10/04/13 23:59:40 >> : hash payload
10/04/13 23:59:40 >> : notification payload
10/04/13 23:59:40 == : new informational hash ( 20 bytes )
10/04/13 23:59:40 == : new informational iv ( 8 bytes )
10/04/13 23:59:40 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:40 >= : message 2c3409ad
10/04/13 23:59:40 >= : encrypt iv ( 8 bytes )
10/04/13 23:59:40 == : encrypt packet ( 84 bytes )
10/04/13 23:59:40 == : stored iv ( 8 bytes )
10/04/13 23:59:40 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/13 23:59:40 ii : DPD ARE-YOU-THERE sequence 31881853 requested
10/04/13 23:59:40 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/13 23:59:40 DB : phase1 found
10/04/13 23:59:40 ii : processing informational packet ( 92 bytes )
10/04/13 23:59:40 == : new informational iv ( 8 bytes )
10/04/13 23:59:40 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:40 =< : message 5ece9280
10/04/13 23:59:40 =< : decrypt iv ( 8 bytes )
10/04/13 23:59:40 == : decrypt packet ( 92 bytes )
10/04/13 23:59:40 <= : trimmed packet padding ( 8 bytes )
10/04/13 23:59:40 <= : stored iv ( 8 bytes )
10/04/13 23:59:40 << : hash payload
10/04/13 23:59:40 << : notification payload
10/04/13 23:59:40 == : informational hash_i ( computed ) ( 20 bytes )
10/04/13 23:59:40 == : informational hash_c ( received ) ( 20 bytes )
10/04/13 23:59:40 ii : informational hash verified
10/04/13 23:59:40 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/13 23:59:40 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/13 23:59:40 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:40 ii : - data size 4
10/04/13 23:59:40 ii : DPD ARE-YOU-THERE-ACK sequence 31881853 accepted
10/04/13 23:59:40 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/13 23:59:44 DB : phase1 found
10/04/13 23:59:44 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:59:46 K< : recv pfkey ACQUIRE UNSPEC message
10/04/13 23:59:46 DB : policy found
10/04/13 23:59:46 DB : policy found
10/04/13 23:59:46 DB : tunnel found
10/04/13 23:59:46 DB : new phase2 ( IPSEC initiator )
10/04/13 23:59:46 DB : phase2 added ( obj count = 1 )
10/04/13 23:59:46 K> : send pfkey GETSPI ESP message
10/04/13 23:59:46 K< : recv pfkey GETSPI ESP message
10/04/13 23:59:46 DB : phase2 found
10/04/13 23:59:46 ii : updated spi for 1 ipsec-esp proposal
10/04/13 23:59:46 DB : phase1 found
10/04/13 23:59:46 >> : hash payload
10/04/13 23:59:46 >> : security association payload
10/04/13 23:59:46 >> : - proposal #1 payload
10/04/13 23:59:46 >> : -- transform #1 payload
10/04/13 23:59:46 >> : nonce payload
10/04/13 23:59:46 >> : key exchange payload
10/04/13 23:59:46 >> : identification payload
10/04/13 23:59:46 >> : identification payload
10/04/13 23:59:46 == : phase2 hash_i ( input ) ( 244 bytes )
10/04/13 23:59:46 == : phase2 hash_i ( computed ) ( 20 bytes )
10/04/13 23:59:46 == : new phase2 iv ( 8 bytes )
10/04/13 23:59:46 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:46 >= : message 03a86ec0
10/04/13 23:59:46 >= : encrypt iv ( 8 bytes )
10/04/13 23:59:46 == : encrypt packet ( 292 bytes )
10/04/13 23:59:46 == : stored iv ( 8 bytes )
10/04/13 23:59:46 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 324 bytes )
10/04/13 23:59:46 DB : phase2 resend event scheduled ( ref count = 2 )
10/04/13 23:59:46 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 300 bytes )
10/04/13 23:59:46 DB : phase1 found
10/04/13 23:59:46 ii : processing phase2 packet ( 300 bytes )
10/04/13 23:59:46 DB : phase2 found
10/04/13 23:59:46 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:46 =< : message 03a86ec0
10/04/13 23:59:46 =< : decrypt iv ( 8 bytes )
10/04/13 23:59:46 == : decrypt packet ( 300 bytes )
10/04/13 23:59:46 <= : trimmed packet padding ( 8 bytes )
10/04/13 23:59:46 <= : stored iv ( 8 bytes )
10/04/13 23:59:46 << : hash payload
10/04/13 23:59:46 << : security association payload
10/04/13 23:59:46 << : - propsal #1 payload
10/04/13 23:59:46 << : -- transform #1 payload
10/04/13 23:59:46 << : nonce payload
10/04/13 23:59:46 << : key exchange payload
10/04/13 23:59:46 << : identification payload
10/04/13 23:59:46 << : identification payload
10/04/13 23:59:46 == : phase2 hash_r ( input ) ( 264 bytes )
10/04/13 23:59:46 == : phase2 hash_r ( computed ) ( 20 bytes )
10/04/13 23:59:46 == : phase2 hash_r ( received ) ( 20 bytes )
10/04/13 23:59:46 ii : matched ipsec-esp proposal #1 transform #1
10/04/13 23:59:46 ii : - transform = esp-3des
10/04/13 23:59:46 ii : - key length = default
10/04/13 23:59:46 ii : - encap mode = udp-tunnel ( draft )
10/04/13 23:59:46 ii : - msg auth = hmac-sha
10/04/13 23:59:46 ii : - pfs dh group = modp-1024
10/04/13 23:59:46 ii : - life seconds = 3600
10/04/13 23:59:46 ii : - life kbytes = 0
10/04/13 23:59:46 DB : policy found
10/04/13 23:59:46 K> : send pfkey GETSPI ESP message
10/04/13 23:59:46 ii : phase2 ids accepted
10/04/13 23:59:46 ii : - loc ANY:172.16.19.9:* -> ANY:172.16.0.0/12:*
10/04/13 23:59:46 ii : - rmt ANY:172.16.0.0/12:* -> ANY:172.16.19.9:*
10/04/13 23:59:46 ii : phase2 sa established
10/04/13 23:59:46 ii : 10.1.1.100:4500 <-> 200.200.200.200:4500
10/04/13 23:59:46 K< : recv pfkey GETSPI ESP message
10/04/13 23:59:46 DB : phase2 found
10/04/13 23:59:46 == : phase2 hash_p ( input ) ( 45 bytes )
10/04/13 23:59:46 == : phase2 hash_p ( computed ) ( 20 bytes )
10/04/13 23:59:46 >> : hash payload
10/04/13 23:59:46 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:46 >= : message 03a86ec0
10/04/13 23:59:46 >= : encrypt iv ( 8 bytes )
10/04/13 23:59:46 == : encrypt packet ( 52 bytes )
10/04/13 23:59:46 == : stored iv ( 8 bytes )
10/04/13 23:59:46 DB : phase2 resend event canceled ( ref count = 1 )
10/04/13 23:59:46 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 84 bytes )
10/04/13 23:59:46 == : PFS DH shared secret ( 128 bytes )
10/04/13 23:59:46 == : spi cipher key data ( 24 bytes )
10/04/13 23:59:46 == : spi hmac key data ( 20 bytes )
10/04/13 23:59:46 K> : send pfkey UPDATE ESP message
10/04/13 23:59:46 == : spi cipher key data ( 24 bytes )
10/04/13 23:59:46 == : spi hmac key data ( 20 bytes )
10/04/13 23:59:46 K> : send pfkey UPDATE ESP message
10/04/13 23:59:46 K< : recv pfkey UPDATE ESP message
10/04/13 23:59:46 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:59:46 DB : phase1 found
10/04/13 23:59:46 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:59:46 DB : phase2 found
10/04/13 23:59:46 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:59:46 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:59:46 K< : recv pfkey UPDATE ESP message
10/04/13 23:59:46 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:59:46 DB : phase1 found
10/04/13 23:59:46 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:59:46 DB : phase2 found
10/04/13 23:59:46 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:59:46 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:59:46 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:59:46 DB : phase1 found
10/04/13 23:59:46 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:59:46 DB : phase2 found
10/04/13 23:59:46 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:59:46 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:59:46 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/13 23:59:46 DB : phase1 found
10/04/13 23:59:46 ii : processing phase2 packet ( 76 bytes )
10/04/13 23:59:46 DB : phase2 found
10/04/13 23:59:46 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/13 23:59:46 ii : resend limit exceeded for phase2 exchange
10/04/13 23:59:46 DB : phase2 soft event canceled ( ref count = 2 )
10/04/13 23:59:46 DB : phase2 hard event canceled ( ref count = 1 )
10/04/13 23:59:46 DB : phase1 found
10/04/13 23:59:46 ii : sending peer DELETE message
10/04/13 23:59:46 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/13 23:59:46 ii : - ipsec-esp spi = 0x640a535f
10/04/13 23:59:46 ii : - data size 0
10/04/13 23:59:46 >> : hash payload
10/04/13 23:59:46 >> : delete payload
10/04/13 23:59:46 == : new informational hash ( 20 bytes )
10/04/13 23:59:46 == : new informational iv ( 8 bytes )
10/04/13 23:59:46 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:46 >= : message e88c9b39
10/04/13 23:59:46 >= : encrypt iv ( 8 bytes )
10/04/13 23:59:46 == : encrypt packet ( 68 bytes )
10/04/13 23:59:46 == : stored iv ( 8 bytes )
10/04/13 23:59:46 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 100 bytes )
10/04/13 23:59:46 K> : send pfkey DELETE ESP message
10/04/13 23:59:46 K> : send pfkey DELETE ESP message
10/04/13 23:59:46 ii : phase2 removal before expire time
10/04/13 23:59:46 DB : phase2 deleted ( obj count = 0 )
10/04/13 23:59:46 K< : recv pfkey DELETE ESP message
10/04/13 23:59:47 K< : recv pfkey DELETE ESP message
10/04/13 23:59:49 DB : phase1 found
10/04/13 23:59:49 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:59:54 DB : phase1 found
10/04/13 23:59:54 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/13 23:59:55 DB : phase1 found
10/04/13 23:59:55 ii : sending peer DPDV1-R-U-THERE notification
10/04/13 23:59:55 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/13 23:59:55 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:55 ii : - data size 4
10/04/13 23:59:55 >> : hash payload
10/04/13 23:59:55 >> : notification payload
10/04/13 23:59:55 == : new informational hash ( 20 bytes )
10/04/13 23:59:55 == : new informational iv ( 8 bytes )
10/04/13 23:59:55 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:55 >= : message 2bdf46ef
10/04/13 23:59:55 >= : encrypt iv ( 8 bytes )
10/04/13 23:59:55 == : encrypt packet ( 84 bytes )
10/04/13 23:59:55 == : stored iv ( 8 bytes )
10/04/13 23:59:55 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/13 23:59:55 ii : DPD ARE-YOU-THERE sequence 31881854 requested
10/04/13 23:59:55 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/13 23:59:55 DB : phase1 found
10/04/13 23:59:55 ii : processing informational packet ( 92 bytes )
10/04/13 23:59:55 == : new informational iv ( 8 bytes )
10/04/13 23:59:55 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:55 =< : message 63e56deb
10/04/13 23:59:55 =< : decrypt iv ( 8 bytes )
10/04/13 23:59:55 == : decrypt packet ( 92 bytes )
10/04/13 23:59:55 <= : trimmed packet padding ( 8 bytes )
10/04/13 23:59:55 <= : stored iv ( 8 bytes )
10/04/13 23:59:55 << : hash payload
10/04/13 23:59:55 << : notification payload
10/04/13 23:59:55 == : informational hash_i ( computed ) ( 20 bytes )
10/04/13 23:59:55 == : informational hash_c ( received ) ( 20 bytes )
10/04/13 23:59:55 ii : informational hash verified
10/04/13 23:59:55 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/13 23:59:55 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/13 23:59:55 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/13 23:59:55 ii : - data size 4
10/04/13 23:59:55 ii : DPD ARE-YOU-THERE-ACK sequence 31881854 accepted
10/04/13 23:59:55 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/13 23:59:59 DB : phase1 found
10/04/13 23:59:59 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:00:03 K< : recv pfkey ACQUIRE UNSPEC message
10/04/14 00:00:03 DB : policy found
10/04/14 00:00:03 DB : policy found
10/04/14 00:00:03 DB : tunnel found
10/04/14 00:00:03 DB : new phase2 ( IPSEC initiator )
10/04/14 00:00:03 DB : phase2 added ( obj count = 1 )
10/04/14 00:00:03 K> : send pfkey GETSPI ESP message
10/04/14 00:00:03 K< : recv pfkey GETSPI ESP message
10/04/14 00:00:03 DB : phase2 found
10/04/14 00:00:03 ii : updated spi for 1 ipsec-esp proposal
10/04/14 00:00:03 DB : phase1 found
10/04/14 00:00:03 >> : hash payload
10/04/14 00:00:03 >> : security association payload
10/04/14 00:00:03 >> : - proposal #1 payload
10/04/14 00:00:03 >> : -- transform #1 payload
10/04/14 00:00:03 >> : nonce payload
10/04/14 00:00:03 >> : key exchange payload
10/04/14 00:00:03 >> : identification payload
10/04/14 00:00:03 >> : identification payload
10/04/14 00:00:03 == : phase2 hash_i ( input ) ( 244 bytes )
10/04/14 00:00:03 == : phase2 hash_i ( computed ) ( 20 bytes )
10/04/14 00:00:03 == : new phase2 iv ( 8 bytes )
10/04/14 00:00:03 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:03 >= : message 800956cc
10/04/14 00:00:03 >= : encrypt iv ( 8 bytes )
10/04/14 00:00:03 == : encrypt packet ( 292 bytes )
10/04/14 00:00:03 == : stored iv ( 8 bytes )
10/04/14 00:00:03 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 324 bytes )
10/04/14 00:00:03 DB : phase2 resend event scheduled ( ref count = 2 )
10/04/14 00:00:04 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 300 bytes )
10/04/14 00:00:04 DB : phase1 found
10/04/14 00:00:04 ii : processing phase2 packet ( 300 bytes )
10/04/14 00:00:04 DB : phase2 found
10/04/14 00:00:04 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:04 =< : message 800956cc
10/04/14 00:00:04 =< : decrypt iv ( 8 bytes )
10/04/14 00:00:04 == : decrypt packet ( 300 bytes )
10/04/14 00:00:04 <= : trimmed packet padding ( 8 bytes )
10/04/14 00:00:04 <= : stored iv ( 8 bytes )
10/04/14 00:00:04 << : hash payload
10/04/14 00:00:04 << : security association payload
10/04/14 00:00:04 << : - propsal #1 payload
10/04/14 00:00:04 << : -- transform #1 payload
10/04/14 00:00:04 << : nonce payload
10/04/14 00:00:04 << : key exchange payload
10/04/14 00:00:04 << : identification payload
10/04/14 00:00:04 << : identification payload
10/04/14 00:00:04 == : phase2 hash_r ( input ) ( 264 bytes )
10/04/14 00:00:04 == : phase2 hash_r ( computed ) ( 20 bytes )
10/04/14 00:00:04 == : phase2 hash_r ( received ) ( 20 bytes )
10/04/14 00:00:04 ii : matched ipsec-esp proposal #1 transform #1
10/04/14 00:00:04 ii : - transform = esp-3des
10/04/14 00:00:04 ii : - key length = default
10/04/14 00:00:04 ii : - encap mode = udp-tunnel ( draft )
10/04/14 00:00:04 ii : - msg auth = hmac-sha
10/04/14 00:00:04 ii : - pfs dh group = modp-1024
10/04/14 00:00:04 ii : - life seconds = 3600
10/04/14 00:00:04 ii : - life kbytes = 0
10/04/14 00:00:04 DB : policy found
10/04/14 00:00:04 K> : send pfkey GETSPI ESP message
10/04/14 00:00:04 ii : phase2 ids accepted
10/04/14 00:00:04 ii : - loc ANY:172.16.19.9:* -> ANY:172.16.0.0/12:*
10/04/14 00:00:04 ii : - rmt ANY:172.16.0.0/12:* -> ANY:172.16.19.9:*
10/04/14 00:00:04 ii : phase2 sa established
10/04/14 00:00:04 ii : 10.1.1.100:4500 <-> 200.200.200.200:4500
10/04/14 00:00:04 K< : recv pfkey GETSPI ESP message
10/04/14 00:00:04 == : phase2 hash_p ( input ) ( 45 bytes )
10/04/14 00:00:04 DB : phase2 found
10/04/14 00:00:04 == : phase2 hash_p ( computed ) ( 20 bytes )
10/04/14 00:00:04 >> : hash payload
10/04/14 00:00:04 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:04 >= : message 800956cc
10/04/14 00:00:04 >= : encrypt iv ( 8 bytes )
10/04/14 00:00:04 == : encrypt packet ( 52 bytes )
10/04/14 00:00:04 == : stored iv ( 8 bytes )
10/04/14 00:00:04 DB : phase2 resend event canceled ( ref count = 1 )
10/04/14 00:00:04 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 84 bytes )
10/04/14 00:00:04 == : PFS DH shared secret ( 128 bytes )
10/04/14 00:00:04 == : spi cipher key data ( 24 bytes )
10/04/14 00:00:04 == : spi hmac key data ( 20 bytes )
10/04/14 00:00:04 K> : send pfkey UPDATE ESP message
10/04/14 00:00:04 == : spi cipher key data ( 24 bytes )
10/04/14 00:00:04 == : spi hmac key data ( 20 bytes )
10/04/14 00:00:04 K> : send pfkey UPDATE ESP message
10/04/14 00:00:04 K< : recv pfkey UPDATE ESP message
10/04/14 00:00:04 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/14 00:00:04 DB : phase1 found
10/04/14 00:00:04 ii : processing phase2 packet ( 76 bytes )
10/04/14 00:00:04 DB : phase2 found
10/04/14 00:00:04 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/14 00:00:04 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:00:04 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/14 00:00:04 DB : phase1 found
10/04/14 00:00:04 ii : processing phase2 packet ( 76 bytes )
10/04/14 00:00:04 DB : phase2 found
10/04/14 00:00:04 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/14 00:00:04 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:00:04 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/14 00:00:04 DB : phase1 found
10/04/14 00:00:04 ii : processing phase2 packet ( 76 bytes )
10/04/14 00:00:04 DB : phase2 found
10/04/14 00:00:04 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/14 00:00:04 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:00:04 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/14 00:00:04 DB : phase1 found
10/04/14 00:00:04 ii : processing phase2 packet ( 76 bytes )
10/04/14 00:00:04 DB : phase2 found
10/04/14 00:00:04 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/14 00:00:04 ii : resend limit exceeded for phase2 exchange
10/04/14 00:00:04 DB : phase2 soft event canceled ( ref count = 2 )
10/04/14 00:00:04 DB : phase2 hard event canceled ( ref count = 1 )
10/04/14 00:00:04 DB : phase1 found
10/04/14 00:00:04 ii : sending peer DELETE message
10/04/14 00:00:04 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/14 00:00:04 ii : - ipsec-esp spi = 0x9874f8e2
10/04/14 00:00:04 ii : - data size 0
10/04/14 00:00:04 >> : hash payload
10/04/14 00:00:04 >> : delete payload
10/04/14 00:00:04 == : new informational hash ( 20 bytes )
10/04/14 00:00:04 == : new informational iv ( 8 bytes )
10/04/14 00:00:04 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:04 >= : message 95e0ce28
10/04/14 00:00:04 >= : encrypt iv ( 8 bytes )
10/04/14 00:00:04 == : encrypt packet ( 68 bytes )
10/04/14 00:00:04 == : stored iv ( 8 bytes )
10/04/14 00:00:04 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 100 bytes )
10/04/14 00:00:04 K> : send pfkey DELETE ESP message
10/04/14 00:00:04 K> : send pfkey DELETE ESP message
10/04/14 00:00:04 ii : phase2 removal before expire time
10/04/14 00:00:04 DB : phase2 deleted ( obj count = 0 )
10/04/14 00:00:04 K< : recv pfkey UPDATE ESP message
10/04/14 00:00:04 K< : recv pfkey DELETE ESP message
10/04/14 00:00:04 DB : phase1 found
10/04/14 00:00:04 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:00:04 K< : recv pfkey DELETE ESP message
10/04/14 00:00:09 DB : phase1 found
10/04/14 00:00:09 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:00:10 DB : phase1 found
10/04/14 00:00:10 ii : sending peer DPDV1-R-U-THERE notification
10/04/14 00:00:10 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/14 00:00:10 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:10 ii : - data size 4
10/04/14 00:00:10 >> : hash payload
10/04/14 00:00:10 >> : notification payload
10/04/14 00:00:10 == : new informational hash ( 20 bytes )
10/04/14 00:00:10 == : new informational iv ( 8 bytes )
10/04/14 00:00:10 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:10 >= : message 186530cf
10/04/14 00:00:10 >= : encrypt iv ( 8 bytes )
10/04/14 00:00:10 == : encrypt packet ( 84 bytes )
10/04/14 00:00:10 == : stored iv ( 8 bytes )
10/04/14 00:00:10 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/14 00:00:10 ii : DPD ARE-YOU-THERE sequence 31881855 requested
10/04/14 00:00:10 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/14 00:00:10 DB : phase1 found
10/04/14 00:00:10 ii : processing informational packet ( 92 bytes )
10/04/14 00:00:10 == : new informational iv ( 8 bytes )
10/04/14 00:00:10 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:10 =< : message 49edf6b2
10/04/14 00:00:10 =< : decrypt iv ( 8 bytes )
10/04/14 00:00:10 == : decrypt packet ( 92 bytes )
10/04/14 00:00:10 <= : trimmed packet padding ( 8 bytes )
10/04/14 00:00:10 <= : stored iv ( 8 bytes )
10/04/14 00:00:10 << : hash payload
10/04/14 00:00:10 << : notification payload
10/04/14 00:00:10 == : informational hash_i ( computed ) ( 20 bytes )
10/04/14 00:00:10 == : informational hash_c ( received ) ( 20 bytes )
10/04/14 00:00:10 ii : informational hash verified
10/04/14 00:00:10 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/14 00:00:10 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/14 00:00:10 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:10 ii : - data size 4
10/04/14 00:00:10 ii : DPD ARE-YOU-THERE-ACK sequence 31881855 accepted
10/04/14 00:00:10 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/14 00:00:14 DB : phase1 found
10/04/14 00:00:14 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:00:19 DB : phase1 found
10/04/14 00:00:19 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:00:20 K< : recv pfkey ACQUIRE UNSPEC message
10/04/14 00:00:20 DB : policy found
10/04/14 00:00:20 DB : policy found
10/04/14 00:00:20 DB : tunnel found
10/04/14 00:00:20 DB : new phase2 ( IPSEC initiator )
10/04/14 00:00:20 DB : phase2 added ( obj count = 1 )
10/04/14 00:00:20 K> : send pfkey GETSPI ESP message
10/04/14 00:00:20 K< : recv pfkey GETSPI ESP message
10/04/14 00:00:20 DB : phase2 found
10/04/14 00:00:20 ii : updated spi for 1 ipsec-esp proposal
10/04/14 00:00:20 DB : phase1 found
10/04/14 00:00:20 >> : hash payload
10/04/14 00:00:20 >> : security association payload
10/04/14 00:00:20 >> : - proposal #1 payload
10/04/14 00:00:20 >> : -- transform #1 payload
10/04/14 00:00:20 >> : nonce payload
10/04/14 00:00:20 >> : key exchange payload
10/04/14 00:00:20 >> : identification payload
10/04/14 00:00:20 >> : identification payload
10/04/14 00:00:20 == : phase2 hash_i ( input ) ( 244 bytes )
10/04/14 00:00:20 == : phase2 hash_i ( computed ) ( 20 bytes )
10/04/14 00:00:20 == : new phase2 iv ( 8 bytes )
10/04/14 00:00:20 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:20 >= : message 375e902a
10/04/14 00:00:20 >= : encrypt iv ( 8 bytes )
10/04/14 00:00:20 == : encrypt packet ( 292 bytes )
10/04/14 00:00:20 == : stored iv ( 8 bytes )
10/04/14 00:00:20 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 324 bytes )
10/04/14 00:00:20 DB : phase2 resend event scheduled ( ref count = 2 )
10/04/14 00:00:24 DB : phase1 found
10/04/14 00:00:24 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:00:25 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:00:25 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 300 bytes )
10/04/14 00:00:25 DB : phase1 found
10/04/14 00:00:25 ii : processing phase2 packet ( 300 bytes )
10/04/14 00:00:25 DB : phase2 found
10/04/14 00:00:25 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:25 =< : message 375e902a
10/04/14 00:00:25 =< : decrypt iv ( 8 bytes )
10/04/14 00:00:25 == : decrypt packet ( 300 bytes )
10/04/14 00:00:25 <= : trimmed packet padding ( 8 bytes )
10/04/14 00:00:25 <= : stored iv ( 8 bytes )
10/04/14 00:00:25 << : hash payload
10/04/14 00:00:25 << : security association payload
10/04/14 00:00:25 << : - propsal #1 payload
10/04/14 00:00:25 << : -- transform #1 payload
10/04/14 00:00:25 << : nonce payload
10/04/14 00:00:25 << : key exchange payload
10/04/14 00:00:25 << : identification payload
10/04/14 00:00:25 << : identification payload
10/04/14 00:00:25 == : phase2 hash_r ( input ) ( 264 bytes )
10/04/14 00:00:25 == : phase2 hash_r ( computed ) ( 20 bytes )
10/04/14 00:00:25 == : phase2 hash_r ( received ) ( 20 bytes )
10/04/14 00:00:25 ii : matched ipsec-esp proposal #1 transform #1
10/04/14 00:00:25 ii : - transform = esp-3des
10/04/14 00:00:25 ii : - key length = default
10/04/14 00:00:25 ii : - encap mode = udp-tunnel ( draft )
10/04/14 00:00:25 ii : - msg auth = hmac-sha
10/04/14 00:00:25 ii : - pfs dh group = modp-1024
10/04/14 00:00:25 ii : - life seconds = 3600
10/04/14 00:00:25 ii : - life kbytes = 0
10/04/14 00:00:25 DB : policy found
10/04/14 00:00:25 K> : send pfkey GETSPI ESP message
10/04/14 00:00:25 ii : phase2 ids accepted
10/04/14 00:00:25 ii : - loc ANY:172.16.19.9:* -> ANY:172.16.0.0/12:*
10/04/14 00:00:25 ii : - rmt ANY:172.16.0.0/12:* -> ANY:172.16.19.9:*
10/04/14 00:00:25 ii : phase2 sa established
10/04/14 00:00:25 ii : 10.1.1.100:4500 <-> 200.200.200.200:4500
10/04/14 00:00:25 == : phase2 hash_p ( input ) ( 45 bytes )
10/04/14 00:00:25 == : phase2 hash_p ( computed ) ( 20 bytes )
10/04/14 00:00:25 >> : hash payload
10/04/14 00:00:25 K< : recv pfkey GETSPI ESP message
10/04/14 00:00:25 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:25 DB : phase2 found
10/04/14 00:00:25 >= : message 375e902a
10/04/14 00:00:25 >= : encrypt iv ( 8 bytes )
10/04/14 00:00:25 == : encrypt packet ( 52 bytes )
10/04/14 00:00:25 == : stored iv ( 8 bytes )
10/04/14 00:00:25 DB : phase2 resend event canceled ( ref count = 1 )
10/04/14 00:00:25 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 84 bytes )
10/04/14 00:00:25 == : PFS DH shared secret ( 128 bytes )
10/04/14 00:00:25 == : spi cipher key data ( 24 bytes )
10/04/14 00:00:25 == : spi hmac key data ( 20 bytes )
10/04/14 00:00:25 K> : send pfkey UPDATE ESP message
10/04/14 00:00:25 == : spi cipher key data ( 24 bytes )
10/04/14 00:00:25 == : spi hmac key data ( 20 bytes )
10/04/14 00:00:25 K< : recv pfkey UPDATE ESP message
10/04/14 00:00:25 K> : send pfkey UPDATE ESP message
10/04/14 00:00:25 DB : phase1 found
10/04/14 00:00:25 ii : sending peer DPDV1-R-U-THERE notification
10/04/14 00:00:25 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/14 00:00:25 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:25 ii : - data size 4
10/04/14 00:00:25 >> : hash payload
10/04/14 00:00:25 >> : notification payload
10/04/14 00:00:25 == : new informational hash ( 20 bytes )
10/04/14 00:00:25 == : new informational iv ( 8 bytes )
10/04/14 00:00:25 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:25 >= : message 58f7b11d
10/04/14 00:00:25 >= : encrypt iv ( 8 bytes )
10/04/14 00:00:25 == : encrypt packet ( 84 bytes )
10/04/14 00:00:25 == : stored iv ( 8 bytes )
10/04/14 00:00:25 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/14 00:00:25 ii : DPD ARE-YOU-THERE sequence 31881856 requested
10/04/14 00:00:25 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/14 00:00:25 DB : phase1 found
10/04/14 00:00:25 ii : processing phase2 packet ( 76 bytes )
10/04/14 00:00:25 DB : phase2 found
10/04/14 00:00:25 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/14 00:00:25 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:00:25 K< : recv pfkey UPDATE ESP message
10/04/14 00:00:25 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/14 00:00:25 DB : phase1 found
10/04/14 00:00:25 ii : processing informational packet ( 92 bytes )
10/04/14 00:00:25 == : new informational iv ( 8 bytes )
10/04/14 00:00:25 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:25 =< : message 79854637
10/04/14 00:00:25 =< : decrypt iv ( 8 bytes )
10/04/14 00:00:25 == : decrypt packet ( 92 bytes )
10/04/14 00:00:25 <= : trimmed packet padding ( 8 bytes )
10/04/14 00:00:25 <= : stored iv ( 8 bytes )
10/04/14 00:00:25 << : hash payload
10/04/14 00:00:25 << : notification payload
10/04/14 00:00:25 == : informational hash_i ( computed ) ( 20 bytes )
10/04/14 00:00:25 == : informational hash_c ( received ) ( 20 bytes )
10/04/14 00:00:25 ii : informational hash verified
10/04/14 00:00:25 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/14 00:00:25 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/14 00:00:25 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:25 ii : - data size 4
10/04/14 00:00:25 ii : DPD ARE-YOU-THERE-ACK sequence 31881856 accepted
10/04/14 00:00:25 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/14 00:00:25 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/14 00:00:25 DB : phase1 found
10/04/14 00:00:25 ii : processing phase2 packet ( 76 bytes )
10/04/14 00:00:25 DB : phase2 found
10/04/14 00:00:25 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/14 00:00:25 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:00:25 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/14 00:00:25 DB : phase1 found
10/04/14 00:00:25 ii : processing phase2 packet ( 76 bytes )
10/04/14 00:00:25 DB : phase2 found
10/04/14 00:00:25 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/14 00:00:25 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:00:26 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/14 00:00:26 DB : phase1 found
10/04/14 00:00:26 ii : processing phase2 packet ( 76 bytes )
10/04/14 00:00:26 DB : phase2 found
10/04/14 00:00:26 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/14 00:00:26 ii : resend limit exceeded for phase2 exchange
10/04/14 00:00:26 DB : phase2 soft event canceled ( ref count = 2 )
10/04/14 00:00:26 DB : phase2 hard event canceled ( ref count = 1 )
10/04/14 00:00:26 DB : phase1 found
10/04/14 00:00:26 ii : sending peer DELETE message
10/04/14 00:00:26 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/14 00:00:26 ii : - ipsec-esp spi = 0x9445a5d8
10/04/14 00:00:26 ii : - data size 0
10/04/14 00:00:26 >> : hash payload
10/04/14 00:00:26 >> : delete payload
10/04/14 00:00:26 == : new informational hash ( 20 bytes )
10/04/14 00:00:26 == : new informational iv ( 8 bytes )
10/04/14 00:00:26 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:26 >= : message 5ebce9c6
10/04/14 00:00:26 >= : encrypt iv ( 8 bytes )
10/04/14 00:00:26 == : encrypt packet ( 68 bytes )
10/04/14 00:00:26 == : stored iv ( 8 bytes )
10/04/14 00:00:26 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 100 bytes )
10/04/14 00:00:26 K> : send pfkey DELETE ESP message
10/04/14 00:00:26 K> : send pfkey DELETE ESP message
10/04/14 00:00:26 ii : phase2 removal before expire time
10/04/14 00:00:26 DB : phase2 deleted ( obj count = 0 )
10/04/14 00:00:26 K< : recv pfkey DELETE ESP message
10/04/14 00:00:26 K< : recv pfkey DELETE ESP message
10/04/14 00:00:29 DB : phase1 found
10/04/14 00:00:29 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:00:34 DB : phase1 found
10/04/14 00:00:34 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:00:37 K< : recv pfkey ACQUIRE UNSPEC message
10/04/14 00:00:37 DB : policy found
10/04/14 00:00:37 DB : policy found
10/04/14 00:00:37 DB : tunnel found
10/04/14 00:00:37 DB : new phase2 ( IPSEC initiator )
10/04/14 00:00:37 DB : phase2 added ( obj count = 1 )
10/04/14 00:00:37 K> : send pfkey GETSPI ESP message
10/04/14 00:00:37 K< : recv pfkey GETSPI ESP message
10/04/14 00:00:37 DB : phase2 found
10/04/14 00:00:37 ii : updated spi for 1 ipsec-esp proposal
10/04/14 00:00:37 DB : phase1 found
10/04/14 00:00:37 >> : hash payload
10/04/14 00:00:37 >> : security association payload
10/04/14 00:00:37 >> : - proposal #1 payload
10/04/14 00:00:37 >> : -- transform #1 payload
10/04/14 00:00:37 >> : nonce payload
10/04/14 00:00:37 >> : key exchange payload
10/04/14 00:00:37 >> : identification payload
10/04/14 00:00:37 >> : identification payload
10/04/14 00:00:37 == : phase2 hash_i ( input ) ( 244 bytes )
10/04/14 00:00:37 == : phase2 hash_i ( computed ) ( 20 bytes )
10/04/14 00:00:37 == : new phase2 iv ( 8 bytes )
10/04/14 00:00:37 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:37 >= : message 1274f6a0
10/04/14 00:00:37 >= : encrypt iv ( 8 bytes )
10/04/14 00:00:37 == : encrypt packet ( 292 bytes )
10/04/14 00:00:37 == : stored iv ( 8 bytes )
10/04/14 00:00:37 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 324 bytes )
10/04/14 00:00:37 DB : phase2 resend event scheduled ( ref count = 2 )
10/04/14 00:00:37 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 300 bytes )
10/04/14 00:00:37 DB : phase1 found
10/04/14 00:00:37 ii : processing phase2 packet ( 300 bytes )
10/04/14 00:00:37 DB : phase2 found
10/04/14 00:00:37 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:37 =< : message 1274f6a0
10/04/14 00:00:37 =< : decrypt iv ( 8 bytes )
10/04/14 00:00:37 == : decrypt packet ( 300 bytes )
10/04/14 00:00:37 <= : trimmed packet padding ( 8 bytes )
10/04/14 00:00:37 <= : stored iv ( 8 bytes )
10/04/14 00:00:37 << : hash payload
10/04/14 00:00:37 << : security association payload
10/04/14 00:00:37 << : - propsal #1 payload
10/04/14 00:00:37 << : -- transform #1 payload
10/04/14 00:00:37 << : nonce payload
10/04/14 00:00:37 << : key exchange payload
10/04/14 00:00:37 << : identification payload
10/04/14 00:00:37 << : identification payload
10/04/14 00:00:37 == : phase2 hash_r ( input ) ( 264 bytes )
10/04/14 00:00:37 == : phase2 hash_r ( computed ) ( 20 bytes )
10/04/14 00:00:37 == : phase2 hash_r ( received ) ( 20 bytes )
10/04/14 00:00:37 ii : matched ipsec-esp proposal #1 transform #1
10/04/14 00:00:37 ii : - transform = esp-3des
10/04/14 00:00:37 ii : - key length = default
10/04/14 00:00:37 ii : - encap mode = udp-tunnel ( draft )
10/04/14 00:00:37 ii : - msg auth = hmac-sha
10/04/14 00:00:37 ii : - pfs dh group = modp-1024
10/04/14 00:00:37 ii : - life seconds = 3600
10/04/14 00:00:37 ii : - life kbytes = 0
10/04/14 00:00:37 DB : policy found
10/04/14 00:00:37 K> : send pfkey GETSPI ESP message
10/04/14 00:00:37 ii : phase2 ids accepted
10/04/14 00:00:37 ii : - loc ANY:172.16.19.9:* -> ANY:172.16.0.0/12:*
10/04/14 00:00:37 ii : - rmt ANY:172.16.0.0/12:* -> ANY:172.16.19.9:*
10/04/14 00:00:37 ii : phase2 sa established
10/04/14 00:00:37 ii : 10.1.1.100:4500 <-> 200.200.200.200:4500
10/04/14 00:00:37 K< : recv pfkey GETSPI ESP message
10/04/14 00:00:37 == : phase2 hash_p ( input ) ( 45 bytes )
10/04/14 00:00:37 DB : phase2 found
10/04/14 00:00:37 == : phase2 hash_p ( computed ) ( 20 bytes )
10/04/14 00:00:37 >> : hash payload
10/04/14 00:00:37 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:37 >= : message 1274f6a0
10/04/14 00:00:37 >= : encrypt iv ( 8 bytes )
10/04/14 00:00:37 == : encrypt packet ( 52 bytes )
10/04/14 00:00:37 == : stored iv ( 8 bytes )
10/04/14 00:00:37 DB : phase2 resend event canceled ( ref count = 1 )
10/04/14 00:00:37 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 84 bytes )
10/04/14 00:00:38 == : PFS DH shared secret ( 128 bytes )
10/04/14 00:00:38 == : spi cipher key data ( 24 bytes )
10/04/14 00:00:38 == : spi hmac key data ( 20 bytes )
10/04/14 00:00:38 K> : send pfkey UPDATE ESP message
10/04/14 00:00:38 == : spi cipher key data ( 24 bytes )
10/04/14 00:00:38 == : spi hmac key data ( 20 bytes )
10/04/14 00:00:38 K> : send pfkey UPDATE ESP message
10/04/14 00:00:38 K< : recv pfkey UPDATE ESP message
10/04/14 00:00:38 K< : recv pfkey UPDATE ESP message
10/04/14 00:00:38 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/14 00:00:38 DB : phase1 found
10/04/14 00:00:38 ii : processing phase2 packet ( 76 bytes )
10/04/14 00:00:38 DB : phase2 found
10/04/14 00:00:38 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/14 00:00:38 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:00:38 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/14 00:00:38 DB : phase1 found
10/04/14 00:00:38 ii : processing phase2 packet ( 76 bytes )
10/04/14 00:00:38 DB : phase2 found
10/04/14 00:00:38 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/14 00:00:38 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:00:38 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/14 00:00:38 DB : phase1 found
10/04/14 00:00:38 ii : processing phase2 packet ( 76 bytes )
10/04/14 00:00:38 DB : phase2 found
10/04/14 00:00:38 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/14 00:00:38 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:00:38 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/14 00:00:38 DB : phase1 found
10/04/14 00:00:38 ii : processing phase2 packet ( 76 bytes )
10/04/14 00:00:38 DB : phase2 found
10/04/14 00:00:38 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/14 00:00:38 ii : resend limit exceeded for phase2 exchange
10/04/14 00:00:38 DB : phase2 soft event canceled ( ref count = 2 )
10/04/14 00:00:38 DB : phase2 hard event canceled ( ref count = 1 )
10/04/14 00:00:38 DB : phase1 found
10/04/14 00:00:38 ii : sending peer DELETE message
10/04/14 00:00:38 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/14 00:00:38 ii : - ipsec-esp spi = 0x761b3973
10/04/14 00:00:38 ii : - data size 0
10/04/14 00:00:38 >> : hash payload
10/04/14 00:00:38 >> : delete payload
10/04/14 00:00:38 == : new informational hash ( 20 bytes )
10/04/14 00:00:38 == : new informational iv ( 8 bytes )
10/04/14 00:00:38 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:38 >= : message ae6a2418
10/04/14 00:00:38 >= : encrypt iv ( 8 bytes )
10/04/14 00:00:38 == : encrypt packet ( 68 bytes )
10/04/14 00:00:38 == : stored iv ( 8 bytes )
10/04/14 00:00:38 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 100 bytes )
10/04/14 00:00:38 K> : send pfkey DELETE ESP message
10/04/14 00:00:38 K> : send pfkey DELETE ESP message
10/04/14 00:00:38 ii : phase2 removal before expire time
10/04/14 00:00:38 DB : phase2 deleted ( obj count = 0 )
10/04/14 00:00:38 K< : recv pfkey DELETE ESP message
10/04/14 00:00:38 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/14 00:00:38 DB : phase1 found
10/04/14 00:00:38 ii : processing informational packet ( 76 bytes )
10/04/14 00:00:38 == : new informational iv ( 8 bytes )
10/04/14 00:00:38 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:38 =< : message 804283e0
10/04/14 00:00:38 =< : decrypt iv ( 8 bytes )
10/04/14 00:00:38 == : decrypt packet ( 76 bytes )
10/04/14 00:00:38 <= : trimmed packet padding ( 8 bytes )
10/04/14 00:00:38 <= : stored iv ( 8 bytes )
10/04/14 00:00:38 << : hash payload
10/04/14 00:00:38 << : delete payload
10/04/14 00:00:38 == : informational hash_i ( computed ) ( 20 bytes )
10/04/14 00:00:38 == : informational hash_c ( received ) ( 20 bytes )
10/04/14 00:00:38 ii : informational hash verified
10/04/14 00:00:38 ii : received peer DELETE message
10/04/14 00:00:38 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/14 00:00:38 ii : - ipsec-esp spi = 0x15eb66a9
10/04/14 00:00:38 DB : phase2 not found
10/04/14 00:00:38 K< : recv pfkey DELETE ESP message
10/04/14 00:00:39 DB : phase1 found
10/04/14 00:00:39 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:00:40 DB : phase1 found
10/04/14 00:00:40 ii : sending peer DPDV1-R-U-THERE notification
10/04/14 00:00:40 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/14 00:00:40 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:40 ii : - data size 4
10/04/14 00:00:40 >> : hash payload
10/04/14 00:00:40 >> : notification payload
10/04/14 00:00:40 == : new informational hash ( 20 bytes )
10/04/14 00:00:40 == : new informational iv ( 8 bytes )
10/04/14 00:00:40 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:40 >= : message 45dab4ae
10/04/14 00:00:40 >= : encrypt iv ( 8 bytes )
10/04/14 00:00:40 == : encrypt packet ( 84 bytes )
10/04/14 00:00:40 == : stored iv ( 8 bytes )
10/04/14 00:00:40 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/14 00:00:40 ii : DPD ARE-YOU-THERE sequence 31881857 requested
10/04/14 00:00:40 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/14 00:00:40 DB : phase1 found
10/04/14 00:00:40 ii : processing informational packet ( 92 bytes )
10/04/14 00:00:40 == : new informational iv ( 8 bytes )
10/04/14 00:00:40 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:40 =< : message dc1317b1
10/04/14 00:00:40 =< : decrypt iv ( 8 bytes )
10/04/14 00:00:40 == : decrypt packet ( 92 bytes )
10/04/14 00:00:40 <= : trimmed packet padding ( 8 bytes )
10/04/14 00:00:40 <= : stored iv ( 8 bytes )
10/04/14 00:00:40 << : hash payload
10/04/14 00:00:40 << : notification payload
10/04/14 00:00:40 == : informational hash_i ( computed ) ( 20 bytes )
10/04/14 00:00:40 == : informational hash_c ( received ) ( 20 bytes )
10/04/14 00:00:40 ii : informational hash verified
10/04/14 00:00:40 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/14 00:00:40 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/14 00:00:40 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:40 ii : - data size 4
10/04/14 00:00:40 ii : DPD ARE-YOU-THERE-ACK sequence 31881857 accepted
10/04/14 00:00:40 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/14 00:00:44 DB : phase1 found
10/04/14 00:00:44 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:00:49 DB : phase1 found
10/04/14 00:00:49 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:00:54 DB : phase1 found
10/04/14 00:00:54 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:00:55 K< : recv pfkey ACQUIRE UNSPEC message
10/04/14 00:00:55 DB : policy found
10/04/14 00:00:55 DB : policy found
10/04/14 00:00:55 DB : tunnel found
10/04/14 00:00:55 DB : new phase2 ( IPSEC initiator )
10/04/14 00:00:55 DB : phase2 added ( obj count = 1 )
10/04/14 00:00:55 K> : send pfkey GETSPI ESP message
10/04/14 00:00:55 K< : recv pfkey GETSPI ESP message
10/04/14 00:00:55 DB : phase2 found
10/04/14 00:00:55 ii : updated spi for 1 ipsec-esp proposal
10/04/14 00:00:55 DB : phase1 found
10/04/14 00:00:55 >> : hash payload
10/04/14 00:00:55 >> : security association payload
10/04/14 00:00:55 >> : - proposal #1 payload
10/04/14 00:00:55 >> : -- transform #1 payload
10/04/14 00:00:55 >> : nonce payload
10/04/14 00:00:55 >> : key exchange payload
10/04/14 00:00:55 >> : identification payload
10/04/14 00:00:55 >> : identification payload
10/04/14 00:00:55 == : phase2 hash_i ( input ) ( 244 bytes )
10/04/14 00:00:55 == : phase2 hash_i ( computed ) ( 20 bytes )
10/04/14 00:00:55 == : new phase2 iv ( 8 bytes )
10/04/14 00:00:55 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:55 >= : message 0185e4d4
10/04/14 00:00:55 >= : encrypt iv ( 8 bytes )
10/04/14 00:00:55 == : encrypt packet ( 292 bytes )
10/04/14 00:00:55 == : stored iv ( 8 bytes )
10/04/14 00:00:55 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 324 bytes )
10/04/14 00:00:55 DB : phase2 resend event scheduled ( ref count = 2 )
10/04/14 00:00:55 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 300 bytes )
10/04/14 00:00:55 DB : phase1 found
10/04/14 00:00:55 ii : processing phase2 packet ( 300 bytes )
10/04/14 00:00:55 DB : phase2 found
10/04/14 00:00:55 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:55 =< : message 0185e4d4
10/04/14 00:00:55 =< : decrypt iv ( 8 bytes )
10/04/14 00:00:55 == : decrypt packet ( 300 bytes )
10/04/14 00:00:55 <= : trimmed packet padding ( 8 bytes )
10/04/14 00:00:55 <= : stored iv ( 8 bytes )
10/04/14 00:00:55 << : hash payload
10/04/14 00:00:55 << : security association payload
10/04/14 00:00:55 << : - propsal #1 payload
10/04/14 00:00:55 << : -- transform #1 payload
10/04/14 00:00:55 << : nonce payload
10/04/14 00:00:55 << : key exchange payload
10/04/14 00:00:55 << : identification payload
10/04/14 00:00:55 << : identification payload
10/04/14 00:00:55 == : phase2 hash_r ( input ) ( 264 bytes )
10/04/14 00:00:55 == : phase2 hash_r ( computed ) ( 20 bytes )
10/04/14 00:00:55 == : phase2 hash_r ( received ) ( 20 bytes )
10/04/14 00:00:55 ii : matched ipsec-esp proposal #1 transform #1
10/04/14 00:00:55 ii : - transform = esp-3des
10/04/14 00:00:55 ii : - key length = default
10/04/14 00:00:55 ii : - encap mode = udp-tunnel ( draft )
10/04/14 00:00:55 ii : - msg auth = hmac-sha
10/04/14 00:00:55 ii : - pfs dh group = modp-1024
10/04/14 00:00:55 ii : - life seconds = 3600
10/04/14 00:00:55 ii : - life kbytes = 0
10/04/14 00:00:55 DB : policy found
10/04/14 00:00:55 K> : send pfkey GETSPI ESP message
10/04/14 00:00:55 ii : phase2 ids accepted
10/04/14 00:00:55 ii : - loc ANY:172.16.19.9:* -> ANY:172.16.0.0/12:*
10/04/14 00:00:55 ii : - rmt ANY:172.16.0.0/12:* -> ANY:172.16.19.9:*
10/04/14 00:00:55 K< : recv pfkey GETSPI ESP message
10/04/14 00:00:55 DB : phase2 found
10/04/14 00:00:55 ii : phase2 sa established
10/04/14 00:00:55 ii : 10.1.1.100:4500 <-> 200.200.200.200:4500
10/04/14 00:00:55 == : phase2 hash_p ( input ) ( 45 bytes )
10/04/14 00:00:55 == : phase2 hash_p ( computed ) ( 20 bytes )
10/04/14 00:00:55 >> : hash payload
10/04/14 00:00:55 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:55 >= : message 0185e4d4
10/04/14 00:00:55 >= : encrypt iv ( 8 bytes )
10/04/14 00:00:55 == : encrypt packet ( 52 bytes )
10/04/14 00:00:55 == : stored iv ( 8 bytes )
10/04/14 00:00:55 DB : phase2 resend event canceled ( ref count = 1 )
10/04/14 00:00:55 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 84 bytes )
10/04/14 00:00:55 == : PFS DH shared secret ( 128 bytes )
10/04/14 00:00:55 == : spi cipher key data ( 24 bytes )
10/04/14 00:00:55 == : spi hmac key data ( 20 bytes )
10/04/14 00:00:55 K> : send pfkey UPDATE ESP message
10/04/14 00:00:55 == : spi cipher key data ( 24 bytes )
10/04/14 00:00:55 == : spi hmac key data ( 20 bytes )
10/04/14 00:00:55 K> : send pfkey UPDATE ESP message
10/04/14 00:00:55 K< : recv pfkey UPDATE ESP message
10/04/14 00:00:55 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/14 00:00:55 DB : phase1 found
10/04/14 00:00:55 ii : processing phase2 packet ( 76 bytes )
10/04/14 00:00:55 DB : phase2 found
10/04/14 00:00:55 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/14 00:00:55 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:00:55 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/14 00:00:55 DB : phase1 found
10/04/14 00:00:55 ii : processing phase2 packet ( 76 bytes )
10/04/14 00:00:55 DB : phase2 found
10/04/14 00:00:55 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/14 00:00:55 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:00:55 K< : recv pfkey UPDATE ESP message
10/04/14 00:00:55 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/14 00:00:55 DB : phase1 found
10/04/14 00:00:55 ii : processing phase2 packet ( 76 bytes )
10/04/14 00:00:55 DB : phase2 found
10/04/14 00:00:55 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/14 00:00:55 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:00:55 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/14 00:00:55 DB : phase1 found
10/04/14 00:00:55 ii : processing phase2 packet ( 76 bytes )
10/04/14 00:00:55 DB : phase2 found
10/04/14 00:00:55 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/14 00:00:55 ii : resend limit exceeded for phase2 exchange
10/04/14 00:00:55 DB : phase2 soft event canceled ( ref count = 2 )
10/04/14 00:00:55 DB : phase2 hard event canceled ( ref count = 1 )
10/04/14 00:00:55 DB : phase1 found
10/04/14 00:00:55 ii : sending peer DELETE message
10/04/14 00:00:55 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/14 00:00:55 ii : - ipsec-esp spi = 0x9510ab43
10/04/14 00:00:55 ii : - data size 0
10/04/14 00:00:55 >> : hash payload
10/04/14 00:00:55 >> : delete payload
10/04/14 00:00:55 == : new informational hash ( 20 bytes )
10/04/14 00:00:55 == : new informational iv ( 8 bytes )
10/04/14 00:00:55 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:55 >= : message a1b79c16
10/04/14 00:00:55 >= : encrypt iv ( 8 bytes )
10/04/14 00:00:55 == : encrypt packet ( 68 bytes )
10/04/14 00:00:55 == : stored iv ( 8 bytes )
10/04/14 00:00:55 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 100 bytes )
10/04/14 00:00:55 K> : send pfkey DELETE ESP message
10/04/14 00:00:55 K> : send pfkey DELETE ESP message
10/04/14 00:00:55 ii : phase2 removal before expire time
10/04/14 00:00:55 DB : phase2 deleted ( obj count = 0 )
10/04/14 00:00:55 K< : recv pfkey DELETE ESP message
10/04/14 00:00:55 DB : phase1 found
10/04/14 00:00:55 ii : sending peer DPDV1-R-U-THERE notification
10/04/14 00:00:55 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/14 00:00:55 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:55 ii : - data size 4
10/04/14 00:00:55 >> : hash payload
10/04/14 00:00:55 >> : notification payload
10/04/14 00:00:55 == : new informational hash ( 20 bytes )
10/04/14 00:00:55 == : new informational iv ( 8 bytes )
10/04/14 00:00:55 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:55 >= : message 17549703
10/04/14 00:00:55 >= : encrypt iv ( 8 bytes )
10/04/14 00:00:55 == : encrypt packet ( 84 bytes )
10/04/14 00:00:55 == : stored iv ( 8 bytes )
10/04/14 00:00:55 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/14 00:00:55 ii : DPD ARE-YOU-THERE sequence 31881858 requested
10/04/14 00:00:55 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/14 00:00:55 DB : phase1 found
10/04/14 00:00:55 ii : processing informational packet ( 92 bytes )
10/04/14 00:00:55 == : new informational iv ( 8 bytes )
10/04/14 00:00:55 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:55 =< : message 5aebfd4e
10/04/14 00:00:55 =< : decrypt iv ( 8 bytes )
10/04/14 00:00:55 == : decrypt packet ( 92 bytes )
10/04/14 00:00:55 <= : trimmed packet padding ( 8 bytes )
10/04/14 00:00:55 <= : stored iv ( 8 bytes )
10/04/14 00:00:55 << : hash payload
10/04/14 00:00:55 << : notification payload
10/04/14 00:00:55 == : informational hash_i ( computed ) ( 20 bytes )
10/04/14 00:00:55 == : informational hash_c ( received ) ( 20 bytes )
10/04/14 00:00:55 ii : informational hash verified
10/04/14 00:00:55 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/14 00:00:55 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/14 00:00:55 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:00:55 ii : - data size 4
10/04/14 00:00:55 ii : DPD ARE-YOU-THERE-ACK sequence 31881858 accepted
10/04/14 00:00:55 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/14 00:00:55 K< : recv pfkey DELETE ESP message
10/04/14 00:00:59 DB : phase1 found
10/04/14 00:00:59 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:01:04 DB : phase1 found
10/04/14 00:01:04 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:01:09 DB : phase1 found
10/04/14 00:01:09 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:01:10 DB : phase1 found
10/04/14 00:01:10 ii : sending peer DPDV1-R-U-THERE notification
10/04/14 00:01:10 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/14 00:01:10 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:01:10 ii : - data size 4
10/04/14 00:01:10 >> : hash payload
10/04/14 00:01:10 >> : notification payload
10/04/14 00:01:10 == : new informational hash ( 20 bytes )
10/04/14 00:01:10 == : new informational iv ( 8 bytes )
10/04/14 00:01:10 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:01:10 >= : message 14a6da37
10/04/14 00:01:10 >= : encrypt iv ( 8 bytes )
10/04/14 00:01:10 == : encrypt packet ( 84 bytes )
10/04/14 00:01:10 == : stored iv ( 8 bytes )
10/04/14 00:01:10 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/14 00:01:10 ii : DPD ARE-YOU-THERE sequence 31881859 requested
10/04/14 00:01:10 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/14 00:01:10 DB : phase1 found
10/04/14 00:01:10 ii : processing informational packet ( 92 bytes )
10/04/14 00:01:10 == : new informational iv ( 8 bytes )
10/04/14 00:01:10 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:01:10 =< : message 1979ec8e
10/04/14 00:01:10 =< : decrypt iv ( 8 bytes )
10/04/14 00:01:10 == : decrypt packet ( 92 bytes )
10/04/14 00:01:10 <= : trimmed packet padding ( 8 bytes )
10/04/14 00:01:10 <= : stored iv ( 8 bytes )
10/04/14 00:01:10 << : hash payload
10/04/14 00:01:10 << : notification payload
10/04/14 00:01:10 == : informational hash_i ( computed ) ( 20 bytes )
10/04/14 00:01:10 == : informational hash_c ( received ) ( 20 bytes )
10/04/14 00:01:10 ii : informational hash verified
10/04/14 00:01:10 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/14 00:01:10 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/14 00:01:10 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:01:10 ii : - data size 4
10/04/14 00:01:10 ii : DPD ARE-YOU-THERE-ACK sequence 31881859 accepted
10/04/14 00:01:10 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/14 00:01:12 K< : recv pfkey ACQUIRE UNSPEC message
10/04/14 00:01:12 DB : policy found
10/04/14 00:01:12 DB : policy found
10/04/14 00:01:12 DB : tunnel found
10/04/14 00:01:12 DB : new phase2 ( IPSEC initiator )
10/04/14 00:01:12 DB : phase2 added ( obj count = 1 )
10/04/14 00:01:12 K> : send pfkey GETSPI ESP message
10/04/14 00:01:12 K< : recv pfkey GETSPI ESP message
10/04/14 00:01:12 DB : phase2 found
10/04/14 00:01:12 ii : updated spi for 1 ipsec-esp proposal
10/04/14 00:01:12 DB : phase1 found
10/04/14 00:01:12 >> : hash payload
10/04/14 00:01:12 >> : security association payload
10/04/14 00:01:12 >> : - proposal #1 payload
10/04/14 00:01:12 >> : -- transform #1 payload
10/04/14 00:01:12 >> : nonce payload
10/04/14 00:01:12 >> : key exchange payload
10/04/14 00:01:12 >> : identification payload
10/04/14 00:01:12 >> : identification payload
10/04/14 00:01:12 == : phase2 hash_i ( input ) ( 244 bytes )
10/04/14 00:01:12 == : phase2 hash_i ( computed ) ( 20 bytes )
10/04/14 00:01:12 == : new phase2 iv ( 8 bytes )
10/04/14 00:01:12 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:01:12 >= : message 2671c08b
10/04/14 00:01:12 >= : encrypt iv ( 8 bytes )
10/04/14 00:01:12 == : encrypt packet ( 292 bytes )
10/04/14 00:01:12 == : stored iv ( 8 bytes )
10/04/14 00:01:12 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 324 bytes )
10/04/14 00:01:12 DB : phase2 resend event scheduled ( ref count = 2 )
10/04/14 00:01:12 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 300 bytes )
10/04/14 00:01:12 DB : phase1 found
10/04/14 00:01:12 ii : processing phase2 packet ( 300 bytes )
10/04/14 00:01:12 DB : phase2 found
10/04/14 00:01:12 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:01:12 =< : message 2671c08b
10/04/14 00:01:12 =< : decrypt iv ( 8 bytes )
10/04/14 00:01:12 == : decrypt packet ( 300 bytes )
10/04/14 00:01:12 <= : trimmed packet padding ( 8 bytes )
10/04/14 00:01:12 <= : stored iv ( 8 bytes )
10/04/14 00:01:12 << : hash payload
10/04/14 00:01:12 << : security association payload
10/04/14 00:01:12 << : - propsal #1 payload
10/04/14 00:01:12 << : -- transform #1 payload
10/04/14 00:01:12 << : nonce payload
10/04/14 00:01:12 << : key exchange payload
10/04/14 00:01:12 << : identification payload
10/04/14 00:01:12 << : identification payload
10/04/14 00:01:12 == : phase2 hash_r ( input ) ( 264 bytes )
10/04/14 00:01:12 == : phase2 hash_r ( computed ) ( 20 bytes )
10/04/14 00:01:12 == : phase2 hash_r ( received ) ( 20 bytes )
10/04/14 00:01:12 ii : matched ipsec-esp proposal #1 transform #1
10/04/14 00:01:12 ii : - transform = esp-3des
10/04/14 00:01:12 ii : - key length = default
10/04/14 00:01:12 ii : - encap mode = udp-tunnel ( draft )
10/04/14 00:01:12 ii : - msg auth = hmac-sha
10/04/14 00:01:12 ii : - pfs dh group = modp-1024
10/04/14 00:01:12 ii : - life seconds = 3600
10/04/14 00:01:12 ii : - life kbytes = 0
10/04/14 00:01:12 DB : policy found
10/04/14 00:01:12 K> : send pfkey GETSPI ESP message
10/04/14 00:01:12 ii : phase2 ids accepted
10/04/14 00:01:12 ii : - loc ANY:172.16.19.9:* -> ANY:172.16.0.0/12:*
10/04/14 00:01:12 ii : - rmt ANY:172.16.0.0/12:* -> ANY:172.16.19.9:*
10/04/14 00:01:12 ii : phase2 sa established
10/04/14 00:01:12 ii : 10.1.1.100:4500 <-> 200.200.200.200:4500
10/04/14 00:01:12 K< : recv pfkey GETSPI ESP message
10/04/14 00:01:12 DB : phase2 found
10/04/14 00:01:12 == : phase2 hash_p ( input ) ( 45 bytes )
10/04/14 00:01:12 == : phase2 hash_p ( computed ) ( 20 bytes )
10/04/14 00:01:12 >> : hash payload
10/04/14 00:01:12 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:01:12 >= : message 2671c08b
10/04/14 00:01:12 >= : encrypt iv ( 8 bytes )
10/04/14 00:01:12 == : encrypt packet ( 52 bytes )
10/04/14 00:01:12 == : stored iv ( 8 bytes )
10/04/14 00:01:12 DB : phase2 resend event canceled ( ref count = 1 )
10/04/14 00:01:12 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 84 bytes )
10/04/14 00:01:13 == : PFS DH shared secret ( 128 bytes )
10/04/14 00:01:13 == : spi cipher key data ( 24 bytes )
10/04/14 00:01:13 == : spi hmac key data ( 20 bytes )
10/04/14 00:01:13 K> : send pfkey UPDATE ESP message
10/04/14 00:01:13 == : spi cipher key data ( 24 bytes )
10/04/14 00:01:13 == : spi hmac key data ( 20 bytes )
10/04/14 00:01:13 K< : recv pfkey UPDATE ESP message
10/04/14 00:01:13 K> : send pfkey UPDATE ESP message
10/04/14 00:01:13 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/14 00:01:13 DB : phase1 found
10/04/14 00:01:13 ii : processing phase2 packet ( 76 bytes )
10/04/14 00:01:13 DB : phase2 found
10/04/14 00:01:13 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/14 00:01:13 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:01:13 K< : recv pfkey UPDATE ESP message
10/04/14 00:01:13 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/14 00:01:13 DB : phase1 found
10/04/14 00:01:13 ii : processing phase2 packet ( 76 bytes )
10/04/14 00:01:13 DB : phase2 found
10/04/14 00:01:13 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/14 00:01:13 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:01:13 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/14 00:01:13 DB : phase1 found
10/04/14 00:01:13 ii : processing phase2 packet ( 76 bytes )
10/04/14 00:01:13 DB : phase2 found
10/04/14 00:01:13 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/14 00:01:13 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:01:13 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/14 00:01:13 DB : phase1 found
10/04/14 00:01:13 ii : processing phase2 packet ( 76 bytes )
10/04/14 00:01:13 DB : phase2 found
10/04/14 00:01:13 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/14 00:01:13 ii : resend limit exceeded for phase2 exchange
10/04/14 00:01:13 DB : phase2 soft event canceled ( ref count = 2 )
10/04/14 00:01:13 DB : phase2 hard event canceled ( ref count = 1 )
10/04/14 00:01:13 DB : phase1 found
10/04/14 00:01:13 ii : sending peer DELETE message
10/04/14 00:01:13 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/14 00:01:13 ii : - ipsec-esp spi = 0x2186733d
10/04/14 00:01:13 ii : - data size 0
10/04/14 00:01:13 >> : hash payload
10/04/14 00:01:13 >> : delete payload
10/04/14 00:01:13 == : new informational hash ( 20 bytes )
10/04/14 00:01:13 == : new informational iv ( 8 bytes )
10/04/14 00:01:13 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:01:13 >= : message 2ebc7019
10/04/14 00:01:13 >= : encrypt iv ( 8 bytes )
10/04/14 00:01:13 == : encrypt packet ( 68 bytes )
10/04/14 00:01:13 == : stored iv ( 8 bytes )
10/04/14 00:01:13 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 100 bytes )
10/04/14 00:01:13 K> : send pfkey DELETE ESP message
10/04/14 00:01:13 K> : send pfkey DELETE ESP message
10/04/14 00:01:13 ii : phase2 removal before expire time
10/04/14 00:01:13 DB : phase2 deleted ( obj count = 0 )
10/04/14 00:01:13 K< : recv pfkey DELETE ESP message
10/04/14 00:01:13 K< : recv pfkey DELETE ESP message
10/04/14 00:01:14 DB : phase1 found
10/04/14 00:01:14 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:01:19 DB : phase1 found
10/04/14 00:01:19 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:01:24 DB : phase1 found
10/04/14 00:01:24 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:01:25 DB : phase1 found
10/04/14 00:01:25 ii : sending peer DPDV1-R-U-THERE notification
10/04/14 00:01:25 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/14 00:01:25 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:01:25 ii : - data size 4
10/04/14 00:01:25 >> : hash payload
10/04/14 00:01:25 >> : notification payload
10/04/14 00:01:25 == : new informational hash ( 20 bytes )
10/04/14 00:01:25 == : new informational iv ( 8 bytes )
10/04/14 00:01:25 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:01:25 >= : message c4cf2425
10/04/14 00:01:25 >= : encrypt iv ( 8 bytes )
10/04/14 00:01:25 == : encrypt packet ( 84 bytes )
10/04/14 00:01:25 == : stored iv ( 8 bytes )
10/04/14 00:01:25 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/14 00:01:25 ii : DPD ARE-YOU-THERE sequence 3188185a requested
10/04/14 00:01:25 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/14 00:01:25 DB : phase1 found
10/04/14 00:01:25 ii : processing informational packet ( 92 bytes )
10/04/14 00:01:25 == : new informational iv ( 8 bytes )
10/04/14 00:01:25 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:01:25 =< : message 425df917
10/04/14 00:01:25 =< : decrypt iv ( 8 bytes )
10/04/14 00:01:25 == : decrypt packet ( 92 bytes )
10/04/14 00:01:25 <= : trimmed packet padding ( 8 bytes )
10/04/14 00:01:25 <= : stored iv ( 8 bytes )
10/04/14 00:01:25 << : hash payload
10/04/14 00:01:25 << : notification payload
10/04/14 00:01:25 == : informational hash_i ( computed ) ( 20 bytes )
10/04/14 00:01:25 == : informational hash_c ( received ) ( 20 bytes )
10/04/14 00:01:25 ii : informational hash verified
10/04/14 00:01:25 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/14 00:01:25 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/14 00:01:25 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:01:25 ii : - data size 4
10/04/14 00:01:25 ii : DPD ARE-YOU-THERE-ACK sequence 3188185a accepted
10/04/14 00:01:25 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/14 00:01:28 K< : recv pfkey ACQUIRE UNSPEC message
10/04/14 00:01:28 DB : policy found
10/04/14 00:01:28 DB : policy found
10/04/14 00:01:28 DB : tunnel found
10/04/14 00:01:28 DB : new phase2 ( IPSEC initiator )
10/04/14 00:01:28 DB : phase2 added ( obj count = 1 )
10/04/14 00:01:28 K> : send pfkey GETSPI ESP message
10/04/14 00:01:28 K< : recv pfkey GETSPI ESP message
10/04/14 00:01:28 DB : phase2 found
10/04/14 00:01:28 ii : updated spi for 1 ipsec-esp proposal
10/04/14 00:01:28 DB : phase1 found
10/04/14 00:01:28 >> : hash payload
10/04/14 00:01:28 >> : security association payload
10/04/14 00:01:28 >> : - proposal #1 payload
10/04/14 00:01:28 >> : -- transform #1 payload
10/04/14 00:01:28 >> : nonce payload
10/04/14 00:01:28 >> : key exchange payload
10/04/14 00:01:28 >> : identification payload
10/04/14 00:01:28 >> : identification payload
10/04/14 00:01:28 == : phase2 hash_i ( input ) ( 244 bytes )
10/04/14 00:01:28 == : phase2 hash_i ( computed ) ( 20 bytes )
10/04/14 00:01:28 == : new phase2 iv ( 8 bytes )
10/04/14 00:01:28 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:01:28 >= : message 8b5cc443
10/04/14 00:01:28 >= : encrypt iv ( 8 bytes )
10/04/14 00:01:28 == : encrypt packet ( 292 bytes )
10/04/14 00:01:28 == : stored iv ( 8 bytes )
10/04/14 00:01:28 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 324 bytes )
10/04/14 00:01:28 DB : phase2 resend event scheduled ( ref count = 2 )
10/04/14 00:01:29 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 300 bytes )
10/04/14 00:01:29 DB : phase1 found
10/04/14 00:01:29 ii : processing phase2 packet ( 300 bytes )
10/04/14 00:01:29 DB : phase2 found
10/04/14 00:01:29 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:01:29 =< : message 8b5cc443
10/04/14 00:01:29 =< : decrypt iv ( 8 bytes )
10/04/14 00:01:29 == : decrypt packet ( 300 bytes )
10/04/14 00:01:29 <= : trimmed packet padding ( 8 bytes )
10/04/14 00:01:29 <= : stored iv ( 8 bytes )
10/04/14 00:01:29 << : hash payload
10/04/14 00:01:29 << : security association payload
10/04/14 00:01:29 << : - propsal #1 payload
10/04/14 00:01:29 << : -- transform #1 payload
10/04/14 00:01:29 << : nonce payload
10/04/14 00:01:29 << : key exchange payload
10/04/14 00:01:29 << : identification payload
10/04/14 00:01:29 << : identification payload
10/04/14 00:01:29 == : phase2 hash_r ( input ) ( 264 bytes )
10/04/14 00:01:29 == : phase2 hash_r ( computed ) ( 20 bytes )
10/04/14 00:01:29 == : phase2 hash_r ( received ) ( 20 bytes )
10/04/14 00:01:29 ii : matched ipsec-esp proposal #1 transform #1
10/04/14 00:01:29 ii : - transform = esp-3des
10/04/14 00:01:29 ii : - key length = default
10/04/14 00:01:29 ii : - encap mode = udp-tunnel ( draft )
10/04/14 00:01:29 ii : - msg auth = hmac-sha
10/04/14 00:01:29 ii : - pfs dh group = modp-1024
10/04/14 00:01:29 ii : - life seconds = 3600
10/04/14 00:01:29 ii : - life kbytes = 0
10/04/14 00:01:29 DB : policy found
10/04/14 00:01:29 K> : send pfkey GETSPI ESP message
10/04/14 00:01:29 ii : phase2 ids accepted
10/04/14 00:01:29 ii : - loc ANY:172.16.19.9:* -> ANY:172.16.0.0/12:*
10/04/14 00:01:29 ii : - rmt ANY:172.16.0.0/12:* -> ANY:172.16.19.9:*
10/04/14 00:01:29 ii : phase2 sa established
10/04/14 00:01:29 ii : 10.1.1.100:4500 <-> 200.200.200.200:4500
10/04/14 00:01:29 K< : recv pfkey GETSPI ESP message
10/04/14 00:01:29 DB : phase2 found
10/04/14 00:01:29 == : phase2 hash_p ( input ) ( 45 bytes )
10/04/14 00:01:29 == : phase2 hash_p ( computed ) ( 20 bytes )
10/04/14 00:01:29 >> : hash payload
10/04/14 00:01:29 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:01:29 >= : message 8b5cc443
10/04/14 00:01:29 >= : encrypt iv ( 8 bytes )
10/04/14 00:01:29 == : encrypt packet ( 52 bytes )
10/04/14 00:01:29 == : stored iv ( 8 bytes )
10/04/14 00:01:29 DB : phase2 resend event canceled ( ref count = 1 )
10/04/14 00:01:29 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 84 bytes )
10/04/14 00:01:29 == : PFS DH shared secret ( 128 bytes )
10/04/14 00:01:29 == : spi cipher key data ( 24 bytes )
10/04/14 00:01:29 == : spi hmac key data ( 20 bytes )
10/04/14 00:01:29 K> : send pfkey UPDATE ESP message
10/04/14 00:01:29 == : spi cipher key data ( 24 bytes )
10/04/14 00:01:29 == : spi hmac key data ( 20 bytes )
10/04/14 00:01:29 K> : send pfkey UPDATE ESP message
10/04/14 00:01:29 K< : recv pfkey UPDATE ESP message
10/04/14 00:01:29 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/14 00:01:29 DB : phase1 found
10/04/14 00:01:29 ii : processing phase2 packet ( 76 bytes )
10/04/14 00:01:29 DB : phase2 found
10/04/14 00:01:29 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/14 00:01:29 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:01:29 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/14 00:01:29 DB : phase1 found
10/04/14 00:01:29 ii : processing phase2 packet ( 76 bytes )
10/04/14 00:01:29 DB : phase2 found
10/04/14 00:01:29 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/14 00:01:29 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:01:29 K< : recv pfkey UPDATE ESP message
10/04/14 00:01:29 DB : phase1 found
10/04/14 00:01:29 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:01:29 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/14 00:01:29 DB : phase1 found
10/04/14 00:01:29 ii : processing phase2 packet ( 76 bytes )
10/04/14 00:01:29 DB : phase2 found
10/04/14 00:01:29 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/14 00:01:29 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:01:29 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/14 00:01:29 DB : phase1 found
10/04/14 00:01:29 ii : processing phase2 packet ( 76 bytes )
10/04/14 00:01:29 DB : phase2 found
10/04/14 00:01:29 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/14 00:01:29 ii : resend limit exceeded for phase2 exchange
10/04/14 00:01:29 DB : phase2 soft event canceled ( ref count = 2 )
10/04/14 00:01:29 DB : phase2 hard event canceled ( ref count = 1 )
10/04/14 00:01:29 DB : phase1 found
10/04/14 00:01:29 ii : sending peer DELETE message
10/04/14 00:01:29 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/14 00:01:29 ii : - ipsec-esp spi = 0xd9eab651
10/04/14 00:01:29 ii : - data size 0
10/04/14 00:01:29 >> : hash payload
10/04/14 00:01:29 >> : delete payload
10/04/14 00:01:29 == : new informational hash ( 20 bytes )
10/04/14 00:01:29 == : new informational iv ( 8 bytes )
10/04/14 00:01:29 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:01:29 >= : message c8859b32
10/04/14 00:01:29 >= : encrypt iv ( 8 bytes )
10/04/14 00:01:29 == : encrypt packet ( 68 bytes )
10/04/14 00:01:29 == : stored iv ( 8 bytes )
10/04/14 00:01:29 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 100 bytes )
10/04/14 00:01:29 K> : send pfkey DELETE ESP message
10/04/14 00:01:29 K> : send pfkey DELETE ESP message
10/04/14 00:01:29 ii : phase2 removal before expire time
10/04/14 00:01:29 DB : phase2 deleted ( obj count = 0 )
10/04/14 00:01:29 K< : recv pfkey DELETE ESP message
10/04/14 00:01:29 K< : recv pfkey DELETE ESP message
10/04/14 00:01:34 DB : phase1 found
10/04/14 00:01:34 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:01:39 DB : phase1 found
10/04/14 00:01:39 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:01:40 DB : phase1 found
10/04/14 00:01:40 ii : sending peer DPDV1-R-U-THERE notification
10/04/14 00:01:40 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/14 00:01:40 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:01:40 ii : - data size 4
10/04/14 00:01:40 >> : hash payload
10/04/14 00:01:40 >> : notification payload
10/04/14 00:01:40 == : new informational hash ( 20 bytes )
10/04/14 00:01:40 == : new informational iv ( 8 bytes )
10/04/14 00:01:40 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:01:40 >= : message e0d200ea
10/04/14 00:01:40 >= : encrypt iv ( 8 bytes )
10/04/14 00:01:40 == : encrypt packet ( 84 bytes )
10/04/14 00:01:40 == : stored iv ( 8 bytes )
10/04/14 00:01:40 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/14 00:01:40 ii : DPD ARE-YOU-THERE sequence 3188185b requested
10/04/14 00:01:41 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/14 00:01:41 DB : phase1 found
10/04/14 00:01:41 ii : processing informational packet ( 92 bytes )
10/04/14 00:01:41 == : new informational iv ( 8 bytes )
10/04/14 00:01:41 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:01:41 =< : message 845d18c1
10/04/14 00:01:41 =< : decrypt iv ( 8 bytes )
10/04/14 00:01:41 == : decrypt packet ( 92 bytes )
10/04/14 00:01:41 <= : trimmed packet padding ( 8 bytes )
10/04/14 00:01:41 <= : stored iv ( 8 bytes )
10/04/14 00:01:41 << : hash payload
10/04/14 00:01:41 << : notification payload
10/04/14 00:01:41 == : informational hash_i ( computed ) ( 20 bytes )
10/04/14 00:01:41 == : informational hash_c ( received ) ( 20 bytes )
10/04/14 00:01:41 ii : informational hash verified
10/04/14 00:01:41 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/14 00:01:41 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/14 00:01:41 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:01:41 ii : - data size 4
10/04/14 00:01:41 ii : DPD ARE-YOU-THERE-ACK sequence 3188185b accepted
10/04/14 00:01:41 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/14 00:01:44 DB : phase1 found
10/04/14 00:01:44 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:01:46 K< : recv pfkey ACQUIRE UNSPEC message
10/04/14 00:01:46 DB : policy found
10/04/14 00:01:46 DB : policy found
10/04/14 00:01:46 DB : tunnel found
10/04/14 00:01:46 DB : new phase2 ( IPSEC initiator )
10/04/14 00:01:46 DB : phase2 added ( obj count = 1 )
10/04/14 00:01:46 K> : send pfkey GETSPI ESP message
10/04/14 00:01:46 K< : recv pfkey GETSPI ESP message
10/04/14 00:01:46 DB : phase2 found
10/04/14 00:01:46 ii : updated spi for 1 ipsec-esp proposal
10/04/14 00:01:46 DB : phase1 found
10/04/14 00:01:46 >> : hash payload
10/04/14 00:01:46 >> : security association payload
10/04/14 00:01:46 >> : - proposal #1 payload
10/04/14 00:01:46 >> : -- transform #1 payload
10/04/14 00:01:46 >> : nonce payload
10/04/14 00:01:46 >> : key exchange payload
10/04/14 00:01:46 >> : identification payload
10/04/14 00:01:46 >> : identification payload
10/04/14 00:01:46 == : phase2 hash_i ( input ) ( 244 bytes )
10/04/14 00:01:46 == : phase2 hash_i ( computed ) ( 20 bytes )
10/04/14 00:01:46 == : new phase2 iv ( 8 bytes )
10/04/14 00:01:46 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:01:46 >= : message 5b732dff
10/04/14 00:01:46 >= : encrypt iv ( 8 bytes )
10/04/14 00:01:46 == : encrypt packet ( 292 bytes )
10/04/14 00:01:46 == : stored iv ( 8 bytes )
10/04/14 00:01:46 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 324 bytes )
10/04/14 00:01:46 DB : phase2 resend event scheduled ( ref count = 2 )
10/04/14 00:01:46 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 300 bytes )
10/04/14 00:01:46 DB : phase1 found
10/04/14 00:01:46 ii : processing phase2 packet ( 300 bytes )
10/04/14 00:01:46 DB : phase2 found
10/04/14 00:01:46 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:01:46 =< : message 5b732dff
10/04/14 00:01:46 =< : decrypt iv ( 8 bytes )
10/04/14 00:01:46 == : decrypt packet ( 300 bytes )
10/04/14 00:01:46 <= : trimmed packet padding ( 8 bytes )
10/04/14 00:01:46 <= : stored iv ( 8 bytes )
10/04/14 00:01:46 << : hash payload
10/04/14 00:01:46 << : security association payload
10/04/14 00:01:46 << : - propsal #1 payload
10/04/14 00:01:46 << : -- transform #1 payload
10/04/14 00:01:46 << : nonce payload
10/04/14 00:01:46 << : key exchange payload
10/04/14 00:01:46 << : identification payload
10/04/14 00:01:46 << : identification payload
10/04/14 00:01:46 == : phase2 hash_r ( input ) ( 264 bytes )
10/04/14 00:01:46 == : phase2 hash_r ( computed ) ( 20 bytes )
10/04/14 00:01:46 == : phase2 hash_r ( received ) ( 20 bytes )
10/04/14 00:01:46 ii : matched ipsec-esp proposal #1 transform #1
10/04/14 00:01:46 ii : - transform = esp-3des
10/04/14 00:01:46 ii : - key length = default
10/04/14 00:01:46 ii : - encap mode = udp-tunnel ( draft )
10/04/14 00:01:46 ii : - msg auth = hmac-sha
10/04/14 00:01:46 ii : - pfs dh group = modp-1024
10/04/14 00:01:46 ii : - life seconds = 3600
10/04/14 00:01:46 ii : - life kbytes = 0
10/04/14 00:01:46 DB : policy found
10/04/14 00:01:46 K> : send pfkey GETSPI ESP message
10/04/14 00:01:46 ii : phase2 ids accepted
10/04/14 00:01:46 ii : - loc ANY:172.16.19.9:* -> ANY:172.16.0.0/12:*
10/04/14 00:01:46 ii : - rmt ANY:172.16.0.0/12:* -> ANY:172.16.19.9:*
10/04/14 00:01:46 ii : phase2 sa established
10/04/14 00:01:46 ii : 10.1.1.100:4500 <-> 200.200.200.200:4500
10/04/14 00:01:46 K< : recv pfkey GETSPI ESP message
10/04/14 00:01:46 DB : phase2 found
10/04/14 00:01:46 == : phase2 hash_p ( input ) ( 45 bytes )
10/04/14 00:01:46 == : phase2 hash_p ( computed ) ( 20 bytes )
10/04/14 00:01:46 >> : hash payload
10/04/14 00:01:46 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:01:46 >= : message 5b732dff
10/04/14 00:01:46 >= : encrypt iv ( 8 bytes )
10/04/14 00:01:46 == : encrypt packet ( 52 bytes )
10/04/14 00:01:46 == : stored iv ( 8 bytes )
10/04/14 00:01:46 DB : phase2 resend event canceled ( ref count = 1 )
10/04/14 00:01:46 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 84 bytes )
10/04/14 00:01:47 == : PFS DH shared secret ( 128 bytes )
10/04/14 00:01:47 == : spi cipher key data ( 24 bytes )
10/04/14 00:01:47 == : spi hmac key data ( 20 bytes )
10/04/14 00:01:47 K> : send pfkey UPDATE ESP message
10/04/14 00:01:47 == : spi cipher key data ( 24 bytes )
10/04/14 00:01:47 == : spi hmac key data ( 20 bytes )
10/04/14 00:01:47 K< : recv pfkey UPDATE ESP message
10/04/14 00:01:47 K> : send pfkey UPDATE ESP message
10/04/14 00:01:47 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/14 00:01:47 DB : phase1 found
10/04/14 00:01:47 ii : processing phase2 packet ( 76 bytes )
10/04/14 00:01:47 DB : phase2 found
10/04/14 00:01:47 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/14 00:01:47 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:01:47 K< : recv pfkey UPDATE ESP message
10/04/14 00:01:47 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 76 bytes )
10/04/14 00:01:47 DB : phase1 found
10/04/14 00:01:47 ii : processing phase2 packet ( 76 bytes )
10/04/14 00:01:47 DB : phase2 found
10/04/14 00:01:47 !! : phase2 packet ignored, resending last packet (
phase2 already mature )
10/04/14 00:01:47 -> : resend 1 phase2 packet(s) 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:01:49 DB : phase1 found
10/04/14 00:01:49 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:01:54 DB : phase1 found
10/04/14 00:01:54 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:01:56 DB : phase1 found
10/04/14 00:01:56 ii : sending peer DPDV1-R-U-THERE notification
10/04/14 00:01:56 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/14 00:01:56 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:01:56 ii : - data size 4
10/04/14 00:01:56 >> : hash payload
10/04/14 00:01:56 >> : notification payload
10/04/14 00:01:56 == : new informational hash ( 20 bytes )
10/04/14 00:01:56 == : new informational iv ( 8 bytes )
10/04/14 00:01:56 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:01:56 >= : message 006e4e85
10/04/14 00:01:56 >= : encrypt iv ( 8 bytes )
10/04/14 00:01:56 == : encrypt packet ( 84 bytes )
10/04/14 00:01:56 == : stored iv ( 8 bytes )
10/04/14 00:01:56 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/14 00:01:56 ii : DPD ARE-YOU-THERE sequence 3188185c requested
10/04/14 00:01:56 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/14 00:01:56 DB : phase1 found
10/04/14 00:01:56 ii : processing informational packet ( 92 bytes )
10/04/14 00:01:56 == : new informational iv ( 8 bytes )
10/04/14 00:01:56 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:01:56 =< : message d89b7536
10/04/14 00:01:56 =< : decrypt iv ( 8 bytes )
10/04/14 00:01:56 == : decrypt packet ( 92 bytes )
10/04/14 00:01:56 <= : trimmed packet padding ( 8 bytes )
10/04/14 00:01:56 <= : stored iv ( 8 bytes )
10/04/14 00:01:56 << : hash payload
10/04/14 00:01:56 << : notification payload
10/04/14 00:01:56 == : informational hash_i ( computed ) ( 20 bytes )
10/04/14 00:01:56 == : informational hash_c ( received ) ( 20 bytes )
10/04/14 00:01:56 ii : informational hash verified
10/04/14 00:01:56 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/14 00:01:56 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/14 00:01:56 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:01:56 ii : - data size 4
10/04/14 00:01:56 ii : DPD ARE-YOU-THERE-ACK sequence 3188185c accepted
10/04/14 00:01:56 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/14 00:01:59 DB : phase1 found
10/04/14 00:01:59 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:02:04 DB : phase1 found
10/04/14 00:02:04 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:02:09 DB : phase1 found
10/04/14 00:02:09 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:02:11 DB : phase1 found
10/04/14 00:02:11 ii : sending peer DPDV1-R-U-THERE notification
10/04/14 00:02:11 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/14 00:02:11 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:02:11 ii : - data size 4
10/04/14 00:02:11 >> : hash payload
10/04/14 00:02:11 >> : notification payload
10/04/14 00:02:11 == : new informational hash ( 20 bytes )
10/04/14 00:02:11 == : new informational iv ( 8 bytes )
10/04/14 00:02:11 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:02:11 >= : message 4b1c1fe3
10/04/14 00:02:11 >= : encrypt iv ( 8 bytes )
10/04/14 00:02:11 == : encrypt packet ( 84 bytes )
10/04/14 00:02:11 == : stored iv ( 8 bytes )
10/04/14 00:02:11 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/14 00:02:11 ii : DPD ARE-YOU-THERE sequence 3188185d requested
10/04/14 00:02:11 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/14 00:02:11 DB : phase1 found
10/04/14 00:02:11 ii : processing informational packet ( 92 bytes )
10/04/14 00:02:11 == : new informational iv ( 8 bytes )
10/04/14 00:02:11 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:02:11 =< : message 0dae67e5
10/04/14 00:02:11 =< : decrypt iv ( 8 bytes )
10/04/14 00:02:11 == : decrypt packet ( 92 bytes )
10/04/14 00:02:11 <= : trimmed packet padding ( 8 bytes )
10/04/14 00:02:11 <= : stored iv ( 8 bytes )
10/04/14 00:02:11 << : hash payload
10/04/14 00:02:11 << : notification payload
10/04/14 00:02:11 == : informational hash_i ( computed ) ( 20 bytes )
10/04/14 00:02:11 == : informational hash_c ( received ) ( 20 bytes )
10/04/14 00:02:11 ii : informational hash verified
10/04/14 00:02:11 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/14 00:02:11 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/14 00:02:11 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:02:11 ii : - data size 4
10/04/14 00:02:11 ii : DPD ARE-YOU-THERE-ACK sequence 3188185d accepted
10/04/14 00:02:11 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/14 00:02:14 DB : phase1 found
10/04/14 00:02:14 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:02:19 DB : phase1 found
10/04/14 00:02:19 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:02:24 DB : phase1 found
10/04/14 00:02:24 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:02:26 DB : phase1 found
10/04/14 00:02:26 ii : sending peer DPDV1-R-U-THERE notification
10/04/14 00:02:26 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/14 00:02:26 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:02:26 ii : - data size 4
10/04/14 00:02:26 >> : hash payload
10/04/14 00:02:26 >> : notification payload
10/04/14 00:02:26 == : new informational hash ( 20 bytes )
10/04/14 00:02:26 == : new informational iv ( 8 bytes )
10/04/14 00:02:26 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:02:26 >= : message 9b7873d6
10/04/14 00:02:26 >= : encrypt iv ( 8 bytes )
10/04/14 00:02:26 == : encrypt packet ( 84 bytes )
10/04/14 00:02:26 == : stored iv ( 8 bytes )
10/04/14 00:02:26 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/14 00:02:26 ii : DPD ARE-YOU-THERE sequence 3188185e requested
10/04/14 00:02:26 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/14 00:02:26 DB : phase1 found
10/04/14 00:02:26 ii : processing informational packet ( 92 bytes )
10/04/14 00:02:26 == : new informational iv ( 8 bytes )
10/04/14 00:02:26 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:02:26 =< : message 96416b51
10/04/14 00:02:26 =< : decrypt iv ( 8 bytes )
10/04/14 00:02:26 == : decrypt packet ( 92 bytes )
10/04/14 00:02:26 <= : trimmed packet padding ( 8 bytes )
10/04/14 00:02:26 <= : stored iv ( 8 bytes )
10/04/14 00:02:26 << : hash payload
10/04/14 00:02:26 << : notification payload
10/04/14 00:02:26 == : informational hash_i ( computed ) ( 20 bytes )
10/04/14 00:02:26 == : informational hash_c ( received ) ( 20 bytes )
10/04/14 00:02:26 ii : informational hash verified
10/04/14 00:02:26 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/14 00:02:26 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/14 00:02:26 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:02:26 ii : - data size 4
10/04/14 00:02:26 ii : DPD ARE-YOU-THERE-ACK sequence 3188185e accepted
10/04/14 00:02:26 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/14 00:02:29 DB : phase1 found
10/04/14 00:02:29 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:02:34 DB : phase1 found
10/04/14 00:02:34 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:02:39 DB : phase1 found
10/04/14 00:02:39 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:02:41 DB : phase1 found
10/04/14 00:02:41 ii : sending peer DPDV1-R-U-THERE notification
10/04/14 00:02:41 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/14 00:02:41 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:02:41 ii : - data size 4
10/04/14 00:02:41 >> : hash payload
10/04/14 00:02:41 >> : notification payload
10/04/14 00:02:41 == : new informational hash ( 20 bytes )
10/04/14 00:02:41 == : new informational iv ( 8 bytes )
10/04/14 00:02:41 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:02:41 >= : message 448c2d9c
10/04/14 00:02:41 >= : encrypt iv ( 8 bytes )
10/04/14 00:02:41 == : encrypt packet ( 84 bytes )
10/04/14 00:02:41 == : stored iv ( 8 bytes )
10/04/14 00:02:41 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/14 00:02:41 ii : DPD ARE-YOU-THERE sequence 3188185f requested
10/04/14 00:02:41 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/14 00:02:41 DB : phase1 found
10/04/14 00:02:41 ii : processing informational packet ( 92 bytes )
10/04/14 00:02:41 == : new informational iv ( 8 bytes )
10/04/14 00:02:41 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:02:41 =< : message ac87e751
10/04/14 00:02:41 =< : decrypt iv ( 8 bytes )
10/04/14 00:02:41 == : decrypt packet ( 92 bytes )
10/04/14 00:02:41 <= : trimmed packet padding ( 8 bytes )
10/04/14 00:02:41 <= : stored iv ( 8 bytes )
10/04/14 00:02:41 << : hash payload
10/04/14 00:02:41 << : notification payload
10/04/14 00:02:41 == : informational hash_i ( computed ) ( 20 bytes )
10/04/14 00:02:41 == : informational hash_c ( received ) ( 20 bytes )
10/04/14 00:02:41 ii : informational hash verified
10/04/14 00:02:41 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/14 00:02:41 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/14 00:02:41 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:02:41 ii : - data size 4
10/04/14 00:02:41 ii : DPD ARE-YOU-THERE-ACK sequence 3188185f accepted
10/04/14 00:02:41 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/14 00:02:44 DB : phase1 found
10/04/14 00:02:44 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:02:49 DB : phase1 found
10/04/14 00:02:49 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:02:54 DB : phase1 found
10/04/14 00:02:54 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:02:56 DB : phase1 found
10/04/14 00:02:56 ii : sending peer DPDV1-R-U-THERE notification
10/04/14 00:02:56 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/14 00:02:56 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:02:56 ii : - data size 4
10/04/14 00:02:56 >> : hash payload
10/04/14 00:02:56 >> : notification payload
10/04/14 00:02:56 == : new informational hash ( 20 bytes )
10/04/14 00:02:56 == : new informational iv ( 8 bytes )
10/04/14 00:02:56 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:02:56 >= : message fb1f6ab6
10/04/14 00:02:56 >= : encrypt iv ( 8 bytes )
10/04/14 00:02:56 == : encrypt packet ( 84 bytes )
10/04/14 00:02:56 == : stored iv ( 8 bytes )
10/04/14 00:02:56 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/14 00:02:56 ii : DPD ARE-YOU-THERE sequence 31881860 requested
10/04/14 00:02:56 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/14 00:02:56 DB : phase1 found
10/04/14 00:02:56 ii : processing informational packet ( 92 bytes )
10/04/14 00:02:56 == : new informational iv ( 8 bytes )
10/04/14 00:02:56 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:02:56 =< : message 67dfd860
10/04/14 00:02:56 =< : decrypt iv ( 8 bytes )
10/04/14 00:02:56 == : decrypt packet ( 92 bytes )
10/04/14 00:02:56 <= : trimmed packet padding ( 8 bytes )
10/04/14 00:02:56 <= : stored iv ( 8 bytes )
10/04/14 00:02:56 << : hash payload
10/04/14 00:02:56 << : notification payload
10/04/14 00:02:56 == : informational hash_i ( computed ) ( 20 bytes )
10/04/14 00:02:56 == : informational hash_c ( received ) ( 20 bytes )
10/04/14 00:02:56 ii : informational hash verified
10/04/14 00:02:56 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/14 00:02:56 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/14 00:02:56 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:02:56 ii : - data size 4
10/04/14 00:02:56 ii : DPD ARE-YOU-THERE-ACK sequence 31881860 accepted
10/04/14 00:02:56 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/14 00:02:59 DB : phase1 found
10/04/14 00:02:59 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:03:04 DB : phase1 found
10/04/14 00:03:04 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:03:09 DB : phase1 found
10/04/14 00:03:09 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:03:11 DB : phase1 found
10/04/14 00:03:11 ii : sending peer DPDV1-R-U-THERE notification
10/04/14 00:03:11 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/14 00:03:11 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:03:11 ii : - data size 4
10/04/14 00:03:11 >> : hash payload
10/04/14 00:03:11 >> : notification payload
10/04/14 00:03:11 == : new informational hash ( 20 bytes )
10/04/14 00:03:11 == : new informational iv ( 8 bytes )
10/04/14 00:03:11 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:03:11 >= : message 12c1ecd2
10/04/14 00:03:11 >= : encrypt iv ( 8 bytes )
10/04/14 00:03:11 == : encrypt packet ( 84 bytes )
10/04/14 00:03:11 == : stored iv ( 8 bytes )
10/04/14 00:03:11 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/14 00:03:11 ii : DPD ARE-YOU-THERE sequence 31881861 requested
10/04/14 00:03:12 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/14 00:03:12 DB : phase1 found
10/04/14 00:03:12 ii : processing informational packet ( 92 bytes )
10/04/14 00:03:12 == : new informational iv ( 8 bytes )
10/04/14 00:03:12 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:03:12 =< : message 04afbcf7
10/04/14 00:03:12 =< : decrypt iv ( 8 bytes )
10/04/14 00:03:12 == : decrypt packet ( 92 bytes )
10/04/14 00:03:12 <= : trimmed packet padding ( 8 bytes )
10/04/14 00:03:12 <= : stored iv ( 8 bytes )
10/04/14 00:03:12 << : hash payload
10/04/14 00:03:12 << : notification payload
10/04/14 00:03:12 == : informational hash_i ( computed ) ( 20 bytes )
10/04/14 00:03:12 == : informational hash_c ( received ) ( 20 bytes )
10/04/14 00:03:12 ii : informational hash verified
10/04/14 00:03:12 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/14 00:03:12 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/14 00:03:12 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:03:12 ii : - data size 4
10/04/14 00:03:12 ii : DPD ARE-YOU-THERE-ACK sequence 31881861 accepted
10/04/14 00:03:12 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/14 00:03:14 DB : phase1 found
10/04/14 00:03:14 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:03:19 DB : phase1 found
10/04/14 00:03:19 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:03:24 DB : phase1 found
10/04/14 00:03:24 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:03:27 DB : phase1 found
10/04/14 00:03:27 ii : sending peer DPDV1-R-U-THERE notification
10/04/14 00:03:27 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/14 00:03:27 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:03:27 ii : - data size 4
10/04/14 00:03:27 >> : hash payload
10/04/14 00:03:27 >> : notification payload
10/04/14 00:03:27 == : new informational hash ( 20 bytes )
10/04/14 00:03:27 == : new informational iv ( 8 bytes )
10/04/14 00:03:27 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:03:27 >= : message 8191f406
10/04/14 00:03:27 >= : encrypt iv ( 8 bytes )
10/04/14 00:03:27 == : encrypt packet ( 84 bytes )
10/04/14 00:03:27 == : stored iv ( 8 bytes )
10/04/14 00:03:27 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/14 00:03:27 ii : DPD ARE-YOU-THERE sequence 31881862 requested
10/04/14 00:03:27 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/14 00:03:27 DB : phase1 found
10/04/14 00:03:27 ii : processing informational packet ( 92 bytes )
10/04/14 00:03:27 == : new informational iv ( 8 bytes )
10/04/14 00:03:27 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:03:27 =< : message 18e281c9
10/04/14 00:03:27 =< : decrypt iv ( 8 bytes )
10/04/14 00:03:27 == : decrypt packet ( 92 bytes )
10/04/14 00:03:27 <= : trimmed packet padding ( 8 bytes )
10/04/14 00:03:27 <= : stored iv ( 8 bytes )
10/04/14 00:03:27 << : hash payload
10/04/14 00:03:27 << : notification payload
10/04/14 00:03:27 == : informational hash_i ( computed ) ( 20 bytes )
10/04/14 00:03:27 == : informational hash_c ( received ) ( 20 bytes )
10/04/14 00:03:27 ii : informational hash verified
10/04/14 00:03:27 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/14 00:03:27 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/14 00:03:27 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:03:27 ii : - data size 4
10/04/14 00:03:27 ii : DPD ARE-YOU-THERE-ACK sequence 31881862 accepted
10/04/14 00:03:27 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/14 00:03:29 DB : phase1 found
10/04/14 00:03:29 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:03:34 DB : phase1 found
10/04/14 00:03:34 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:03:39 DB : phase1 found
10/04/14 00:03:39 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:03:42 DB : phase1 found
10/04/14 00:03:42 ii : sending peer DPDV1-R-U-THERE notification
10/04/14 00:03:42 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/14 00:03:42 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:03:42 ii : - data size 4
10/04/14 00:03:42 >> : hash payload
10/04/14 00:03:42 >> : notification payload
10/04/14 00:03:42 == : new informational hash ( 20 bytes )
10/04/14 00:03:42 == : new informational iv ( 8 bytes )
10/04/14 00:03:42 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:03:42 >= : message ddc2ea69
10/04/14 00:03:42 >= : encrypt iv ( 8 bytes )
10/04/14 00:03:42 == : encrypt packet ( 84 bytes )
10/04/14 00:03:42 == : stored iv ( 8 bytes )
10/04/14 00:03:42 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/14 00:03:42 ii : DPD ARE-YOU-THERE sequence 31881863 requested
10/04/14 00:03:42 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/14 00:03:42 DB : phase1 found
10/04/14 00:03:42 ii : processing informational packet ( 92 bytes )
10/04/14 00:03:42 == : new informational iv ( 8 bytes )
10/04/14 00:03:42 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:03:42 =< : message aa7b3793
10/04/14 00:03:42 =< : decrypt iv ( 8 bytes )
10/04/14 00:03:42 == : decrypt packet ( 92 bytes )
10/04/14 00:03:42 <= : trimmed packet padding ( 8 bytes )
10/04/14 00:03:42 <= : stored iv ( 8 bytes )
10/04/14 00:03:42 << : hash payload
10/04/14 00:03:42 << : notification payload
10/04/14 00:03:42 == : informational hash_i ( computed ) ( 20 bytes )
10/04/14 00:03:42 == : informational hash_c ( received ) ( 20 bytes )
10/04/14 00:03:42 ii : informational hash verified
10/04/14 00:03:42 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/14 00:03:42 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/14 00:03:42 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:03:42 ii : - data size 4
10/04/14 00:03:42 ii : DPD ARE-YOU-THERE-ACK sequence 31881863 accepted
10/04/14 00:03:42 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/14 00:03:44 DB : phase1 found
10/04/14 00:03:44 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:03:49 DB : phase1 found
10/04/14 00:03:49 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:03:54 DB : phase1 found
10/04/14 00:03:54 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:03:57 DB : phase1 found
10/04/14 00:03:57 ii : sending peer DPDV1-R-U-THERE notification
10/04/14 00:03:57 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/14 00:03:57 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:03:57 ii : - data size 4
10/04/14 00:03:57 >> : hash payload
10/04/14 00:03:57 >> : notification payload
10/04/14 00:03:57 == : new informational hash ( 20 bytes )
10/04/14 00:03:57 == : new informational iv ( 8 bytes )
10/04/14 00:03:57 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:03:57 >= : message 7167c697
10/04/14 00:03:57 >= : encrypt iv ( 8 bytes )
10/04/14 00:03:57 == : encrypt packet ( 84 bytes )
10/04/14 00:03:57 == : stored iv ( 8 bytes )
10/04/14 00:03:57 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/14 00:03:57 ii : DPD ARE-YOU-THERE sequence 31881864 requested
10/04/14 00:03:57 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/14 00:03:57 DB : phase1 found
10/04/14 00:03:57 ii : processing informational packet ( 92 bytes )
10/04/14 00:03:57 == : new informational iv ( 8 bytes )
10/04/14 00:03:57 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:03:57 =< : message b6e32dac
10/04/14 00:03:57 =< : decrypt iv ( 8 bytes )
10/04/14 00:03:57 == : decrypt packet ( 92 bytes )
10/04/14 00:03:57 <= : trimmed packet padding ( 8 bytes )
10/04/14 00:03:57 <= : stored iv ( 8 bytes )
10/04/14 00:03:57 << : hash payload
10/04/14 00:03:57 << : notification payload
10/04/14 00:03:57 == : informational hash_i ( computed ) ( 20 bytes )
10/04/14 00:03:57 == : informational hash_c ( received ) ( 20 bytes )
10/04/14 00:03:57 ii : informational hash verified
10/04/14 00:03:57 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/14 00:03:57 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/14 00:03:57 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:03:57 ii : - data size 4
10/04/14 00:03:57 ii : DPD ARE-YOU-THERE-ACK sequence 31881864 accepted
10/04/14 00:03:57 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/14 00:03:59 DB : phase1 found
10/04/14 00:03:59 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:04:04 DB : phase1 found
10/04/14 00:04:04 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:04:09 DB : phase1 found
10/04/14 00:04:09 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:04:12 DB : phase1 found
10/04/14 00:04:12 ii : sending peer DPDV1-R-U-THERE notification
10/04/14 00:04:12 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/14 00:04:12 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:04:12 ii : - data size 4
10/04/14 00:04:12 >> : hash payload
10/04/14 00:04:12 >> : notification payload
10/04/14 00:04:12 == : new informational hash ( 20 bytes )
10/04/14 00:04:12 == : new informational iv ( 8 bytes )
10/04/14 00:04:12 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:04:12 >= : message 930b2a86
10/04/14 00:04:12 >= : encrypt iv ( 8 bytes )
10/04/14 00:04:12 == : encrypt packet ( 84 bytes )
10/04/14 00:04:12 == : stored iv ( 8 bytes )
10/04/14 00:04:12 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/14 00:04:12 ii : DPD ARE-YOU-THERE sequence 31881865 requested
10/04/14 00:04:12 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/14 00:04:12 DB : phase1 found
10/04/14 00:04:12 ii : processing informational packet ( 92 bytes )
10/04/14 00:04:12 == : new informational iv ( 8 bytes )
10/04/14 00:04:12 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:04:12 =< : message d999c47f
10/04/14 00:04:12 =< : decrypt iv ( 8 bytes )
10/04/14 00:04:12 == : decrypt packet ( 92 bytes )
10/04/14 00:04:12 <= : trimmed packet padding ( 8 bytes )
10/04/14 00:04:12 <= : stored iv ( 8 bytes )
10/04/14 00:04:12 << : hash payload
10/04/14 00:04:12 << : notification payload
10/04/14 00:04:12 == : informational hash_i ( computed ) ( 20 bytes )
10/04/14 00:04:12 == : informational hash_c ( received ) ( 20 bytes )
10/04/14 00:04:12 ii : informational hash verified
10/04/14 00:04:12 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/14 00:04:12 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/14 00:04:12 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:04:12 ii : - data size 4
10/04/14 00:04:12 ii : DPD ARE-YOU-THERE-ACK sequence 31881865 accepted
10/04/14 00:04:12 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/14 00:04:14 DB : phase1 found
10/04/14 00:04:14 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:04:19 DB : phase1 found
10/04/14 00:04:19 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:04:24 DB : phase1 found
10/04/14 00:04:24 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:04:27 DB : phase1 found
10/04/14 00:04:27 ii : sending peer DPDV1-R-U-THERE notification
10/04/14 00:04:27 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/14 00:04:27 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:04:27 ii : - data size 4
10/04/14 00:04:27 >> : hash payload
10/04/14 00:04:27 >> : notification payload
10/04/14 00:04:27 == : new informational hash ( 20 bytes )
10/04/14 00:04:27 == : new informational iv ( 8 bytes )
10/04/14 00:04:27 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:04:27 >= : message a5f5736a
10/04/14 00:04:27 >= : encrypt iv ( 8 bytes )
10/04/14 00:04:27 == : encrypt packet ( 84 bytes )
10/04/14 00:04:27 == : stored iv ( 8 bytes )
10/04/14 00:04:27 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/14 00:04:27 ii : DPD ARE-YOU-THERE sequence 31881866 requested
10/04/14 00:04:27 <- : recv NAT-T:IKE packet 200.200.200.200:4500 ->
10.1.1.100:4500 ( 92 bytes )
10/04/14 00:04:27 DB : phase1 found
10/04/14 00:04:27 ii : processing informational packet ( 92 bytes )
10/04/14 00:04:27 == : new informational iv ( 8 bytes )
10/04/14 00:04:27 =< : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:04:27 =< : message 0100080c
10/04/14 00:04:27 =< : decrypt iv ( 8 bytes )
10/04/14 00:04:27 == : decrypt packet ( 92 bytes )
10/04/14 00:04:27 <= : trimmed packet padding ( 8 bytes )
10/04/14 00:04:27 <= : stored iv ( 8 bytes )
10/04/14 00:04:27 << : hash payload
10/04/14 00:04:27 << : notification payload
10/04/14 00:04:27 == : informational hash_i ( computed ) ( 20 bytes )
10/04/14 00:04:27 == : informational hash_c ( received ) ( 20 bytes )
10/04/14 00:04:27 ii : informational hash verified
10/04/14 00:04:27 ii : received peer DPDV1-R-U-THERE-ACK notification
10/04/14 00:04:27 ii : - 200.200.200.200:4500 -> 10.1.1.100:4500
10/04/14 00:04:27 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:04:27 ii : - data size 4
10/04/14 00:04:27 ii : DPD ARE-YOU-THERE-ACK sequence 31881866 accepted
10/04/14 00:04:27 ii : next tunnel DPD request in 15 secs for peer
200.200.200.200:4500
10/04/14 00:04:29 DB : phase1 found
10/04/14 00:04:29 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:04:34 DB : phase1 found
10/04/14 00:04:34 -> : send NAT-T:KEEP-ALIVE packet 10.1.1.100:4500 ->
200.200.200.200:4500
10/04/14 00:04:35 ii : halt signal received, shutting down
10/04/14 00:04:35 DB : removing all peer tunnel refrences
10/04/14 00:04:35 DB : tunnel dpd event canceled ( ref count = 7 )
10/04/14 00:04:35 DB : tunnel natt event canceled ( ref count = 6 )
10/04/14 00:04:35 DB : tunnel stats event canceled ( ref count = 5 )
10/04/14 00:04:35 DB : removing tunnel config references
10/04/14 00:04:35 DB : config deleted ( obj count = 0 )
10/04/14 00:04:35 DB : removing tunnel phase2 references
10/04/14 00:04:35 DB : phase2 soft event canceled ( ref count = 2 )
10/04/14 00:04:35 DB : phase2 hard event canceled ( ref count = 1 )
10/04/14 00:04:35 DB : phase1 found
10/04/14 00:04:35 ii : sending peer DELETE message
10/04/14 00:04:35 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/14 00:04:35 ii : - ipsec-esp spi = 0xea704256
10/04/14 00:04:35 ii : - data size 0
10/04/14 00:04:35 >> : hash payload
10/04/14 00:04:35 >> : delete payload
10/04/14 00:04:35 == : new informational hash ( 20 bytes )
10/04/14 00:04:35 == : new informational iv ( 8 bytes )
10/04/14 00:04:35 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:04:35 >= : message 0a640370
10/04/14 00:04:35 >= : encrypt iv ( 8 bytes )
10/04/14 00:04:35 == : encrypt packet ( 68 bytes )
10/04/14 00:04:35 == : stored iv ( 8 bytes )
10/04/14 00:04:35 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 100 bytes )
10/04/14 00:04:35 K> : send pfkey DELETE ESP message
10/04/14 00:04:35 K> : send pfkey DELETE ESP message
10/04/14 00:04:35 ii : phase2 removal before expire time
10/04/14 00:04:35 DB : phase2 deleted ( obj count = 0 )
10/04/14 00:04:35 DB : removing tunnel phase1 references
10/04/14 00:04:35 DB : phase1 soft event canceled ( ref count = 3 )
10/04/14 00:04:35 DB : phase1 hard event canceled ( ref count = 2 )
10/04/14 00:04:35 DB : phase1 dead event canceled ( ref count = 1 )
10/04/14 00:04:35 ii : sending peer DELETE message
10/04/14 00:04:35 ii : - 10.1.1.100:4500 -> 200.200.200.200:4500
10/04/14 00:04:35 ii : - isakmp spi = c0610788fefff431:3ebd0f9601648f56
10/04/14 00:04:35 ii : - data size 0
10/04/14 00:04:35 >> : hash payload
10/04/14 00:04:35 >> : delete payload
10/04/14 00:04:35 == : new informational hash ( 20 bytes )
10/04/14 00:04:35 == : new informational iv ( 8 bytes )
10/04/14 00:04:35 >= : cookies c0610788fefff431:3ebd0f9601648f56
10/04/14 00:04:35 >= : message 9483907c
10/04/14 00:04:35 >= : encrypt iv ( 8 bytes )
10/04/14 00:04:35 == : encrypt packet ( 80 bytes )
10/04/14 00:04:35 == : stored iv ( 8 bytes )
10/04/14 00:04:35 -> : send NAT-T:IKE packet 10.1.1.100:4500 ->
200.200.200.200:4500 ( 116 bytes )
10/04/14 00:04:35 ii : phase1 removal before expire time
10/04/14 00:04:35 DB : phase1 deleted ( obj count = 0 )
10/04/14 00:04:35 K< : recv pfkey DELETE ESP message
10/04/14 00:04:35 DB : policy found
10/04/14 00:04:35 K< : recv pfkey DELETE ESP message
10/04/14 00:04:35 ii : removing IPSEC INBOUND policy ANY:172.16.0.0/12:*
-> ANY:172.16.19.9:*
10/04/14 00:04:35 K> : send pfkey X_SPDDELETE2 UNSPEC message
10/04/14 00:04:35 DB : policy found
10/04/14 00:04:35 ii : removing IPSEC OUTBOUND policy ANY:172.16.19.9:*
-> ANY:172.16.0.0/12:*
10/04/14 00:04:35 K> : send pfkey X_SPDDELETE2 UNSPEC message
10/04/14 00:04:35 K< : recv pfkey X_SPDDELETE2 UNSPEC message
10/04/14 00:04:35 ii : removed IPSEC policy route for ANY:172.16.0.0/12:*
10/04/14 00:04:35 DB : policy found
10/04/14 00:04:35 DB : policy deleted ( obj count = 1 )
10/04/14 00:04:35 K< : recv pfkey X_SPDDELETE2 UNSPEC message
10/04/14 00:04:35 DB : policy found
10/04/14 00:04:35 DB : policy deleted ( obj count = 0 )
10/04/14 00:04:35 ii : disabled adapter ROOT\VNET\0000
10/04/14 00:04:35 DB : tunnel deleted ( obj count = 0 )
10/04/14 00:04:36 DB : peer deleted ( obj count = 0 )
10/04/14 00:04:36 ii : ipc client process thread exit ...
10/04/14 00:04:36 ii : pfkey process thread exit ...
10/04/14 00:04:36 ii : ipc server process thread exit ...
10/04/14 00:04:36 ii : network process thread exit ...



n:version:3
n:network-ike-port:500
n:network-mtu-size:1380
n:client-addr-auto:1
n:network-natt-port:4500
n:network-natt-rate:5
n:network-frag-size:540
n:network-dpd-enable:1
n:client-banner-enable:1
n:network-notify-enable:1
n:client-wins-used:1
n:client-wins-auto:1
n:client-dns-used:1
n:client-dns-auto:1
n:client-splitdns-used:0
n:client-splitdns-auto:0
n:phase1-dhgroup:2
n:phase1-life-secs:28800
n:phase1-life-kbytes:0
n:vendor-chkpt-enable:0
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
n:policy-nailed:0
n:policy-list-auto:0
n:client-dns-suffix-auto:1
s:network-host:vp8.876543ku.com
s:client-auto-mode:push
s:client-iface:virtual
s:network-natt-mode:enable
s:network-frag-mode:force
s:auth-method:mutual-psk-xauth
s:ident-client-type:ufqdn
s:ident-server-type:any
s:ident-client-data:PC001 at yxzyxz
b:auth-mutual-psk:XjhxzjBEP_hF_Ux__EUxQjk=
s:phase1-exchange:aggressive
s:phase1-cipher:3des
s:phase1-hash:sha1
s:phase2-transform:esp-3des
s:phase2-hmac:sha1
s:ipcomp-transform:disabled
n:phase2-pfsgroup:2
s:policy-list-include:172.16.0.0 / 255.240.0.0









More information about the vpn-help mailing list