debug_ipsec - Cisco Support Community

*Jun 24 19:09:35.962: ISAKMP:(0): processing vendor id payload *Jun 24 19:09:35.962: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch *Jun 24 19:09:35.962: ISAKMP (0): vendor ID is NAT-T RFC 3947 *Jun 24 19:09:35.962: ISAKMP:(0): processing vendor id payload *Jun 24 19:09:35.962: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch *Jun 24 19:09:35.962: ISAKMP:(0): vendor ID is NAT-T v2 *Jun 24 19:09:35.962: ISAKMP:(0): processing vendor id payload *Jun 24 19:09:35.962: ISAKMP:(0): vendor ID seems Unity/DPD but major 194 mismatch *Jun 24 19:09:35.962: ISAKMP:(0): processing vendor id payload *Jun 24 19:09:35.962: ISAKMP:(0): vendor ID seems Unity/DPD but major 241 mismatch *Jun 24 19:09:35.962: ISAKMP:(0): processing vendor id payload *Jun 24 19:09:35.962: ISAKMP:(0): vendor ID seems Unity/DPD but major 184 mismatch *Jun 24 19:09:35.962: ISAKMP:(0): processing vendor id payload *Jun 24 19:09:35.962: ISAKMP:(0): vendor ID seems Unity/DPD but major 134 mismatch *Jun 24 19:09:35.962: ISAKMP:(0):found peer pre-shared key matching 96.31.182.52 *Jun 24 19:09:35.962: ISAKMP:(0): local preshared key found *Jun 24 19:09:35.962: ISAKMP : Scanning profiles for xauth ... *Jun 24 19:09:35.962: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy *Jun 24 19:09:35.962: ISAKMP: encryption AES-CBC *Jun 24 19:09:35.962: ISAKMP: keylength of 256 *Jun 24 19:09:35.962: ISAKMP: hash SHA *Jun 24 19:09:35.962: ISAKMP: default group 20 *Jun 24 19:09:35.962: ISAKMP: auth pre-share *Jun 24 19:09:35.962: ISAKMP: life type in seconds *Jun 24 19:09:35.962: ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80 *Jun 24 19:09:35.962: ISAKMP:(0):Encryption algorithm offered does not match policy! *Jun 24 19:09:35.962: ISAKMP:(0):atts are not acceptable. Next payload is 3 *Jun 24 19:09:35.962: ISAKMP:(0):Checking ISAKMP transform 2 against priority 1 policy *Jun 24 19:09:35.962: ISAKMP: encryption AES-CBC *Jun 24 19:09:35.962: ISAKMP: keylength of 128 *Jun 24 19:09:35.962: ISAKMP: hash SHA *Jun 24 19:09:35.962: ISAKMP: default group 19 *Jun 24 19:09:35.962: ISAKMP: auth pre-share *Jun 24 19:09:35.962: ISAKMP: life type in seconds *Jun 24 19:09:35.962: ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80 *Jun 24 19:09:35.962: ISAKMP:(0):Encryption algorithm offered does not match policy! *Jun 24 19:09:35.962: ISAKMP:(0):atts are not acceptable. Next payload is 3 *Jun 24 19:09:35.962: ISAKMP:(0):Checking ISAKMP transform 3 against priority 1 policy *Jun 24 19:09:35.962: ISAKMP: encryption AES-CBC *Jun 24 19:09:35.962: ISAKMP: keylength of 256 *Jun 24 19:09:35.962: ISAKMP: hash SHA *Jun 24 19:09:35.962: ISAKMP: default group 14 *Jun 24 19:09:35.962: ISAKMP: auth pre-share *Jun 24 19:09:35.962: ISAKMP: life type in seconds *Jun 24 19:09:35.962: ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80 *Jun 24 19:09:35.962: ISAKMP:(0):Encryption algorithm offered does not match policy! *Jun 24 19:09:35.962: ISAKMP:(0):atts are not acceptable. Next payload is 3 *Jun 24 19:09:35.962: ISAKMP:(0):Checking ISAKMP transform 4 against priority 1 policy *Jun 24 19:09:35.962: ISAKMP: encryption 3DES-CBC *Jun 24 19:09:35.962: ISAKMP: hash SHA *Jun 24 19:09:35.962: ISAKMP: default group 14 *Jun 24 19:09:35.962: ISAKMP: auth pre-share *Jun 24 19:09:35.962: ISAKMP: life type in seconds *Jun 24 19:09:35.962: ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80 *Jun 24 19:09:35.962: ISAKMP:(0):Diffie-Hellman group offered does not match policy! *Jun 24 19:09:35.962: ISAKMP:(0):atts are not acceptable. Next payload is 3 *Jun 24 19:09:35.962: ISAKMP:(0):Checking ISAKMP transform 5 against priority 1 policy *Jun 24 19:09:35.962: ISAKMP: encryption 3DES-CBC *Jun 24 19:09:35.962: ISAKMP: hash SHA *Jun 24 19:09:35.962: ISAKMP: default group 2 *Jun 24 19:09:35.962: ISAKMP: auth pre-share *Jun 24 19:09:35.962: ISAKMP: life type in seconds *Jun 24 19:09:35.962: ISAKMP: life duration (VPI) of 0x0 0x0 0x70 0x80 *Jun 24 19:09:35.962: ISAKMP:(0):atts are acceptable. Next payload is 0 *Jun 24 19:09:35.962: ISAKMP:(0):Acceptable atts:actual life: 86400 *Jun 24 19:09:35.962: ISAKMP:(0):Acceptable atts:life: 0 *Jun 24 19:09:35.962: ISAKMP:(0):Fill atts in sa vpi_length:4 *Jun 24 19:09:35.962: ISAKMP:(0):Fill atts in sa life_in_seconds:28800 *Jun 24 19:09:35.962: ISAKMP:(0):Returning Actual lifetime: 28800 *Jun 24 19:09:35.962: ISAKMP:(0)::Started lifetime timer: 28800. *Jun 24 19:09:35.982: ISAKMP:(0): processing vendor id payload *Jun 24 19:09:35.982: ISAKMP:(0): processing IKE frag vendor id payload *Jun 24 19:09:35.982: ISAKMP:(0):Support for IKE Fragmentation not enabled *Jun 24 19:09:35.982: ISAKMP:(0): processing vendor id payload *Jun 24 19:09:35.982: ISAKMP:(0): processing IKE frag vendor id payload *Jun 24 19:09:35.982: ISAKMP:(0):Support for IKE Fragmentation not enabled *Jun 24 19:09:35.982: ISAKMP:(0): processing vendor id payload *Jun 24 19:09:35.982: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch *Jun 24 19:09:35.982: ISAKMP (0): vendor ID is NAT-T RFC 3947 *Jun 24 19:09:35.982: ISAKMP:(0): processing vendor id payload *Jun 24 19:09:35.982: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch *Jun 24 19:09:35.982: ISAKMP:(0): vendor ID is NAT-T v2 *Jun 24 19:09:35.982: ISAKMP:(0): processing vendor id payload *Jun 24 19:09:35.982: ISAKMP:(0): vendor ID seems Unity/DPD but major 194 mismatch *Jun 24 19:09:35.982: ISAKMP:(0): processing vendor id payload *Jun 24 19:09:35.982: ISAKMP:(0): vendor ID seems Unity/DPD but major 241 mismatch *Jun 24 19:09:35.982: ISAKMP:(0): processing vendor id payload *Jun 24 19:09:35.982: ISAKMP:(0): vendor ID seems Unity/DPD but major 184 mismatch *Jun 24 19:09:35.982: ISAKMP:(0): processing vendor id payload *Jun 24 19:09:35.982: ISAKMP:(0): vendor ID seems Unity/DPD but major 134 mismatch *Jun 24 19:09:35.982: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Jun 24 19:09:35.982: ISAKMP:(0):Old State = IKE_R_MM1 New State = IKE_R_MM1 *Jun 24 19:09:35.982: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID *Jun 24 19:09:35.982: ISAKMP:(0): sending packet to 96.31.182.52 my_port 500 peer_port 500 (R) MM_SA_SETUP *Jun 24 19:09:35.982: ISAKMP:(0):Sending an IKE IPv4 Packet. *Jun 24 19:09:35.982: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Jun 24 19:09:35.982: ISAKMP:(0):Old State = IKE_R_MM1 New State = IKE_R_MM2 *Jun 24 19:09:35.986: ISAKMP (0): received packet from 96.31.182.52 dport 500 sport 500 Global (R) MM_SA_SETUP *Jun 24 19:09:35.986: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Jun 24 19:09:35.986: ISAKMP:(0):Old State = IKE_R_MM2 New State = IKE_R_MM3 *Jun 24 19:09:35.986: ISAKMP:(0): processing KE payload. message ID = 0 *Jun 24 19:09:36.010: ISAKMP:(0): processing NONCE payload. message ID = 0 *Jun 24 19:09:36.010: ISAKMP:(0):found peer pre-shared key matching 96.31.182.52 *Jun 24 19:09:36.010: ISAKMP:received payload type 20 *Jun 24 19:09:36.010: ISAKMP (1022): His hash no match - this node outside NAT *Jun 24 19:09:36.010: ISAKMP:received payload type 20 *Jun 24 19:09:36.010: ISAKMP (1022): His hash no match - this node outside NAT *Jun 24 19:09:36.010: ISAKMP:(1022):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Jun 24 19:09:36.010: ISAKMP:(1022):Old State = IKE_R_MM3 New State = IKE_R_MM3 *Jun 24 19:09:36.010: ISAKMP:(1022): sending packet to 96.31.182.52 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Jun 24 19:09:36.010: ISAKMP:(1022):Sending an IKE IPv4 Packet. *Jun 24 19:09:36.010: ISAKMP:(1022):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Jun 24 19:09:36.010: ISAKMP:(1022):Old State = IKE_R_MM3 New State = IKE_R_MM4 *Jun 24 19:09:36.014: ISAKMP (1022): received packet from 96.31.182.52 dport 4500 sport 4500 Global (R) MM_KEY_EXCH *Jun 24 19:09:36.014: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Jun 24 19:09:36.014: ISAKMP:(1022):Old State = IKE_R_MM4 New State = IKE_R_MM5 *Jun 24 19:09:36.014: ISAKMP:(1022): processing ID payload. message ID = 0 *Jun 24 19:09:36.014: ISAKMP (1022): ID payload next-payload : 8 type :1 address : 192.168.1.3 protocol :0 port length :0 : 12 *Jun 24 19:09:36.014: ISAKMP:(0):: peer matches *none* of the profiles *Jun 24 19:09:36.014: ISAKMP:(1022): processing HASH payload. message ID = 0 *Jun 24 19:09:36.014: ISAKMP:(1022):SA authentication status: authenticated *Jun 24 19:09:36.014: ISAKMP:(1022):SA has been authenticated with 96.31.182.52 *Jun 24 19:09:36.014: ISAKMP:(1022):Detected port floating to port = 4500 *Jun 24 19:09:36.014: ISAKMP: Trying to insert a peer 96.31.182.55/96.31.182.52/4500/, and inserted successfully 3F8D6668. *Jun 24 19:09:36.014: ISAKMP:(1022):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Jun 24 19:09:36.014: ISAKMP:(1022):Old State = IKE_R_MM5 New State = IKE_R_MM5 *Jun 24 19:09:36.014: ISAKMP:(1022):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR *Jun 24 19:09:36.014: ISAKMP (1022): ID payload next-payload : 8 type :1 address : 96.31.182.55 protocol : 17 port :0 length : 12 *Jun 24 19:09:36.014: ISAKMP:(1022):Total payload length: 12 *Jun 24 19:09:36.014: ISAKMP:(1022): sending packet to 96.31.182.52 my_port 4500 peer_port 4500 (R) MM_KEY_EXCH *Jun 24 19:09:36.014: ISAKMP:(1022):Sending an IKE IPv4 Packet. *Jun 24 19:09:36.014: ISAKMP:(1022):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Jun 24 19:09:36.014: ISAKMP:(1022):Old State = IKE_R_MM5 New State = IKE_P1_COMPLETE *Jun 24 19:09:36.014: ISAKMP:(1022):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE *Jun 24 19:09:36.014: ISAKMP:(1022):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Jun 24 19:09:36.018: ISAKMP (1022): received packet from 96.31.182.52 dport 4500 sport 4500 Global (R) QM_IDLE *Jun 24 19:09:36.018: ISAKMP: set new node 1 to QM_IDLE *Jun 24 19:09:36.018: ISAKMP:(1022): processing HASH payload. message ID = 1 *Jun 24 19:09:36.018: ISAKMP:(1022): processing SA payload. message ID = 1 *Jun 24 19:09:36.018: ISAKMP (1022): processing NAT-OAi payload. addr = 192.168.1.3, message ID = 1 *Jun 24 19:09:36.018: ISAKMP (1022): processing NAT-OAr payload. addr = 96.31.182.55, message ID = 1 *Jun 24 19:09:36.018: ISAKMP:(1022):Checking IPSec proposal 1 *Jun 24 19:09:36.018: ISAKMP: transform 1, ESP_AES *Jun 24 19:09:36.018: ISAKMP: attributes in transform: *Jun 24 19:09:36.018: ISAKMP: encaps is 4 (Transport-UDP) *Jun 24 19:09:36.018: ISAKMP: key length is 128 *Jun 24 19:09:36.018: ISAKMP: authenticator is HMAC-SHA *Jun 24 19:09:36.018: ISAKMP: SA life type in seconds *Jun 24 19:09:36.018: ISAKMP: SA life duration (VPI) of 0x0 0x0 0xE 0x10 *Jun 24 19:09:36.018: ISAKMP: SA life type in kilobytes *Jun 24 19:09:36.018: ISAKMP: SA life duration (VPI) of 0x0 0x3 0xD0 0x90 *Jun 24 19:09:36.018: ISAKMP:(1022):atts are acceptable. *Jun 24 19:09:36.018: ISAKMP:(1022): IPSec policy invalidated proposal with error 256 *Jun 24 19:09:36.022: ISAKMP:(1022):Checking IPSec proposal 2 *Jun 24 19:09:36.022: ISAKMP: transform 1, ESP_3DES *Jun 24 19:09:36.022: ISAKMP: attributes in transform: *Jun 24 19:09:36.022: ISAKMP: encaps is 4 (Transport-UDP) *Jun 24 19:09:36.022: ISAKMP: authenticator is HMAC-SHA *Jun 24 19:09:36.022: ISAKMP: SA life type in seconds *Jun 24 19:09:36.022: ISAKMP: SA life duration (VPI) of 0x0 0x0 0xE 0x10 *Jun 24 19:09:36.022: ISAKMP: SA life type in kilobytes *Jun 24 19:09:36.022: ISAKMP: SA life duration (VPI) of 0x0 0x3 0xD0 0x90 *Jun 24 19:09:36.022: ISAKMP:(1022):atts are acceptable. *Jun 24 19:09:36.022: ISAKMP:(1022): processing NONCE payload. message ID = 1 *Jun 24 19:09:36.022: ISAKMP:(1022): processing ID payload. message ID = 1 *Jun 24 19:09:36.022: ISAKMP:(1022): processing ID payload. message ID = 1 *Jun 24 19:09:36.022: ISAKMP:received payload type 21 *Jun 24 19:09:36.022: ISAKMP:received payload type 21 *Jun 24 19:09:36.022: ISAKMP:(1022):QM Responder gets spi *Jun 24 19:09:36.022: ISAKMP:(1022):Node 1, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Jun 24 19:09:36.022: ISAKMP:(1022):Old State = IKE_QM_READY New State = IKE_QM_SPI_STARVE *Jun 24 19:09:36.022: ISAKMP:(1022):Node 1, Input = IKE_MESG_INTERNAL, IKE_GOT_SPI *Jun 24 19:09:36.022: ISAKMP:(1022):Old State = IKE_QM_SPI_STARVE New State = IKE_QM_IPSEC_INSTALL_AWAIT *Jun 24 19:09:36.022: ISAKMP: Failed to find peer index node to update peer_info_list *Jun 24 19:09:36.022: ISAKMP:(1022):Received IPSec Install callback... proceeding with the negotiation *Jun 24 19:09:36.022: ISAKMP:(1022):Successfully installed IPSEC SA (SPI:0x9FE9055) on GigabitEthernet0/2 *Jun 24 19:09:36.022: ISAKMP:(1022): sending packet to 96.31.182.52 my_port 4500 peer_port 4500 (R) QM_IDLE *Jun 24 19:09:36.022: ISAKMP:(1022):Sending an IKE IPv4 Packet. *Jun 24 19:09:36.022: ISAKMP:(1022):Node 1, Input = IKE_MESG_FROM_IPSEC, IPSEC_INSTALL_DONE *Jun 24 19:09:36.022: ISAKMP:(1022):Old State = IKE_QM_IPSEC_INSTALL_AWAIT New State = IKE_QM_R_QM2 *Jun 24 19:09:36.026: ISAKMP (1022): received packet from 96.31.182.52 dport 4500 sport 4500 Global (R) QM_IDLE *Jun 24 19:09:36.026: ISAKMP:(1022):deleting node 1 error FALSE reason "QM done (await)" *Jun 24 19:09:36.026: ISAKMP:(1022):Node 1, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Jun 24 19:09:36.026: ISAKMP:(1022):Old State = IKE_QM_R_QM2 New State = IKE_QM_PHASE2_COMPLETE *Jun 24 19:10:10.090: ISAKMP (1022): received packet from 96.31.182.52 dport 4500 sport 4500 Global (R) QM_IDLE *Jun 24 19:10:10.090: ISAKMP: set new node 963339295 to QM_IDLE *Jun 24 19:10:10.090: ISAKMP:(1022): processing HASH payload. message ID = 963339295 *Jun 24 19:10:10.090: ISAKMP:(1022): processing DELETE payload. message ID = 963339295 *Jun 24 19:10:10.090: ISAKMP:(1022):peer does not do paranoid keepalives. *Jun 24 19:10:10.090: ISAKMP:(1022):Enqueued KEY_MGR_DELETE_SAS for IPSEC SA (SPI:0x91BEBD16) *Jun 24 19:10:10.090: ISAKMP:(1022):deleting node 963339295 error FALSE reason "Informational (in) state 1" *Jun 24 19:10:10.090: ISAKMP: Failed to find peer index node to update peer_info_list *Jun 24 19:10:10.094: ISAKMP (1022): received packet from 96.31.182.52 dport 4500 sport 4500 Global (R) QM_IDLE *Jun 24 19:10:10.094: ISAKMP: set new node 406642821 to QM_IDLE *Jun 24 19:10:10.094: ISAKMP:(1022): processing HASH payload. message ID = 406642821 *Jun 24 19:10:10.094: ISAKMP:(1022): processing DELETE payload. message ID = 406642821 *Jun 24 19:10:10.094: ISAKMP:(1022):peer does not do paranoid keepalives. *Jun 24 19:10:10.094: ISAKMP:(1022):deleting SA reason "No reason" state (R) QM_IDLE 96.31.182.52) (peer *Jun 24 19:10:10.094: ISAKMP:(1022):deleting node 406642821 error FALSE reason "Informational (in) state 1" *Jun 24 19:10:10.094: ISAKMP: set new node 845537200 to QM_IDLE *Jun 24 19:10:10.094: ISAKMP:(1022): sending packet to 96.31.182.52 my_port 4500 peer_port 4500 (R) QM_IDLE *Jun 24 19:10:10.094: ISAKMP:(1022):Sending an IKE IPv4 Packet. *Jun 24 19:10:10.094: ISAKMP:(1022):purging node 845537200 *Jun 24 19:10:10.094: ISAKMP:(1022):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Jun 24 19:10:10.094: ISAKMP:(1022):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA *Jun 24 19:10:10.094: ISAKMP:(1022):deleting SA reason "No reason" state (R) QM_IDLE 96.31.182.52) (peer *Jun 24 19:10:10.094: ISAKMP: Unlocking peer struct 0x3F8D6668 for isadb_mark_sa_deleted(), count 0 *Jun 24 19:10:10.094: ISAKMP:(1022):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Jun 24 19:10:10.094: ISAKMP:(1022):Old State = IKE_DEST_SA New State = IKE_DEST_SA *Jun 24 19:10:10.094: ISAKMP: Deleting peer node by peer_reap for 96.31.182.52: 3F8D6668 CISCO2921# *Jun 24 19:10:26.026: ISAKMP:(1022):purging node 1

debug_ipsec - Cisco Support Community

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib