1.1.1.1 - HUB (SRX) IP 2.2.2.2 - SPOKE (CISCO) IP SRX - ike traceoptions CISCO - debug crypto isakmp ------------- SRX ------------- user@SRX> [Jan 27 22:34:43]ikev2_packet_allocate: Allocated packet e3c800 from freelist [Jan 27 22:34:43]ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [Jan 27 22:34:43]ike_get_sa: Start, SA = { 9bfdcca3 457a662e - 00000000 00000000 } / 00000000, remote = 2.2.2.2:500 [Jan 27 22:34:43]ike_sa_allocate: Start, SA = { 9bfdcca3 457a662e - 38cfa7e6 8836e428 } [Jan 27 22:34:43]ike_init_isakmp_sa: Start, remote = 2.2.2.2:500, initiator = 0 [Jan 27 22:34:43]ike_decode_packet: Start [Jan 27 22:34:43]ike_decode_packet: Start, SA = { 9bfdcca3 457a662e - ed30b78d a9bba353} / 00000000, nego = -1 [Jan 27 22:34:43]ike_decode_payload_sa: Start [Jan 27 22:34:43]ike_decode_payload_t: Start, # trans = 1 [Jan 27 22:34:43]ike_st_i_vid: VID[0..16] = 4a131c81 07035845 ... [Jan 27 22:34:43]ike_st_i_vid: VID[0..16] = 439b59f8 ba676c4c ... [Jan 27 22:34:43]ike_st_i_vid: VID[0..16] = 7d9419a6 5310ca6f ... [Jan 27 22:34:43]ike_st_i_vid: VID[0..16] = 90cb8091 3ebb696e ... [Jan 27 22:34:43]ike_st_i_vid: VID[0..16] = afcad713 68a1f1c9 ... [Jan 27 22:34:43]ike_st_i_vid: VID[0..8] = 09002689 dfd6b712 ... [Jan 27 22:34:43]ike_st_i_vid: VID[0..16] = 6e3a6bbe 457b662e ... [Jan 27 22:34:43]ike_st_i_id: Start [Jan 27 22:34:43]ike_st_i_sa_proposal: Start [Jan 27 22:34:43]ike_free_id_payload: Start, id type = 2 [Jan 27 22:34:43]ike_isakmp_sa_reply: Start [Jan 27 22:34:43]ike_state_restart_packet: Start, restart packet SA = { 9bfdcca3 457a662e - ed30b78d a9bba353}, nego = -1 [Jan 27 22:34:43]ike_st_i_sa_proposal: Start [Jan 27 22:34:43]ike_st_i_nonce: Start, nonce[0..20] = cef1fff4 69bfc648 ... [Jan 27 22:34:43]ike_st_i_cert: Start [Jan 27 22:34:43]ike_st_i_hash_key: Start, no key_hash [Jan 27 22:34:43]ike_st_i_ke: Ke[0..192] = a0c7a1a1 1504497e ... [Jan 27 22:34:43]ike_st_i_cr: Start [Jan 27 22:34:43]ike_st_i_private: Start [Jan 27 22:34:43]ike_st_o_sa_values: Start [Jan 27 22:34:43]ike_st_o_ke: Start [Jan 27 22:34:43]ike_st_o_nonce: Start [Jan 27 22:34:43]ike_policy_reply_isakmp_nonce_data_len: Start [Jan 27 22:34:43]ike_st_o_id: Start [Jan 27 22:34:43]ike_policy_reply_isakmp_id: Start [Jan 27 22:34:43]ike_state_restart_packet: Start, restart packet SA = { 9bfdcca3 457a662e - ed30b78d a9bba353}, nego = -1 [Jan 27 22:34:43]ike_st_o_id: Start [Jan 27 22:34:43]ike_st_o_certs_base: Start [Jan 27 22:34:43]ike_st_o_sig_or_hash: Start, auth_method = 4 [Jan 27 22:34:43]ike_st_o_hash: Start [Jan 27 22:34:43]ike_find_pre_shared_key: Find pre shared key key for 1.1.1.1:500, id = fqdn(any:0,[0..13]=HUB.domain.com) -> 2.2.2.2:500, id = fqdn(udp:0,[0..21]=SPOKE.domain.com) [Jan 27 22:34:43]ike_policy_reply_find_pre_shared_key: Start [Jan 27 22:34:43]ike_state_restart_packet: Start, restart packet SA = { 9bfdcca3 457a662e - ed30b78d a9bba353}, nego = -1 [Jan 27 22:34:43]ike_st_o_sig_or_hash: Start, auth_method = 4 [Jan 27 22:34:43]ike_st_o_hash: Start [Jan 27 22:34:43]ike_find_pre_shared_key: Find pre shared key key for 1.1.1.1:500, id = fqdn(any:0,[0..13]=HUB.domain.com) -> 2.2.2.2:500, id = fqdn(udp:0,[0..21]=SPOKE.domain.com) [Jan 27 22:34:43]ike_calc_mac: Start, initiator = false, local = true [Jan 27 22:34:43]ike_policy_reply_isakmp_vendor_ids: Start [Jan 27 22:34:43]ike_st_o_status_n: Start [Jan 27 22:34:43]ike_st_o_private: Start [Jan 27 22:34:43]ike_policy_reply_private_payload_out: Start [Jan 27 22:34:43]ike_policy_reply_private_payload_out: Start [Jan 27 22:34:43]ike_policy_reply_private_payload_out: Start [Jan 27 22:34:43]ike_st_o_calc_skeyid: Calculating skeyid [Jan 27 22:34:43]ike_encode_packet: Start, SA = { 0x9bfdcca3 457a662e - ed30b78d a9bba353 } / 00000000, nego = -1 [Jan 27 22:34:43]ike_send_packet: Start, send SA = { 9bfdcca3 457a662e - ed30b78d a9bba353}, nego = -1, local ip= 1.1.1.1, dst = 2.2.2.2:500, routing table id = 0 [Jan 27 22:34:43]ikev2_packet_allocate: Allocated packet e3cc00 from freelist [Jan 27 22:34:43]ike_sa_find: Found SA = { 9bfdcca3 457a662e - ed30b78d a9bba353 } [Jan 27 22:34:43]ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [Jan 27 22:34:43]ike_get_sa: Start, SA = { 9bfdcca3 457a662e - ed30b78d a9bba353 } / 00000000, remote = 2.2.2.2:500 [Jan 27 22:34:43]ike_sa_find: Found SA = { 9bfdcca3 457a662e - ed30b78d a9bba353 } [Jan 27 22:34:43]ike_decode_packet: Start [Jan 27 22:34:43]ike_decode_packet: Start, SA = { 9bfdcca3 457a662e - ed30b78d a9bba353} / 00000000, nego = -1 [Jan 27 22:34:43]ike_st_i_hash: Start, hash[0..20] = 69420fa6 a4812481 ... [Jan 27 22:34:43]ike_calc_mac: Start, initiator = false, local = false [Jan 27 22:34:43]ike_st_i_cert: Start [Jan 27 22:34:43]ike_st_i_status_n: Start, doi = 1, protocol = 1, code = Initial contact notification (24578), spi[0..16] = 9bfdcca3 457a662e ..., data[0..0] = 00000000 00000000 ... [Jan 27 22:34:43]iked_pm_ike_spd_notify_received: Received authenticated notification payload unknown from local:1.1.1.1 remote:2.2.2.2 IKEv1 for P1 SA 6698858 [Jan 27 22:34:43]ike_st_i_private: Start [Jan 27 22:34:43]ike_st_o_wait_done: Marking for waiting for done [Jan 27 22:34:43]ike_st_o_all_done: MESSAGE: Phase 1 { 0x9bfdcca3 457a662e - 0xed30b78d a9bba353 } / 00000000, version = 1.0, xchg = Aggressive, auth_method = Pre shared keys, Responder, cipher = aes-cbc, hash = sha1, prf = hmac-sha1, life [Jan 27 22:34:43]1.1.1.1:500 (Responder) <-> 2.2.2.2:500 { 9bfdcca3 457a662e - ed30b78d a9bba353 [-1] / 0x00000000 } Aggr; MESSAGE: Phase 1 version = 1.0, auth_method = Pre shared keys, cipher = aes-cbc, hash = sha1, prf = hmac-sh [Jan 27 22:34:43]ike_send_notify: Connected, SA = { 9bfdcca3 457a662e - ed30b78d a9bba353}, nego = -1 [Jan 27 22:34:43]iked_pm_ike_sa_done: local:1.1.1.1, remote:2.2.2.2 IKEv1 [Jan 27 22:34:43]IKE negotiation done for local:1.1.1.1, remote:2.2.2.2 IKEv1 with status: Error ok [Jan 27 22:34:43]ikev2_packet_allocate: Allocated packet e3d000 from freelist [Jan 27 22:34:43]ike_sa_find: Found SA = { 9bfdcca3 457a662e - ed30b78d a9bba353 } [Jan 27 22:34:43]ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [Jan 27 22:34:43]ike_get_sa: Start, SA = { 9bfdcca3 457a662e - ed30b78d a9bba353 } / 4935be4a, remote = 2.2.2.2:500 [Jan 27 22:34:43]ike_sa_find: Found SA = { 9bfdcca3 457a662e - ed30b78d a9bba353 } [Jan 27 22:34:43]ike_st_o_done: ISAKMP SA negotiation done [Jan 27 22:34:43]ike_send_notify: Connected, SA = { 9bfdcca3 457a662e - ed30b78d a9bba353}, nego = -1 [Jan 27 22:34:43]ike_free_negotiation_isakmp: Start, nego = -1 [Jan 27 22:34:43]ike_free_negotiation: Start, nego = -1 [Jan 27 22:34:43]ike_alloc_negotiation: Start, SA = { 9bfdcca3 457a662e - ed30b78d a9bba353} [Jan 27 22:34:43]ike_init_qm_negotiation: Start, initiator = 0, message_id = 4935be4a [Jan 27 22:34:43]ike_decode_packet: Start [Jan 27 22:34:43]ike_decode_packet: Start, SA = { 9bfdcca3 457a662e - ed30b78d a9bba353} / 4935be4a, nego = 0 [Jan 27 22:34:43]:500 (Responder) <-> 2.2.2.2:500 { 9bfdcca3 457a662e - ed30b78d a9bba353 [0] / 0x4935be4a } QM; Warning, junk after packet len = 352, decoded = 336 [Jan 27 22:34:43]ike_decode_payload_sa: Start [Jan 27 22:34:43]ike_decode_payload_t: Start, # trans = 1 [Jan 27 22:34:43]ike_st_i_encrypt: Check that packet was encrypted succeeded [Jan 27 22:34:43]ike_st_i_qm_hash_1: Start, hash[0..20] = f6d6c1b2 0b269d3d ... [Jan 27 22:34:43]ike_st_i_qm_nonce: Nonce[0..20] = b60ab8f0 9b9ef85c ... [Jan 27 22:34:43]ike_st_i_qm_ke: Ke[0..192] = 4a90001b a3026365 ... [Jan 27 22:34:43]ike_st_i_qm_sa_proposals: Start [Jan 27 22:34:43]Added (spi=0xa9c19c58, protocol=0) entry to the spi table [Jan 27 22:34:43]Added (spi=0x34c9903c, protocol=0) entry to the spi table [Jan 27 22:34:43]SA-CFG lookup for Phase 2 failed for local:1.1.1.1, remote:2.2.2.2 IKEv1 [Jan 27 22:34:43]ikev2_fb_spd_select_qm_sa_cb: IKEv2 SA select failed with error No proposal chosen [Jan 27 22:34:43]ikev2_fb_spd_select_qm_sa_cb: SA selection failed, no matching proposal (neg eef800) [Jan 27 22:34:43]ike_qm_sa_reply: Start [Jan 27 22:34:43]ike_state_restart_packet: Start, restart packet SA = { 9bfdcca3 457a662e - ed30b78d a9bba353}, nego = 0 [Jan 27 22:34:43]ike_st_i_qm_sa_proposals: Start [Jan 27 22:34:43]ike_st_i_private: Start [Jan 27 22:34:43]ike_st_o_qm_hash_2: Start [Jan 27 22:34:43]ike_st_o_qm_sa_values: Start [Jan 27 22:34:43]:500 (Responder) <-> 2.2.2.2:500 { 9bfdcca3 457a662e - ed30b78d a9bba353 [0] / 0x4935be4a } QM; Error = No proposal chosen (14) [Jan 27 22:34:43]ike_alloc_negotiation: Start, SA = { 9bfdcca3 457a662e - ed30b78d a9bba353} [Jan 27 22:34:43]ike_encode_packet: Start, SA = { 0x9bfdcca3 457a662e - ed30b78d a9bba353 } / b3707bda, nego = 1 [Jan 27 22:34:43]ike_send_packet: Start, send SA = { 9bfdcca3 457a662e - ed30b78d a9bba353}, nego = 1, local ip= 1.1.1.1, dst = 2.2.2.2:500, routing table id = 0 [Jan 27 22:34:43]ike_delete_negotiation: Start, SA = { 9bfdcca3 457a662e - ed30b78d a9bba353}, nego = 1 [Jan 27 22:34:43]ike_free_negotiation_info: Start, nego = 1 [Jan 27 22:34:43]ike_free_negotiation: Start, nego = 1 [Jan 27 22:34:43]IPSec negotiation failed for SA-CFG Unknown for local:1.1.1.1, remote:2.2.2.2 IKEv1. status: No proposal chosen [Jan 27 22:34:43] P2 ed info: flags 0x0, P2 error: No proposal chosen user@SRX> user@SRX> user@SRX> user@SRX> user@SRX> user@SRX> [Jan 27 22:35:13]ikev2_packet_allocate: Allocated packet e3d400 from freelist [Jan 27 22:35:13]ike_sa_find: Found SA = { 9bfdcca3 457a662e - ed30b78d a9bba353 } [Jan 27 22:35:13]ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [Jan 27 22:35:13]ike_get_sa: Start, SA = { 9bfdcca3 457a662e - ed30b78d a9bba353 } / 5f322a98, remote = 2.2.2.2:500 [Jan 27 22:35:13]ike_sa_find: Found SA = { 9bfdcca3 457a662e - ed30b78d a9bba353 } [Jan 27 22:35:13]ike_alloc_negotiation: Start, SA = { 9bfdcca3 457a662e - ed30b78d a9bba353} [Jan 27 22:35:13]ike_init_qm_negotiation: Start, initiator = 0, message_id = 5f322a98 [Jan 27 22:35:13]ike_decode_packet: Start [Jan 27 22:35:13]ike_decode_packet: Start, SA = { 9bfdcca3 457a662e - ed30b78d a9bba353} / 5f322a98, nego = 1 [Jan 27 22:35:13]:500 (Responder) <-> 2.2.2.2:500 { 9bfdcca3 457a662e - ed30b78d a9bba353 [1] / 0x5f322a98 } QM; Warning, junk after packet len = 352, decoded = 336 [Jan 27 22:35:13]ike_decode_payload_sa: Start [Jan 27 22:35:13]ike_decode_payload_t: Start, # trans = 1 [Jan 27 22:35:13]ike_st_i_encrypt: Check that packet was encrypted succeeded [Jan 27 22:35:13]ike_st_i_qm_hash_1: Start, hash[0..20] = dc126456 161ab029 ... [Jan 27 22:35:13]ike_st_i_qm_nonce: Nonce[0..20] = 3f5cb5e3 95f334e4 ... [Jan 27 22:35:13]ike_st_i_qm_ke: Ke[0..192] = e10cbacd f17b135b ... [Jan 27 22:35:13]ike_st_i_qm_sa_proposals: Start [Jan 27 22:35:13]Added (spi=0x908e2d6c, protocol=0) entry to the spi table [Jan 27 22:35:13]Added (spi=0xfc1b341d, protocol=0) entry to the spi table [Jan 27 22:35:13]SA-CFG lookup for Phase 2 failed for local:1.1.1.1, remote:2.2.2.2 IKEv1 [Jan 27 22:35:13]ikev2_fb_spd_select_qm_sa_cb: IKEv2 SA select failed with error No proposal chosen [Jan 27 22:35:13]ikev2_fb_spd_select_qm_sa_cb: SA selection failed, no matching proposal (neg eef800) [Jan 27 22:35:13]ike_qm_sa_reply: Start [Jan 27 22:35:13]ike_state_restart_packet: Start, restart packet SA = { 9bfdcca3 457a662e - ed30b78d a9bba353}, nego = 1 [Jan 27 22:35:13]ike_st_i_qm_sa_proposals: Start [Jan 27 22:35:13]ike_st_i_private: Start [Jan 27 22:35:13]ike_st_o_qm_hash_2: Start [Jan 27 22:35:13]ike_st_o_qm_sa_values: Start [Jan 27 22:35:13]:500 (Responder) <-> 2.2.2.2:500 { 9bfdcca3 457a662e - ed30b78d a9bba353 [1] / 0x5f322a98 } QM; Error = No proposal chosen (14) [Jan 27 22:35:13]ike_alloc_negotiation: Start, SA = { 9bfdcca3 457a662e - ed30b78d a9bba353} [Jan 27 22:35:13]ike_encode_packet: Start, SA = { 0x9bfdcca3 457a662e - ed30b78d a9bba353 } / f8b85fa9, nego = 2 [Jan 27 22:35:13]ike_send_packet: Start, send SA = { 9bfdcca3 457a662e - ed30b78d a9bba353}, nego = 2, local ip= 1.1.1.1, dst = 2.2.2.2:500, routing table id = 0 [Jan 27 22:35:13]ike_delete_negotiation: Start, SA = { 9bfdcca3 457a662e - ed30b78d a9bba353}, nego = 2 [Jan 27 22:35:13]ike_free_negotiation_info: Start, nego = 2 [Jan 27 22:35:13]ike_free_negotiation: Start, nego = 2 [Jan 27 22:35:13]IPSec negotiation failed for SA-CFG Unknown for local:1.1.1.1, remote:2.2.2.2 IKEv1. status: No proposal chosen [Jan 27 22:35:13] P2 ed info: flags 0x0, P2 error: No proposal chosen ------------- CISCO ------------- .Jan 27 22:34:43 CET: ISAKMP:(0): SA request profile is HUB_ike .Jan 27 22:34:43 CET: ISAKMP: Created a peer struct for 1.1.1.1, peer port 500 .Jan 27 22:34:43 CET: ISAKMP: New peer created peer = 0x8405349C peer_handle = 0x8000003B .Jan 27 22:34:43 CET: ISAKMP: Locking peer struct 0x8405349C, refcount 1 for isakmp_initiator .Jan 27 22:34:43 CET: ISAKMP: local port 500, remote port 500 .Jan 27 22:34:43 CET: ISAKMP: set new node 0 to QM_IDLE .Jan 27 22:34:43 CET: ISAKMP:(0):insert sa successfully sa = 854F11FC .Jan 27 22:34:43 CET: ISAKMP:(0):Found ADDRESS key in keyring default .Jan 27 22:34:43 CET: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID .Jan 27 22:34:43 CET: ISAKMP:(0): constructed NAT-T vendor-07 ID .Jan 27 22:34:43 CET: ISAKMP:(0): constructed NAT-T vendor-03 ID .Jan 27 22:34:43 CET: ISAKMP:(0): constructed NAT-T vendor-02 ID .Jan 27 22:34:43 CET: ISAKMP:(0):SA is doing pre-shared key authentication using id type ID_FQDN .Jan 27 22:34:43 CET: ISAKMP (0): ID payload next-payload : 13 type : 2 FQDN name : SPOKE.domain.com protocol : 17 port : 0 length : 30 .Jan 27 22:34:43 CET: ISAKMP:(0):Total payload length: 30 .Jan 27 22:34:43 CET: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_AM .Jan 27 22:34:43 CET: ISAKMP:(0):Old State = IKE_READY New State = IKE_I_AM1 .Jan 27 22:34:43 CET: ISAKMP:(0): beginning Aggressive Mode exchange .Jan 27 22:34:43 CET: ISAKMP:(0): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) AG_INIT_EXCH .Jan 27 22:34:43 CET: ISAKMP:(0):Sending an IKE IPv4 Packet. .Jan 27 22:34:43 CET: ISAKMP (0): received packet from 1.1.1.1 dport 500 sport 500 Global (I) AG_INIT_EXCH .Jan 27 22:34:43 CET: ISAKMP:(0): processing SA payload. message ID = 0 .Jan 27 22:34:43 CET: ISAKMP:(0): processing ID payload. message ID = 0 .Jan 27 22:34:43 CET: ISAKMP (0): ID payload next-payload : 8 type : 2 FQDN name : HUB.domain.com protocol : 0 port : 0 length : 22 .Jan 27 22:34:43 CET: ISAKMP:(0): processing vendor id payload .Jan 27 22:34:43 CET: ISAKMP:(0): vendor ID is DPD .Jan 27 22:34:43 CET: ISAKMP:(0): processing vendor id payload .Jan 27 22:34:43 CET: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch .Jan 27 22:34:43 CET: ISAKMP (0): vendor ID is NAT-T RFC 3947 .Jan 27 22:34:43 CET: ISAKMP:(0): processing vendor id payload .Jan 27 22:34:43 CET: ISAKMP:(0): vendor ID seems Unity/DPD but major 201 mismatch .Jan 27 22:34:43 CET: ISAKMP:(0):Found HOST key in keyring default .Jan 27 22:34:43 CET: ISAKMP:(0): local preshared key found .Jan 27 22:34:43 CET: ISAKMP : Looking for xauth in profile HUB_ike .Jan 27 22:34:43 CET: ISAKMP:(0):Checking ISAKMP transform 1 against priority 10 policy .Jan 27 22:34:43 CET: ISAKMP: encryption AES-CBC .Jan 27 22:34:43 CET: ISAKMP: keylength of 256 .Jan 27 22:34:43 CET: ISAKMP: hash SHA .Jan 27 22:34:43 CET: ISAKMP: default group 5 .Jan 27 22:34:43 CET: ISAKMP: auth pre-share .Jan 27 22:34:43 CET: ISAKMP: life type in seconds .Jan 27 22:34:43 CET: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 .Jan 27 22:34:43 CET: ISAKMP:(0):atts are acceptable. Next payload is 0 .Jan 27 22:34:43 CET: ISAKMP:(0):Acceptable atts:actual life: 0 .Jan 27 22:34:43 CET: ISAKMP:(0):Acceptable atts:life: 0 .Jan 27 22:34:43 CET: ISAKMP:(0):Fill atts in sa vpi_length:4 .Jan 27 22:34:43 CET: ISAKMP:(0):Fill atts in sa life_in_seconds:86400 .Jan 27 22:34:43 CET: ISAKMP:(0):Returning Actual lifetime: 86400 .Jan 27 22:34:43 CET: ISAKMP:(0)::Started lifetime timer: 86400. .Jan 27 22:34:43 CET: ISAKMP:(0): processing KE payload. message ID = 0 .Jan 27 22:34:43 CET: ISAKMP:(0): processing NONCE payload. message ID = 0 .Jan 27 22:34:43 CET: ISAKMP:(0):Found HOST key in keyring default .Jan 27 22:34:43 CET: ISAKMP:(2026): processing HASH payload. message ID = 0 .Jan 27 22:34:43 CET: ISAKMP:(2026): processing vendor id payload .Jan 27 22:34:43 CET: ISAKMP:(2026): vendor ID is DPD .Jan 27 22:34:43 CET: ISAKMP:(2026): processing vendor id payload .Jan 27 22:34:43 CET: ISAKMP:(2026): vendor ID seems Unity/DPD but major 69 mismatch .Jan 27 22:34:43 CET: ISAKMP (2026): vendor ID is NAT-T RFC 3947 .Jan 27 22:34:43 CET: ISAKMP:(2026): processing vendor id payload .Jan 27 22:34:43 CET: ISAKMP:(2026): vendor ID seems Unity/DPD but major 201 mismatch .Jan 27 22:34:43 CET: ISAKMP:received payload type 20 .Jan 27 22:34:43 CET: ISAKMP (2026): His hash no match - this node outside NAT .Jan 27 22:34:43 CET: ISAKMP:received payload type 20 .Jan 27 22:34:43 CET: ISAKMP (2026): No NAT Found for self or peer .Jan 27 22:34:43 CET: ISAKMP:(2026):SA authentication status: authenticated .Jan 27 22:34:43 CET: ISAKMP:(2026):SA has been authenticated with 1.1.1.1 .Jan 27 22:34:43 CET: ISAKMP: Trying to insert a peer 2.2.2.2/1.1.1.1/500/, and inserted successfully 8405349C. .Jan 27 22:34:43 CET: ISAKMP:(2026):Send initial contact .Jan 27 22:34:43 CET: ISAKMP:(2026): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) AG_INIT_EXCH .Jan 27 22:34:43 CET: ISAKMP:(2026):Sending an IKE IPv4 Packet. .Jan 27 22:34:43 CET: ISAKMP:(2026):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH .Jan 27 22:34:43 CET: ISAKMP:(2026):Old State = IKE_I_AM1 New State = IKE_P1_COMPLETE .Jan 27 22:34:43 CET: ISAKMP:(2026):beginning Quick Mode exchange, M-ID of 1228258890 .Jan 27 22:34:43 CET: ISAKMP:(2026):QM Initiator gets spi .Jan 27 22:34:43 CET: ISAKMP:(2026): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE .Jan 27 22:34:43 CET: ISAKMP:(2026):Sending an IKE IPv4 Packet. .Jan 27 22:34:43 CET: ISAKMP:(2026):Node 1228258890, Input = IKE_MESG_INTERNAL, IKE_INIT_QM .Jan 27 22:34:43 CET: ISAKMP:(2026):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 .Jan 27 22:34:43 CET: ISAKMP:(2026):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE .Jan 27 22:34:43 CET: ISAKMP:(2026):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE .Jan 27 22:34:43 CET: ISAKMP (2026): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE .Jan 27 22:34:43 CET: ISAKMP: set new node -1284473894 to QM_IDLE .Jan 27 22:34:43 CET: ISAKMP:(2026): processing HASH payload. message ID = -1284473894 .Jan 27 22:34:43 CET: ISAKMP:(2026): processing NOTIFY PROPOSAL_NOT_CHOSEN protocol 3 spi 2062188651, message ID = -1284473894, sa = 854F11FC .Jan 27 22:34:43 CET: ISAKMP:(2026): deleting spi 2062188651 message ID = 1228258890 .Jan 27 22:34:43 CET: ISAKMP:(2026):deleting node 1228258890 error TRUE reason "Delete Larval" .Jan 27 22:34:43 CET: ISAKMP:(2026):deleting node -1284473894 error FALSE reason "Informational (in) state 1" .Jan 27 22:34:43 CET: ISAKMP:(2026):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY .Jan 27 22:34:43 CET: ISAKMP:(2026):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE SPOKE# .Jan 27 22:34:53 CET: ISAKMP:(2026): no outgoing phase 1 packet to retransmit. QM_IDLE SPOKE# .Jan 27 22:35:13 CET: ISAKMP: set new node 0 to QM_IDLE .Jan 27 22:35:13 CET: SA has outstanding requests (local 133.79.19.128 port 500, remote 133.79.19.100 port 500) .Jan 27 22:35:13 CET: ISAKMP:(2026): sitting IDLE. Starting QM immediately (QM_IDLE ) .Jan 27 22:35:13 CET: ISAKMP:(2026):beginning Quick Mode exchange, M-ID of 1597123224 .Jan 27 22:35:13 CET: ISAKMP:(2026):QM Initiator gets spi .Jan 27 22:35:13 CET: ISAKMP:(2026): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE .Jan 27 22:35:13 CET: ISAKMP:(2026):Sending an IKE IPv4 Packet. .Jan 27 22:35:13 CET: ISAKMP:(2026):Node 1597123224, Input = IKE_MESG_INTERNAL, IKE_INIT_QM .Jan 27 22:35:13 CET: ISAKMP:(2026):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 .Jan 27 22:35:13 CET: ISAKMP (2026): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE .Jan 27 22:35:13 CET: ISAKMP: set new node -122134615 to QM_IDLE .Jan 27 22:35:13 CET: ISAKMP:(2026): processing HASH payload. message ID = -122134615 .Jan 27 22:35:13 CET: ISAKMP:(2026): processing NOTIFY PROPOSAL_NOT_CHOSEN protocol 3 spi 165448832, message ID = -122134615, sa = 854F11FC .Jan 27 22:35:13 CET: ISAKMP:(2026): deleting spi 165448832 message ID = 1597123224 .Jan 27 22:35:13 CET: ISAKMP:(2026):deleting node 1597123224 error TRUE reason "Delete Larval" SPOKE# .Jan 27 22:35:13 CET: ISAKMP:(2026):deleting node -122134615 error FALSE reason "Informational (in) state 1" .Jan 27 22:35:13 CET: ISAKMP:(2026):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY .Jan 27 22:35:13 CET: ISAKMP:(2026):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE