<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 12 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.E-MailFormatvorlage17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=DE link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span lang=EN-US>Hi guys,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>I'm trying to connect to Juniper NS5GT (Hardware Version: 1010, Firmware Version:6.2.0r2.0 Firewall+VPN) with Shrew VPN Client 2.1.7 (running on Win7 64bit) without success.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>I used http://www.shrew.net/support/wiki/HowtoJuniperSsg to configure both sides.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Messages in shrew client window are<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>===<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>config loaded for site '222.61.123.22'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>configuring client settings... <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>attached to key daemon ...<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>peer configured<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>iskamp proposal configured<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>esp proposal configured<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>client configured<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>local id configured<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>remote id configured<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>pre-shared key configured<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>bringing up tunnel ...<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>user authentication error<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>tunnel disabled<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>detached from key daemon ...<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>===<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Error Messages on juniper are<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>===<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>2011-02-27 15:27:29 info IKE 62.143.130.124: XAuth login failed for gateway vpnclient_gateway, username thorsten, retry: 0, timeout: 1.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>2011-02-27 15:27:29 info Rejected an IKE packet on ethernet3 from 62.143.130.124:4500 to 222.61.123.22:4500 with cookies e11944da1f039872 and b6cc949745492852 because A Phase 2 packet arrived while XAuth was still pending.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>2011-02-27 15:27:29 info IKE 62.143.130.124 Phase 1: Completed Aggressive mode negotiations with a 28800-second lifetime.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>2011-02-27 15:27:29 info IKE 62.143.130.124 Phase 1: Completed for user client.jersa.de.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>2011-02-27 15:27:29 info IKE<62.143.130.124> Phase 1: IKE responder has detected NAT in front of the remote device.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>2011-02-27 15:27:29 info IKE<62.143.130.124> Phase 1: IKE responder has detected NAT in front of the local device.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>2011-02-27 15:27:29 info IKE 62.143.130.124 phase 1:The symmetric crypto key has been generated successfully.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>2011-02-27 15:27:29 info IKE 62.143.130.124 Phase 1: Responder starts AGGRESSIVE mode negotiations.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>===<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>The pw for user thorsten is correct, I already tried to connect with a wrong pw and got a different error message.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Shrew Configuration is<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>===<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>n:version:2<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>n:network-ike-port:500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>n:network-mtu-size:1380<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>n:client-addr-auto:1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>n:network-natt-port:4500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>n:network-natt-rate:15<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>n:network-frag-size:540<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>n:network-dpd-enable:1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>n:client-banner-enable:0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>n:network-notify-enable:1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>n:client-wins-used:0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>n:client-wins-auto:1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>n:client-dns-used:1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>n:client-dns-auto:1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>n:client-splitdns-used:0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>n:client-splitdns-auto:0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>n:phase1-dhgroup:2<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>n:phase1-life-secs:86400<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>n:phase1-life-kbytes:0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>n:vendor-chkpt-enable:0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>n:phase2-life-secs:3600<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>n:phase2-life-kbytes:0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>n:policy-nailed:0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>n:policy-list-auto:0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>n:phase2-keylen:0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>s:network-host:222.61.123.22<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>s:client-auto-mode:push<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>s:client-iface:direct<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>s:network-natt-mode:enable<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>s:network-frag-mode:enable<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>s:auth-method:mutual-psk-xauth<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>s:ident-client-type:fqdn<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>s:ident-server-type:fqdn<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>s:ident-client-data:client.jersa.de<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>s:ident-server-data:vpngw.jersa.de<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>b:auth-mutual-psk:dGVzdDJURVNU<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>s:phase1-exchange:aggressive<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>s:phase1-cipher:auto<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>s:phase1-hash:auto<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>s:phase2-transform:auto<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>s:phase2-hmac:auto<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>s:ipcomp-transform:disabled<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>n:phase2-pfsgroup:-1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>s:policy-level:auto<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>s:policy-list-include:10.1.1.0 / 255.255.255.0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>===<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Shrew Debug log is<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>===<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 ii : ipc client process thread begin ...<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 <A : peer config add message<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 DB : peer added ( obj count = 1 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 ii : local address 10.0.0.100 selected for peer<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 DB : tunnel added ( obj count = 1 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 <A : proposal config message<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 <A : proposal config message<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 <A : client config message<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 <A : xauth username message<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 <A : xauth password message<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 <A : local id 'client.jersa.de' message<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 <A : remote id 'vpngw.jersa.de' message<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 <A : preshared key message<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 <A : remote resource message<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 <A : peer tunnel enable message<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 DB : new phase1 ( ISAKMP initiator )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 DB : exchange type is aggressive<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 DB : 10.0.0.100:500 <-> 222.61.123.22:500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 DB : e11944da1f039872:0000000000000000<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 DB : phase1 added ( obj count = 1 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : security association payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : - proposal #1 payload <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : -- transform #1 payload <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : -- transform #2 payload <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : -- transform #3 payload <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : -- transform #4 payload <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : -- transform #5 payload <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : -- transform #6 payload <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : -- transform #7 payload <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : -- transform #8 payload <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : -- transform #9 payload <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : -- transform #10 payload <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : -- transform #11 payload <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : -- transform #12 payload <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : -- transform #13 payload <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : -- transform #14 payload <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : -- transform #15 payload <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : -- transform #16 payload <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : -- transform #17 payload <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : -- transform #18 payload <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : key exchange payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : nonce payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : identification payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : vendor id payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 ii : local supports XAUTH<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : vendor id payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 ii : local supports nat-t ( draft v00 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : vendor id payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 ii : local supports nat-t ( draft v01 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : vendor id payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 ii : local supports nat-t ( draft v02 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : vendor id payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 ii : local supports nat-t ( draft v03 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : vendor id payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 ii : local supports nat-t ( rfc )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : vendor id payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 ii : local supports FRAGMENTATION<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : vendor id payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 ii : local supports DPDv1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : vendor id payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 ii : local is SHREW SOFT compatible<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : vendor id payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 ii : local is NETSCREEN compatible<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : vendor id payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 ii : local is SIDEWINDER compatible<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >> : vendor id payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 ii : local is CISCO UNITY compatible<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >= : cookies e11944da1f039872:0000000000000000<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 >= : message 00000000<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 -> : send IKE packet 10.0.0.100:500 -> 222.61.123.22:500 ( 1191 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:44 DB : phase1 resend event scheduled ( ref count = 2 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 <- : recv IKE packet 222.61.123.22:500 -> 10.0.0.100:500 ( 446 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : phase1 found<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : processing phase1 packet ( 446 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 =< : cookies e11944da1f039872:b6cc949745492852<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 =< : message 00000000<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 << : security association payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 << : - propsal #1 payload <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 << : -- transform #1 payload <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : unmatched isakmp proposal/transform<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : key length ( 128 != 256 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : unmatched isakmp proposal/transform<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : key length ( 128 != 256 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : unmatched isakmp proposal/transform<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : key length ( 128 != 192 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : unmatched isakmp proposal/transform<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : key length ( 128 != 192 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 !! : peer violates RFC, transform number mismatch ( 1 != 5 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : matched isakmp proposal #1 transform #1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : - transform = ike<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : - cipher type = aes<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : - key length = 128 bits<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : - hash type = md5<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : - dh group = modp-1024<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : - auth type = xauth-initiator-psk<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : - life seconds = 86400<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : - life kbytes = 0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 << : vendor id payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : unknown vendor id ( 28 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 0x : 71957fc3 620a4219 70709668 132e871a 332378fc 0000000b 00000614<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 << : vendor id payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : peer supports XAUTH<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 << : vendor id payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : peer supports DPDv1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 << : vendor id payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : peer supports HEARTBEAT-NOTIFY<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 << : key exchange payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 << : nonce payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 << : identification payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : phase1 id match <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : received = fqdn vpngw.jersa.de<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 << : hash payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 << : vendor id payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : peer supports nat-t ( draft v02 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 << : nat discovery payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 << : nat discovery payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : nat discovery - local address is translated<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : switching to src nat-t udp port 4500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : switching to dst nat-t udp port 4500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : DH shared secret ( 128 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : SETKEYID ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : SETKEYID_d ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : SETKEYID_a ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : SETKEYID_e ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : cipher key ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : cipher iv ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : phase1 hash_i ( computed ) ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 >> : hash payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 >> : nat discovery payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 >> : nat discovery payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 >= : cookies e11944da1f039872:b6cc949745492852<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 >= : message 00000000<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 >= : encrypt iv ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : encrypt packet ( 88 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : stored iv ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : phase1 resend event canceled ( ref count = 1 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 -> : send NAT-T:IKE packet 10.0.0.100:4500 -> 222.61.123.22:4500 ( 124 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : phase1 hash_r ( computed ) ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : phase1 hash_r ( received ) ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : phase1 sa established<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : 222.61.123.22:4500 <-> 10.0.0.100:4500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : e11944da1f039872:b6cc949745492852<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : sending peer INITIAL-CONTACT notification<o:p></o:p></span></p><p class=MsoNormal>11/02/27 15:15:45 ii : - 10.0.0.100:4500 -> 222.61.123.22:4500<o:p></o:p></p><p class=MsoNormal>11/02/27 15:15:45 ii : - isakmp spi = e11944da1f039872:b6cc949745492852<o:p></o:p></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : - data size 0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 >> : hash payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 >> : notification payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : new informational hash ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : new informational iv ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 >= : cookies e11944da1f039872:b6cc949745492852<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 >= : message a0c38ba0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 >= : encrypt iv ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : encrypt packet ( 76 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : stored iv ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 -> : send NAT-T:IKE packet 10.0.0.100:4500 -> 222.61.123.22:4500 ( 108 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : phase2 not found<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 <- : recv NAT-T:IKE packet 222.61.123.22:4500 -> 10.0.0.100:4500 ( 76 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : phase1 found<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : processing config packet ( 76 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : config not found<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : config added ( obj count = 1 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : new config iv ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 =< : cookies e11944da1f039872:b6cc949745492852<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 =< : message 55466abc<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 =< : decrypt iv ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : decrypt packet ( 76 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 <= : trimmed packet padding ( 8 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 <= : stored iv ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 << : hash payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 << : attribute payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : configure hash_i ( computed ) ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : configure hash_c ( computed ) ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : configure hash verified<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : - xauth authentication type<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : - xauth username<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : - xauth password<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : received basic xauth request - <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : - standard xauth username<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : - standard xauth password<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : sending xauth response for thorsten<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 >> : hash payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 >> : attribute payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : new configure hash ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 >= : cookies e11944da1f039872:b6cc949745492852<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 >= : message 55466abc<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 >= : encrypt iv ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : encrypt packet ( 84 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : stored iv ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 -> : send NAT-T:IKE packet 10.0.0.100:4500 -> 222.61.123.22:4500 ( 124 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : config resend event scheduled ( ref count = 2 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 <- : recv NAT-T:IKE packet 222.61.123.22:4500 -> 10.0.0.100:4500 ( 92 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : phase1 found<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : processing config packet ( 92 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : config found<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : new config iv ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 =< : cookies e11944da1f039872:b6cc949745492852<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 =< : message 577a08a9<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 =< : decrypt iv ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : decrypt packet ( 92 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 <= : trimmed packet padding ( 12 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 <= : stored iv ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 << : hash payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 << : attribute payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : configure hash_i ( computed ) ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : configure hash_c ( computed ) ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : configure hash verified<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : received config push request<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : - IP4 Address<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : - IP4 Netmask<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : - IP4 DNS Server = 10.1.1.1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : building config attribute list<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : - IP4 DNS Server<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : sending config push acknowledge<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 >> : hash payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 >> : attribute payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : new configure hash ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 >= : cookies e11944da1f039872:b6cc949745492852<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 >= : message 577a08a9<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 >= : encrypt iv ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : encrypt packet ( 60 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : stored iv ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : config resend event canceled ( ref count = 1 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 -> : send NAT-T:IKE packet 10.0.0.100:4500 -> 222.61.123.22:4500 ( 92 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : config resend event scheduled ( ref count = 2 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 <- : recv NAT-T:IKE packet 222.61.123.22:4500 -> 10.0.0.100:4500 ( 76 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : phase1 found<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : processing config packet ( 76 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : config found<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : new config iv ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 =< : cookies e11944da1f039872:b6cc949745492852<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 =< : message 84591a7f<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 =< : decrypt iv ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : decrypt packet ( 76 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 <= : trimmed packet padding ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 <= : stored iv ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 << : hash payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 << : attribute payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : configure hash_i ( computed ) ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : configure hash_c ( computed ) ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : configure hash verified<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : received xauth result - <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 !! : user thorsten authentication failed<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : phase1 soft event canceled ( ref count = 3 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : phase1 hard event canceled ( ref count = 2 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : phase1 dead event canceled ( ref count = 1 )<o:p></o:p></span></p><p class=MsoNormal>11/02/27 15:15:45 ii : sending peer DELETE message<o:p></o:p></p><p class=MsoNormal>11/02/27 15:15:45 ii : - 10.0.0.100:4500 -> 222.61.123.22:4500<o:p></o:p></p><p class=MsoNormal>11/02/27 15:15:45 ii : - isakmp spi = e11944da1f039872:b6cc949745492852<o:p></o:p></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : - data size 0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 >> : hash payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 >> : delete payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : new informational hash ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : new informational iv ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 >= : cookies e11944da1f039872:b6cc949745492852<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 >= : message a29a73fe<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 >= : encrypt iv ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : encrypt packet ( 76 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 == : stored iv ( 16 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 -> : send NAT-T:IKE packet 10.0.0.100:4500 -> 222.61.123.22:4500 ( 108 bytes )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : config resend event canceled ( ref count = 1 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : config deleted ( obj count = 0 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : phase1 removal before expire time<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : phase1 deleted ( obj count = 0 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : policy not found<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : policy not found<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : policy not found<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : policy not found<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : policy not found<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : policy not found<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : tunnel dpd event canceled ( ref count = 3 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : tunnel natt event canceled ( ref count = 2 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : tunnel stats event canceled ( ref count = 1 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : removing tunnel config references<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : removing tunnel phase2 references<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : removing tunnel phase1 references<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : tunnel deleted ( obj count = 0 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : removing all peer tunnel refrences<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 DB : peer deleted ( obj count = 0 )<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>11/02/27 15:15:45 ii : ipc client process thread exit ...<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>===<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>I think "user thorsten authentication failed" is the relevant message<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Juniper Debug log (debug ike detail) is<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>===<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ike packet, len 1191, action 1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Catcher: received 1163 bytes from socket.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ****** Recv packet if <ethernet3> of vsys <Root> ******<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Catcher: get 1163 bytes. src port 500<o:p></o:p></span></p><p class=MsoNormal>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ISAKMP msg: len 1163, nxp 1[SA], exch 4[AG], flag 00 <o:p></o:p></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Recv : [SA] [KE] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID] <o:p></o:p></span></p><p class=MsoNormal>## 2011-02-27 15:34:06 : [VID] [VID] [VID] [VID] [VID] [VID] [VID] <o:p></o:p></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : valid id checking, id type:FQDN, len:23.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > Validate (1135): SA/716 KE/132 NONCE/24 ID/23 VID/12 VID/20 VID/20 VID/20 VID/20 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Receive Id in AG mode, id-type=2, id=client.jersa.de, idlen = 15<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : locate peer entry for (2/client.jersa.de), by identity.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : Found identity<client.jersa.de> in group <1> user id <1>.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Found peer entry (vpnclient_gateway) from 62.143.130.124.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : responder create sa: 62.143.130.124->222.61.123.22<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : init p1sa, pidt = 0x0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : change peer identity for p1 sa, pidt = 0x0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > peer_identity_create_with_uid: uid<0><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > create peer identity 0x622a4c0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > peer_identity_add_to_peer: num entry before add <1><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > peer_identity_add_to_peer: num entry after add <2><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : peer identity 622a4c0 created.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > EDIPI disabled<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> getProfileFromP1Proposal-><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> find profile[0]=<00000005 00000002 00000001 00000002> for p1 proposal (id 5), xauth(1)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> find profile[1]=<00000005 00000001 00000001 00000002> for p1 proposal (id 4), xauth(1)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> find profile[2]=<00000007 00000002 00000001 00000002> for p1 proposal (id 7), xauth(1)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> find profile[3]=<00000007 00000001 00000001 00000002> for p1 proposal (id 6), xauth(1)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> responder create sa: 62.143.130.124->222.61.123.22<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Phase 1: Responder starts AGGRESSIVE mode negotiations.<o:p></o:p></span></p><p class=MsoNormal>## 2011-02-27 15:34:06 : IKE<62.143.130.124> AG in state OAK_AG_NOSTATE.<o:p></o:p></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [VID]:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Vendor ID:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : 09 00 26 89 df d6 b7 12 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> rcv XAUTH v6.0 vid<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [VID]:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Vendor ID:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> rcv NAT-Traversal VID payload (draft-ietf-ipsec-nat-t-ike-00).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [VID]:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Vendor ID:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : 16 f6 ca 16 e4 a4 06 6d 83 82 1a 0f 0a ea a8 62<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> rcv non-NAT-Traversal VID payload.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [VID]:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Vendor ID:<o:p></o:p></span></p><p class=MsoNormal>## 2011-02-27 15:34:06 : 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f<o:p></o:p></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> rcv NAT-Traversal VID payload (draft-ietf-ipsec-nat-t-ike-02).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [VID]:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Vendor ID:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> rcv non-NAT-Traversal VID payload.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [VID]:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Vendor ID:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> rcv non-NAT-Traversal VID payload.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [VID]:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Vendor ID:<o:p></o:p></span></p><p class=MsoNormal>## 2011-02-27 15:34:06 : 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3<o:p></o:p></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : 80 00 00 00 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> receive unknown vendor ID payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [VID]:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Vendor ID:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [VID]:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Vendor ID:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : f1 4b 94 b7 bf f1 fe f0 27 73 b8 c4 9f ed ed 26<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> rcv non-NAT-Traversal VID payload.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [VID]:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Vendor ID:<o:p></o:p></span></p><p class=MsoNormal>## 2011-02-27 15:34:06 : 16 6f 93 2d 55 eb 64 d8 e4 df 4f d3 7e 23 13 f0<o:p></o:p></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : d0 fd 84 51 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> receive unknown vendor ID payload<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [VID]:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Vendor ID:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : 84 04 ad f9 cd a0 57 60 b2 ca 29 2e 4b ff 53 7b<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> rcv non-NAT-Traversal VID payload.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [VID]:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Vendor ID:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : 12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 74 cc 01 00<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> rcv non-NAT-Traversal VID payload.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [SA]:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Proposal received: xauthflag 1 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1)<PRESHRD>, encr(7)<AES>, hash(1)<MD5>, group(2), keylen(256)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: initiator<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> [0] expect: xauthflag 3 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1)<PRESHRD>, encr(5)<3DES>, hash(2)<SHA>, group(2)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> [1] expect: xauthflag 3 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1)<PRESHRD>, encr(5)<3DES>, hash(1)<MD5>, group(2)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> [2] expect: xauthflag 3 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1)<PRESHRD>, encr(7)<AES>, hash(2)<SHA>, group(2), keylen(128)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> [3] expect: xauthflag 3 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1)<PRESHRD>, encr(7)<AES>, hash(1)<MD5>, group(2), keylen(128)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Proposal received: xauthflag 1 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1)<PRESHRD>, encr(7)<AES>, hash(2)<SHA>, group(2), keylen(256)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: initiator<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> [0] expect: xauthflag 3 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1)<PRESHRD>, encr(5)<3DES>, hash(2)<SHA>, group(2)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> [1] expect: xauthflag 3 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1)<PRESHRD>, encr(5)<3DES>, hash(1)<MD5>, group(2)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> [2] expect: xauthflag 3 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1)<PRESHRD>, encr(7)<AES>, hash(2)<SHA>, group(2), keylen(128)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> [3] expect: xauthflag 3 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1)<PRESHRD>, encr(7)<AES>, hash(1)<MD5>, group(2), keylen(128)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Proposal received: xauthflag 1 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1)<PRESHRD>, encr(7)<AES>, hash(1)<MD5>, group(2), keylen(192)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: initiator<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> [0] expect: xauthflag 3 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1)<PRESHRD>, encr(5)<3DES>, hash(2)<SHA>, group(2)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> [1] expect: xauthflag 3 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1)<PRESHRD>, encr(5)<3DES>, hash(1)<MD5>, group(2)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> [2] expect: xauthflag 3 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1)<PRESHRD>, encr(7)<AES>, hash(2)<SHA>, group(2), keylen(128)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> [3] expect: xauthflag 3 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1)<PRESHRD>, encr(7)<AES>, hash(1)<MD5>, group(2), keylen(128)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Proposal received: xauthflag 1 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1)<PRESHRD>, encr(7)<AES>, hash(2)<SHA>, group(2), keylen(192)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: initiator<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> [0] expect: xauthflag 3 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1)<PRESHRD>, encr(5)<3DES>, hash(2)<SHA>, group(2)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> [1] expect: xauthflag 3 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1)<PRESHRD>, encr(5)<3DES>, hash(1)<MD5>, group(2)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> [2] expect: xauthflag 3 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1)<PRESHRD>, encr(7)<AES>, hash(2)<SHA>, group(2), keylen(128)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> [3] expect: xauthflag 3 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1)<PRESHRD>, encr(7)<AES>, hash(1)<MD5>, group(2), keylen(128)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Proposal received: xauthflag 1 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1)<PRESHRD>, encr(7)<AES>, hash(1)<MD5>, group(2), keylen(128)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: initiator<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> [0] expect: xauthflag 3 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1)<PRESHRD>, encr(5)<3DES>, hash(2)<SHA>, group(2)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> [1] expect: xauthflag 3 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1)<PRESHRD>, encr(5)<3DES>, hash(1)<MD5>, group(2)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> [2] expect: xauthflag 3 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1)<PRESHRD>, encr(7)<AES>, hash(2)<SHA>, group(2), keylen(128)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Phase 1 proposal [3] selected.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> SA Life Type = seconds<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> SA lifetime (TLV) = 86400<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > dh group 2<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> DH_BG_consume OK. p1 resp<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [KE]:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> processing ISA_KE in phase 1.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [NONCE]:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> processing NONCE in phase 1.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [ID]:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ID received: type=ID_FQDN, FQDN = client.jersa.de, port=0, protocol=0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> process_id need to update peer entry, cur <vpnclient_gateway>.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : locate peer entry for (2/client.jersa.de), by identity.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : Found identity<client.jersa.de> in group <1> user id <1>.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Dynamic peer IP addr, search peer by identity.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> peer gateway entry has no peer id configured<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ID processed. return 0. sa->p1_state = 0.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Phase 1 AG Responder constructing 2nd message.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct ISAKMP header.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Msg header built (next payload #1)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct [SA] for ISAKMP<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1)<PRESHRD>, encr(7)<AES>, hash(1)<MD5>, group(2), keylen(128)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: disabled<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> lifetime/lifesize (86400/0)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct NetScreen [VID]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct custom [VID]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct custom [VID]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct custom [VID]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct [KE] for ISAKMP<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct [NONCE]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> gen_skeyid()<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> gen_skeyid: returning 0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct [ID] for ISAKMP<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Use vpngw.jersa.de as IKE p1 ID.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct [HASH]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Use vpngw.jersa.de as IKE p1 ID.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ID, len=18, type=2, pro=17, port=500,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct NAT-T [VID]: draft 2<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Responder psk ag mode: natt vid constructed.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> responder (psk) constructing remote NAT-D<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct [NATD]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> responder (psk) constructing local NAT-D<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct [NATD]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Xmit : [SA] [VID] [VID] [VID] [VID] [KE] [NONCE] [ID] [HASH] <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : [VID] [NATD] [NATD] <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Responder sending IPv4 IP 62.143.130.124/port 500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Send Phase 1 packet (len=446)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> IKE msg done: PKI state<0> IKE state<5/91180f><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > from FLOAT port.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ike packet, len 124, action 0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > from FLOAT port.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ike packet, len 108, action 0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Catcher: received 96 bytes from socket.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ****** Recv packet if <ethernet3> of vsys <Root> ******<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Catcher: get 96 bytes. src port 4500<o:p></o:p></span></p><p class=MsoNormal>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ISAKMP msg: len 92, nxp 8[HASH], exch 4[AG], flag 01 E <o:p></o:p></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Decrypting payload (length 64)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Recv*: [HASH] [NATD] [NATD] <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > extract payload (64): <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> AG in state OAK_AG_INIT_EXCH.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [NATD]:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [NATD]:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [HASH]:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ID, len=19, type=2, pro=0, port=0,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> completing Phase 1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> sa_pidt = 622a4c0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> adjusting phase 1 hash<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> found existing peer identity 0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Phase 1: Completed for ip <62.143.130.124>, user<client.jersa.de><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Phase 1: Completed Aggressive mode negotiation with a <28800>-second lifetime.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth is started: server, p1responder, aggr mode.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> start_xauth()<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> start_xauth(): as:0 ac:-1 enable:1 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth_process_server: accounting server id 0 (use auth server as acct server).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth_process_server: xauthstatus 20.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ikecfg list add attr type 16520, val 0 added, len 0.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ikecfg list add attr type 16521, val empty string, type <16521> added, len 0.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ikecfg list add attr type 16522, val empty string, type <16522> added, len 0.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Create conn entry...<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ...done(new 22199719)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct ISAKMP header.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Msg header built (next payload #8)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct [HASH]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > print ikecfg attribute payload:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > next: 0, payloadlength 20, type 1, identifier 61307.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > basic attr type 16520, valint 0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > variable attr type 16521, vallen 0, valstr empty string, type <16521><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > variable attr type 16522, vallen 0, valstr empty string, type <16522><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> construct QM HASH<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Xmit*: [HASH] [IKECFG] <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Encrypt P2 payload (len 68)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Responder sending IPv4 IP 62.143.130.124/port 4500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Send Phase 2 packet (len=76)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ikecfg packet sent. msgid 22199719, len: 68, peer<62.143.130.124><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth status updated by state machine: 20<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> IKE msg done: PKI state<0> IKE state<6/1097182f><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Catcher: received 80 bytes from socket.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ****** Recv packet if <ethernet3> of vsys <Root> ******<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Catcher: get 80 bytes. src port 4500<o:p></o:p></span></p><p class=MsoNormal>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ISAKMP msg: len 76, nxp 8[HASH], exch 5[INFO], flag 01 E <o:p></o:p></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Create conn entry...<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ...done(new b90d3f73)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Decrypting payload (length 48)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Recv*: [HASH] [NOTIF] <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Need to pass XAUTH first. Silently Discard packet.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Delete conn entry...<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ...found conn entry(b90d3f73)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> IKE msg done: PKI state<0> IKE state<6/1097182f><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > from FLOAT port.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ike packet, len 124, action 0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Catcher: received 96 bytes from socket.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ****** Recv packet if <ethernet3> of vsys <Root> ******<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Catcher: get 96 bytes. src port 4500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ISAKMP msg: len 92, nxp 8[HASH], exch 6[XACT_EXCH], flag 01 E <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Decrypting payload (length 64)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Recv*: [HASH] [IKECFG] <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [IKECFG]:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> processing IKECFG payload. msgid 22199719, msgtype 2, payload ID 61307<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > print ikecfg attribute payload:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > next: 0, payloadlength 36, type 2, identifier 61307.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > basic attr type 16520, valint 0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > variable attr type 16521, vallen 8, valstr thorste <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > variable attr type 16522, vallen 8, valstr thorste <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ikecfg list add attr type 16520, val 0 added, len 0.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ikecfg list add attr type 16521, val thorste added, len 8.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ikecfg list add attr type 16522, val thorste added, len 8.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth server got type: 16520 v<0><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth server got var type: 16521<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth server got var type: 16522<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth server entering state machine: 20<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth_process_server: accounting server id 0 (use auth server as acct server).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth_process_server: xauthstatus 20.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth_auth_pap: authing locally: uname thorsten, passwd *** SUCCESS<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Get config for client(local auth)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ikecfg_assign_client_cfg(): Sa->ip_addr = 0x0 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> getting xauth local user <thorsten> remote setting<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> getting xauth local user IP from pool <vpnclient><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Don't do xauth RADIUS accounting. Send cfg to client directly.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ikecfg_send_client_cfg: ip 10.1.2.1, v4mask 255.255.255.255 dns1 10.1.1.1, dns2 0.0.0.0, win1 0.0.0.0, win2 0.0.0.0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ikecfg_send_client_cfg v6: id ::, prefix ::/0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ikecfg_send_client_cfg v6: dns1 ::, dns2 ::, win1 ::, win2 ::<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ikecfg list add attr type 1, val 10.1.2.1 added, len 4.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ikecfg list add attr type 2, val 255.255.255.255 added, len 4.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ikecfg list add attr type 3, val 10.1.1.1 added, len 4.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Create conn entry...<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ...done(new 85594f12)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct ISAKMP header.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Msg header built (next payload #8)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct [HASH]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > print ikecfg attribute payload:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > next: 0, payloadlength 32, type 3, identifier 61307.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > variable attr type 1, vallen 4, valstr 10.1.2.1 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > variable attr type 2, vallen 4, valstr 255.255.255.255 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > variable attr type 3, vallen 4, valstr 10.1.1.1 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> construct QM HASH<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Xmit*: [HASH] [IKECFG] <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Encrypt P2 payload (len 80)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Responder sending IPv4 IP 62.143.130.124/port 4500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Send Phase 2 packet (len=92)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ikecfg packet sent. msgid 85594f12, len: 80, peer<62.143.130.124><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth status updated by state machine: 90<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> IKE msg done: PKI state<0> IKE state<6/1097182f><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > from FLOAT port.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ike packet, len 92, action 0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Catcher: received 64 bytes from socket.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ****** Recv packet if <ethernet3> of vsys <Root> ******<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Catcher: get 64 bytes. src port 4500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ISAKMP msg: len 60, nxp 8[HASH], exch 6[XACT_EXCH], flag 01 E <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Decrypting payload (length 32)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Recv*: [HASH] [IKECFG] <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [IKECFG]:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> processing IKECFG payload. msgid 85594f12, msgtype 4, payload ID 61307<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > print ikecfg attribute payload:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > next: 0, payloadlength 12, type 4, identifier 61307.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > variable attr type 3, vallen 0, valstr 64.137.0.8 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ikecfg list add attr type 3, val 0.0.0.0 added, len 0.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth server entering state machine: 90<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth_process_server: accounting server id 0 (use auth server as acct server).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth_process_server: xauthstatus 90.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth status updated by state machine: -1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ikecfg list add attr type 16527, val 0 added, len 0.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Create conn entry...<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ...done(new e5ce2681)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct ISAKMP header.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Msg header built (next payload #8)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct [HASH]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > print ikecfg attribute payload:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > next: 0, payloadlength 12, type 3, identifier 61307.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > basic attr type 16527, valint 0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> construct QM HASH<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Xmit*: [HASH] [IKECFG] <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Encrypt P2 payload (len 60)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Responder sending IPv4 IP 62.143.130.124/port 4500<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Send Phase 2 packet (len=76)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ikecfg packet sent. msgid e5ce2681, len: 60, peer<62.143.130.124><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth_failed()<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth login FAILED. gw <vpnclient_gateway>, username <thorsten>, retry: 0, timeout: 1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth_cleanup()<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> IKE Xauth: release prefix route, ret=<-2>.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> XAUTH-failed: clear p2sa for p1sa(0x22b2268).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> IKE msg done: PKI state<0> IKE state<6/1097182f><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > from FLOAT port.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ike packet, len 108, action 0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Catcher: received 80 bytes from socket.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ****** Recv packet if <ethernet3> of vsys <Root> ******<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Catcher: get 80 bytes. src port 4500<o:p></o:p></span></p><p class=MsoNormal>## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ISAKMP msg: len 76, nxp 8[HASH], exch 5[INFO], flag 01 E <o:p></o:p></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Create conn entry...<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ...done(new 96990a95)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Decrypting payload (length 48)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Recv*: [HASH] [DELETE] <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [DELETE]:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> DELETE payload received, deleting Phase-1 SA<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> Delete conn entry...<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> ...found conn entry(96990a95)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:06 : IKE<62.143.130.124> IKE msg done: PKI state<0> IKE state<6/1097182f><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:07 : IKE<0.0.0.0 > dh group 2<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:08 : reap_db. deleting p1sa 22b2268<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:08 : terminate_SA: trying to delete SA cause: 0 cond: 2<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:08 : IKE<62.143.130.124> Delete conn entry...<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:08 : IKE<62.143.130.124> ...found conn entry(e5ce2681)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:08 : IKE<62.143.130.124> Delete conn entry...<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:08 : IKE<62.143.130.124> ...found conn entry(85594f12)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:08 : IKE<62.143.130.124> Delete conn entry...<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:08 : IKE<62.143.130.124> ...found conn entry(22199719)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:08 : IKE<62.143.130.124> xauth_cleanup()<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:08 : IKE<62.143.130.124> Done cleaning up IKE Phase 1 SA<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:08 : peer_identity_unregister_p1_sa.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:08 : IKE<0.0.0.0 > delete peer identity 0x622a4c0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:08 : IKE<0.0.0.0 > peer_identity_remove_from_peer: num entry before remove <2><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>## 2011-02-27 15:34:08 : peer_idt.c peer_identity_unregister_p1_sa 682: pidt deleted.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>===<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>I think “xauth login FAILED. gw <vpnclient_gateway>, username <thorsten>, retry: 0, timeout: 1” is the relevant message.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Timestamps don't match because I took the debugs at different points of time.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Configuration of juniper is<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>===<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unset key protection enable<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set clock ntp<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set clock timezone 1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set clock dst recurring start-weekday 2 0 3 02:00 end-weekday 1 0 11 02:00<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set vrouter trust-vr sharable<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set vrouter "untrust-vr"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>exit<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set vrouter "trust-vr"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unset auto-route-export<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>exit<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set service "Videoserver TCP 9999" protocol tcp src-port 0-65535 dst-port 9999-9999 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set service "pcanywhere" protocol tcp src-port 0-65535 dst-port 5631-5631 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set service "pcanywhere" + udp src-port 0-65535 dst-port 5632-5632 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set service "POP3s" protocol tcp src-port 0-65535 dst-port 995-995 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set service "SMTPs" protocol tcp src-port 0-65535 dst-port 465-465 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set alg appleichat enable<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unset alg appleichat re-assembly enable<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unset alg p2p enable<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set alg sctp enable<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set auth-server "Local" id 0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set auth-server "Local" server-name "Local"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set auth default auth server "Local"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set auth radius accounting port 1646<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set zone "Trust" vrouter "trust-vr"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set zone "Untrust" vrouter "untrust-vr"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set zone "DMZ" vrouter "trust-vr"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set zone "VLAN" vrouter "trust-vr"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set zone id 100 "vpn"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set zone "Untrust-Tun" vrouter "trust-vr"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set zone "Trust" tcp-rst <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set zone "Untrust" block <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unset zone "Untrust" tcp-rst <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set zone "MGT" block <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set zone "DMZ" tcp-rst <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unset zone "V1-Trust" tcp-rst <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unset zone "V1-Untrust" tcp-rst <o:p></o:p></span></p><p class=MsoNormal>unset zone "VLAN" tcp-rst <o:p></o:p></p><p class=MsoNormal>unset zone "vpn" tcp-rst <o:p></o:p></p><p class=MsoNormal><span lang=EN-US>set zone "Untrust" screen tear-drop<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set zone "Untrust" screen syn-flood<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set zone "Untrust" screen ping-death<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set zone "Untrust" screen ip-filter-src<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set zone "Untrust" screen land<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set zone "V1-Untrust" screen tear-drop<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set zone "V1-Untrust" screen syn-flood<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set zone "V1-Untrust" screen ping-death<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set zone "V1-Untrust" screen ip-filter-src<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set zone "V1-Untrust" screen land<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set interface "ethernet1" zone "Trust"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set interface "ethernet2" zone "DMZ"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set interface "ethernet3" zone "Untrust"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set interface ethernet1 ip 10.1.1.1/24<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set interface ethernet1 nat<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set interface ethernet2 ip 10.99.99.1/24<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set interface ethernet2 nat<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set interface ethernet3 ip 222.61.123.22/30<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set interface ethernet3 route<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unset interface vlan1 ip<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set interface ethernet1 proxy dns<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unset interface vlan1 bypass-others-ipsec<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unset interface vlan1 bypass-non-ip<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set interface ethernet1 ip manageable<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unset interface ethernet2 ip manageable<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set interface ethernet3 ip manageable<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unset interface ethernet1 manage telnet<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unset interface ethernet1 manage snmp<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set interface ethernet3 manage ssh<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set interface ethernet3 manage ssl<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set interface ethernet3 vip interface-ip 9999 "HTTP" 10.99.99.99<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unset interface ethernet1 dhcp server config next-server-ip<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unset interface ethernet1 dhcp server config updatable<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set flow tcp-mss<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unset flow no-tcp-seq-check<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set flow tcp-syn-check<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unset flow tcp-syn-bit-check<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set flow reverse-route clear-text prefer<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set flow reverse-route tunnel always<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set console page 0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set hostname nsjs<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set dbuf usb filesize 0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set pki authority default scep mode "auto"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set pki x509 default cert-path partial<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set dns host dns3 0.0.0.0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set dns host name ns-5gt-205 10.1.1.1 <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set dns proxy<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set dns proxy enable<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set dns server-select domain * outgoing-interface ethernet3 primary-server 212.202.215.1 secondary-server 212.202.215.2 tertiary-server 194.8.194.60<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set address "Trust" "10.1.1.0/24" 10.1.1.0 255.255.255.0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set address "DMZ" "10.255.255.0/24" 10.255.255.0 255.255.255.0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set address "DMZ" "10.99.99.0/24" 10.99.99.0 255.255.255.0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set ippool "vpnclient" 10.1.2.1 10.1.2.10<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set user "thorsten" uid 2<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set user "thorsten" type xauth<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set user "thorsten" remote ippool "vpnclient"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set user "thorsten" password "***"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unset user "thorsten" type auth<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set user "thorsten" "enable"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set user "vpnclient_ph1id" uid 1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set user "vpnclient_ph1id" ike-id fqdn "client.jersa.de" share-limit 2<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set user "vpnclient_ph1id" type ike<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set user "vpnclient_ph1id" "enable"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set user-group "vpnclient_group" id 1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set user-group "vpnclient_group" user "vpnclient_ph1id"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set crypto-policy<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>exit<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set ike gateway "vpnclient_gateway" dialup "vpnclient_group" Aggr local-id "vpngw.jersa.de" outgoing-interface "ethernet3" preshare "***" proposal "pre-g2-3des-sha" "pre-g2-3des-md5" "pre-g2-aes128-sha" "pre-g2-aes128-md5"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set ike gateway "vpnclient_gateway" dpd-liveness interval 30<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unset ike gateway "vpnclient_gateway" nat-traversal udp-checksum<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set ike gateway "vpnclient_gateway" nat-traversal keepalive-frequency 20<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set ike gateway "vpnclient_gateway" xauth server "Local"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unset ike gateway "vpnclient_gateway" xauth do-edipi-auth<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set ike respond-bad-spi 1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set ike ikev2 ike-sa-soft-lifetime 60<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unset ike ikeid-enumeration<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unset ike dos-protection<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unset ipsec access-session enable<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set ipsec access-session maximum 5000<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set ipsec access-session upper-threshold 0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set ipsec access-session lower-threshold 0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set ipsec access-session dead-p2-sa-timeout 0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unset ipsec access-session log-error<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unset ipsec access-session info-exch-connected<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unset ipsec access-session use-error-log<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set xauth default ippool "vpnclient"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set xauth default dns1 10.1.1.1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set vpn "vpnclient_tunnel" gateway "vpnclient_gateway" replay tunnel idletime 0 proposal "nopfs-esp-3des-sha" "nopfs-esp-3des-md5" "nopfs-esp-aes128-sha" "nopfs-esp-aes128-md5" <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set vpn "vpnclient_tunnel" monitor<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set vrouter "untrust-vr"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>exit<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set vrouter "trust-vr"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>exit<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set url protocol websense<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>exit<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 11 from "Trust" to "Untrust" "Any" "Any" "ANY" permit log <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 11 disable<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 11<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>exit<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 1 from "Trust" to "Untrust" "10.1.1.0/24" "Any" "DNS" permit log <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set service "FTP"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set service "HTTP"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set service "HTTPS"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set service "NTP"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set service "pcanywhere"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set service "PING"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set service "POP3"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set service "POP3s"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set service "SMTP"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set service "SMTPs"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set service "TRACEROUTE"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set service "Videoserver TCP 9999"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>exit<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 4 from "Trust" to "Untrust" "Any" "Any" "UDP-ANY" deny log <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 4<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>exit<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 12 from "Untrust" to "DMZ" "Any" "Any" "ANY" permit log <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 12 disable<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 12<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>exit<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 2 from "Untrust" to "DMZ" "Any" "VIP(ethernet3)" "HTTP" permit log <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 2<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set service "HTTPS"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set service "Videoserver TCP 9999"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>exit<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 3 from "Trust" to "Untrust" "Any" "Any" "ANY" deny log <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 3<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>exit<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 5 from "Untrust" to "DMZ" "Any" "Any" "ANY" deny log <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 5<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>exit<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 6 from "Trust" to "DMZ" "10.1.1.0/24" "10.99.99.0/24" "HTTP" permit log <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 6<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set service "HTTPS"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set service "PING"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>exit<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 7 from "Trust" to "DMZ" "Any" "Any" "ANY" deny log <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 7<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>exit<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 16 from "Untrust" to "Trust" "Any" "Any" "ANY" permit log <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 16 disable<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 16<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>exit<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 15 name "vpnclient_inbound" from "Untrust" to "Trust" "Dial-Up VPN" "10.1.1.0/24" "ANY" tunnel vpn "vpnclient_tunnel" id 0x2 log <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 15<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>exit<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 8 from "Untrust" to "Trust" "Any" "Any" "ANY" deny log <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 8<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>exit<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 13 from "DMZ" to "Trust" "Any" "Any" "ANY" permit log <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 13 disable<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 13<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>exit<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 9 from "DMZ" to "Trust" "Any" "Any" "ANY" deny log <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 9<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>exit<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 14 from "DMZ" to "Untrust" "Any" "Any" "ANY" permit log <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 14 disable<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 14<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>exit<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set policy id 10 from "DMZ" to "Untrust" "Any" "Any" "ANY" deny log <o:p></o:p></span></p><p class=MsoNormal>set policy id 10<o:p></o:p></p><p class=MsoNormal>exit<o:p></o:p></p><p class=MsoNormal>set log cli enable<o:p></o:p></p><p class=MsoNormal><span lang=EN-US>set nsmgmt bulkcli reboot-timeout 60<o:p></o:p></span></p><p class=MsoNormal>set ssh version v2<o:p></o:p></p><p class=MsoNormal>set ssh enable<o:p></o:p></p><p class=MsoNormal>set config lock timeout 5<o:p></o:p></p><p class=MsoNormal>unset license-key auto-update<o:p></o:p></p><p class=MsoNormal><span lang=EN-US>set ssl port 23143<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set ntp server "192.53.103.103"<o:p></o:p></span></p><p class=MsoNormal>set ntp server backup1 "192.53.103.104"<o:p></o:p></p><p class=MsoNormal><span lang=EN-US>set ntp server backup2 "192.53.103.108"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set ntp interval 1440<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set modem speed 115200<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set modem retry 3<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set modem interval 10<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set modem idle-time 10<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set snmp port listen 161<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set snmp port trap 162<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set vrouter "untrust-vr"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set route 0.0.0.0/0 interface ethernet3 gateway *** permanent<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set route 10.1.1.0/24 vrouter "trust-vr" preference 20 metric 1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set route 10.99.99.0/24 vrouter "trust-vr" preference 20 metric 1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>exit<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set vrouter "trust-vr"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>unset add-default-route<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set route 0.0.0.0/0 vrouter "untrust-vr" preference 20 metric 1<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>exit<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set vrouter "untrust-vr"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>exit<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>set vrouter "trust-vr"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>exit<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>===<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Does anybody have an idea what's going wrong?<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Many thanks in advance<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Thorsten<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p></div></body></html>