[May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_get_sa: We are responder and this is initiators first packet [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_sa_allocate: Start, SA = { e3d10969 21e04cc4 - a196ab60 1c8692c6 } [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_udp_callback_common: New SA [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_init_isakmp_sa: Start, remote = 1.1.1.1:500, initiator = 0 [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_alloc: Allocated fallback negotiation ee5800 [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] P1 SA 5696449 start timer. timer duration 30, reason 1. [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: Updating responder IKE cookie [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: Original IKE cookie [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] 00000000: a196 ab60 1c86 92c6 ...`.... [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: New IKE cookie [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] 00000000: bac2 c652 5be3 4568 ...R[.Eh [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_fb_st_new_p1_connection_local_addresses: Accepting new Phase-1 negotiation: local=2.2.2.2:500, remote=1.1.1.1:500 (neg ee5800) [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { e3d10969 21e04cc4 - bac2c652 5be34568} / 00000000, nego = -1 [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Start [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Found 1 proposals [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_t: Start, # trans = 1 [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation R (2)/-1, exchange = 2, auth_method = any, Responder [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..28] = 9436e8d6 7174ef9a ... [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..16] = afcad713 68a1f1c9 ... [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..20] = 48656172 74426561 ... [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_proposal: Start [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] iked_pm_phase1_sa_cfg_lookup_by_addr: Found SA-CFG Colo_VPN by ip address for local:2.2.2.2, remote:1.1.1.1 IKEv1 remote_port:500 ksa_cfg_remote_port=0 [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sa_select: SA_SELECT: Selecting IKEv1 proposal. [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Comparing 1 input proposals against 1 policy proposals [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Comparing input proposal #1 against policy proposal #1 [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Comparing 1 protocol(s) [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Comparing transforms of protocol 1 [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Comparing 1 input transforms against 1 policy transforms [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Comparing input transform #1 against policy transform #0 [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Transform id 1 matches, comparing attributes [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing 6 input attributes against 6 policy attributes [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 0 against policy attribute 0 [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 1 match [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 0 [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 1 [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 2 [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 2 match [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 2 against policy attribute 0 [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 2 against policy attribute 1 [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 4 match [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 0 [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 1 [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 2 [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 3 [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 4 [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 5 [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 3 match [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input attribute 4 is life type/duration, ignoring [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input attribute 5 is life type/duration, ignoring [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Attributes matched successfully [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Setting life in seconds to 28800 from policy [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Attributes match; selected input transform 0 [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Protocols match [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Selected proposal number 1 and transforms for 1 protocols [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Selected transform id 1 for protocol 1 [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Proposals match [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_fb_spd_select_sa_cb: Diffie-Hellman group number 2 selected [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_fb_spd_select_sa_cb: Authentication method number 1 selected [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_isakmp_sa_reply: Start [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { e3d10969 21e04cc4 - bac2c652 5be34568}, nego = -1 [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation R (2)/1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_proposal: Start [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_st_o_sa_values: Start [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_vendor_ids: Start [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM SA R (4) [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0xe3d10969 21e04cc4 - bac2c652 5be34568 } / 00000000, nego = -1 [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 132 [May 24 12:28:05][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { e3d10969 21e04cc4 - bac2c652 5be34568}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ikev2_packet_allocate: Allocated packet e46c00 from freelist [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { e3d10969 21e04cc4 - bac2c652 5be34568 } [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { e3d10969 21e04cc4 - bac2c652 5be34568 } / 00000000, remote = 1.1.1.1:500 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { e3d10969 21e04cc4 - bac2c652 5be34568 } [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { e3d10969 21e04cc4 - bac2c652 5be34568} / 00000000, nego = -1 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA R (4)/-1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_st_i_nonce: Start, nonce[0..32] = 15683f00 fcc91798 ... [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_st_i_ke: Ke[0..128] = 8cd94681 4f74330c ... [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_st_o_ke: Start [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] iked_dh_generate_sync: Requested DH group 2 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] iked_dh_generate: Generated DH keys using hardware for DH group 2 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [6450] [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_st_o_nonce: Start [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_nonce_data_len: Start [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] iked_pm_phase1_sa_cfg_lookup_by_addr: Found SA-CFG Colo_VPN by ip address for local:2.2.2.2, remote:1.1.1.1 IKEv1 remote_port:500 ksa_cfg_remote_port=0 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_find_pre_shared_key: Start [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { e3d10969 21e04cc4 - bac2c652 5be34568}, nego = -1 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA R (4)/258, exchange = 2, auth_method = pre shared key, Responder [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_st_o_calc_skeyid: Calculating skeyid [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] iked_dh_compute_synch: Requested DH group 2 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] Peer public key has length 128 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: DH Compute Secs [0] USecs [5371] [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: Computed DH using hardware [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM KE R (6) [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0xe3d10969 21e04cc4 - bac2c652 5be34568 } / 00000000, nego = -1 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 180 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { e3d10969 21e04cc4 - bac2c652 5be34568}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ikev2_packet_allocate: Allocated packet e47000 from freelist [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { e3d10969 21e04cc4 - bac2c652 5be34568 } [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { e3d10969 21e04cc4 - bac2c652 5be34568 } / 00000000, remote = 1.1.1.1:500 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { e3d10969 21e04cc4 - bac2c652 5be34568 } [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { e3d10969 21e04cc4 - bac2c652 5be34568} / 00000000, nego = -1 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Decrypting packet [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE R (6)/-1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_st_i_encrypt: Check that packet was encrypted succeeded [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_st_i_id: Start [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_st_i_hash: Start, hash[0..20] = ae26627f 23947f6b ... [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = false, local = false [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_id: Start [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { e3d10969 21e04cc4 - bac2c652 5be34568}, nego = -1 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE R (6)/256, exchange = 2, auth_method = pre shared key, Responder [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_st_o_hash: Start [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = false, local = true [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_st_o_status_n: Start [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_st_o_encrypt: Marking encryption for packet [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_st_o_wait_done: Marking for waiting for done [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_st_o_all_done: MESSAGE: Phase 1 { 0xe3d10969 21e04cc4 - 0xbac2c652 5be34568 } / 00000000, version = 1.0, xchg = Identity protect, auth_method = Pre shared keys, Responder, cipher = 3de [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM final R (8) [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0xe3d10969 21e04cc4 - bac2c652 5be34568 } / 00000000, nego = -1 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 68 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { e3d10969 21e04cc4 - bac2c652 5be34568}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_send_notify: Connected, SA = { e3d10969 21e04cc4 - bac2c652 5be34568}, nego = -1 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_done: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] kmd_ipaddr2ikeid: ipaddr = 1.1.1.1 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] iked_pm_id_validate id NOT matched. [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] P1 SA 5696449 stop timer. timer duration 30, reason 1. [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] P1 SA 5696449 start timer. timer duration 0, reason 3. [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Freeing fallback negotiation ee5800 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] P1 SA 5696449 timer expiry. ref cnt 1, timer reason Defer delete timer expired (3), flags 0x230. [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] Initiate IKE P1 SA 5696449 delete. curr ref count 1, del flags 0x3 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_delete_done_cb: For p1 sa index 5696449, ref cnt 1, status: Error ok [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_remove_callback: Start, delete SA = { e3d10969 21e04cc4 - bac2c652 5be34568}, nego = -1 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_delete_negotiation: Start, SA = { e3d10969 21e04cc4 - bac2c652 5be34568}, nego = -1 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: Deleting tunnel_id: 0 from IKE tunnel table [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: The tunnel id: 0 doesn't exist in IKE tunnel table [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_sa_delete: Start, SA = { e3d10969 21e04cc4 - bac2c652 5be34568 } [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_isakmp: Start, nego = -1 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = -1 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ikev2_fb_isakmp_sa_freed: Received notification from the ISAKMP library that the IKE SA ee1400 is freed [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] IKE SA delete called for p1 sa 5696449 (ref cnt 1) local:2.2.2.2, remote:1.1.1.1, IKEv1 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] P1 SA 5696449 stop timer. timer duration 0, reason 0. [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] iked_pm_p1_sa_destroy: p1 sa 5696449 (ref cnt 0), waiting_for_del 0x0 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 1 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 2 [May 24 12:28:06][2.2.2.2 <-> 1.1.1.1] ike_free_sa: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] Triggering negotiation for Colo_VPN config block [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_callback: lookup peer entry for gateway gw_Colo_VPN, local_port=500, remote_port=500 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_create_peer_entry: Created peer entry 0xee3800 for local 2.2.2.2:500 remote 1.1.1.1:500 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_fetch_or_create_peer_entry: Create peer entry 0xee3800 for local 2.2.2.2:500 remote 1.1.1.1:500. gw gw_Colo_VPN, VR id 0 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_callback: FOUND peer entry for gateway gw_Colo_VPN [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] Initiating new P1 SA for gateway gw_Colo_VPN [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696450 start timer. timer duration 30, reason 1. [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_negotiation Set p2_ed in sa_cfg=Colo_VPN [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_peer_insert_p1sa_entry: Insert p1 sa 5696450 in peer entry 0xee3800 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_negotiation Convert traffic selectors from V1 format to V2 format for narrowing/matching selectors [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_alloc: Allocated fallback negotiation ee5800 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_spd_notify_request: Sending Initial contact [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] IKE SA fill called for negotiation of local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect: Start, remote_name = 1.1.1.1:500, xchg = 2, flags = 00090000 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_sa_allocate: Start, SA = { 719e766c b98a2a38 - 00000000 00000000 } [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_init_isakmp_sa: Start, remote = 1.1.1.1:500, initiator = 1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect: SA = { 719e766c b98a2a38 - 00000000 00000000}, nego = -1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation I (1)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_sa_proposal: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_vendor_ids: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM SA I (3) [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x719e766c b98a2a38 - 00000000 00000000 } / 00000000, nego = -1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 144 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 719e766c b98a2a38 - 00000000 00000000}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Not found SA = { 719e766c b98a2a38 - bec1aeff 8692d42c } [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 719e766c b98a2a38 - bec1aeff 8692d42c } / 00000000, remote = 1.1.1.1:500 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Not found SA = { 719e766c b98a2a38 - bec1aeff 8692d42c } [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find_half: Found half SA = { 719e766c b98a2a38 - 00000000 00000000 } [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_get_sa: We are intiator, first response packet [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_sa_upgrade: Start, SA = { 719e766c b98a2a38 - 00000000 00000000 } -> { ... - bec1aeff 8692d42c } [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 719e766c b98a2a38 - bec1aeff 8692d42c} / 00000000, nego = -1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Found 1 proposals [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_t: Start, # trans = 1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA I (3)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_value: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..28] = 9436e8d6 7174ef9a ... [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..16] = afcad713 68a1f1c9 ... [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..20] = 48656172 74426561 ... [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_ke: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_dh_generate_sync: Requested DH group 2 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_dh_generate: Generated DH keys using hardware for DH group 2 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [5959] [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_nonce: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_nonce_data_len: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM KE I (5) [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x719e766c b98a2a38 - bec1aeff 8692d42c } / 00000000, nego = -1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 180 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 719e766c b98a2a38 - bec1aeff 8692d42c}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 719e766c b98a2a38 - bec1aeff 8692d42c } [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 719e766c b98a2a38 - bec1aeff 8692d42c } / 00000000, remote = 1.1.1.1:500 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 719e766c b98a2a38 - bec1aeff 8692d42c } [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 719e766c b98a2a38 - bec1aeff 8692d42c} / 00000000, nego = -1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE I (5)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_nonce: Start, nonce[0..32] = 28aa6fbc 90028bd3 ... [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_ke: Ke[0..128] = 263b297c d6aa6f2e ... [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_hash: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_dh_compute_synch: Requested DH group 2 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] Peer public key has length 128 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: DH Compute Secs [0] USecs [5095] [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: Computed DH using hardware [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = ipv4(any:0,[0..3]=2.2.2.2) -> 1.1.1.1:500, id = No Id [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_find_pre_shared_key: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = true, local = true [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_status_n: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_encrypt: Marking encryption for packet [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM final I (7) [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x719e766c b98a2a38 - bec1aeff 8692d42c } / 00000000, nego = -1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 92 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 719e766c b98a2a38 - bec1aeff 8692d42c}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 719e766c b98a2a38 - bec1aeff 8692d42c } [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 719e766c b98a2a38 - bec1aeff 8692d42c } / 00000000, remote = 1.1.1.1:500 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 719e766c b98a2a38 - bec1aeff 8692d42c } [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 719e766c b98a2a38 - bec1aeff 8692d42c} / 00000000, nego = -1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Decrypting packet [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM final I (7)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_encrypt: Check that packet was encrypted succeeded [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_id: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_hash: Start, hash[0..20] = 261698c3 2304fe22 ... [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = true, local = false [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_wait_done: Marking for waiting for done [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_all_done: MESSAGE: Phase 1 { 0x719e766c b98a2a38 - 0xbec1aeff 8692d42c } / 00000000, version = 1.0, xchg = Identity protect, auth_method = Pre shared keys, Initiator, cipher = 3de [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM done I (9) [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_send_notify: Connected, SA = { 719e766c b98a2a38 - bec1aeff 8692d42c}, nego = -1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_done: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] kmd_ipaddr2ikeid: ipaddr = 1.1.1.1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_pm_id_validate id NOT matched. [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696450 stop timer. timer duration 30, reason 1. [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696450 start timer. timer duration 0, reason 3. [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ipsec_spi_allocate: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] Added (spi=0xebdbcf7c, protocol=0) entry to the spi table [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ipsec_spi_allocate: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] Added (spi=0x92128eb8, protocol=0) entry to the spi table [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect_ipsec: Start, remote_name = :500, flags = 00010000 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Start, SA = { 719e766c b98a2a38 - bec1aeff 8692d42c} [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Found slot 0, max 1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect_ipsec: SA = { 719e766c b98a2a38 - bec1aeff 8692d42c}, nego = 0 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_init_qm_negotiation: Start, initiator = 1, message_id = b130390d [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start QM I (14)/-1, exchange = 32, auth_method = phase1, Initiator [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_hash_1: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_sa_proposals: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_nonce: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_qm_nonce_data_len: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_optional_ke: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_dh_generate_sync: Requested DH group 2 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_dh_generate: Generated DH keys using hardware for DH group 2 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [7015] [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_optional_ids: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_qm_optional_id: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_qm_optional_id: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] Construction NHTB payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 P1 SA index 5696450 sa-cfg Colo_VPN [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] Inside iked_get_primary_addr_by_intf_name... AF = 2 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] No address found for interface st0.0 family inet [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_get_interface_primary_ip_by_family:Can Not find family for tunnel interface st0.0 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_nhtb_get_tunnel_ip:Can Not get primary IP for tunnel interface st0.0 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] Could not get local tunnel ip address. Not sending NHTB notify payload for sa-cfg Colo_VPN [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_encrypt: Marking encryption for packet [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = QM HASH SA I (16) [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x719e766c b98a2a38 - bec1aeff 8692d42c } / b130390d, nego = 0 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_finalize_qm_hash_1: Hash[0..20] = 4716c612 0a679f4a ... [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 292 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 719e766c b98a2a38 - bec1aeff 8692d42c}, nego = 0, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696450 timer expiry. ref cnt 2, timer reason Defer delete timer expired (3), flags 0x30. [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] Initiate IKE P1 SA 5696450 delete. curr ref count 2, del flags 0x2 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_delete_notify_done_cb: For p1 sa index 5696450, ref cnt 2, status: Error ok [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_expire_callback: Start, expire SA = { 719e766c b98a2a38 - bec1aeff 8692d42c}, nego = -1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Start, SA = { 719e766c b98a2a38 - bec1aeff 8692d42c} [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Found slot 1, max 2 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_init_info_exchange: Created random message id = 0f9e9194 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_init_info_exchange: Phase 1 done, use HASH and N or D payload [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x719e766c b98a2a38 - bec1aeff 8692d42c } / 0f9e9194, nego = 1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 84 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_expire_callback: Sending notification to 1.1.1.1:500 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 719e766c b98a2a38 - bec1aeff 8692d42c}, nego = 1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_delete_negotiation: Start, SA = { 719e766c b98a2a38 - bec1aeff 8692d42c}, nego = 1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_info: Start, nego = 1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = 1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_remove_callback: Start, delete SA = { 719e766c b98a2a38 - bec1aeff 8692d42c}, nego = -1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_delete_negotiation: Start, SA = { 719e766c b98a2a38 - bec1aeff 8692d42c}, nego = -1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: Deleting tunnel_id: 0 from IKE tunnel table [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: The tunnel id: 0 doesn't exist in IKE tunnel table [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_sa_delete: Start, SA = { 719e766c b98a2a38 - bec1aeff 8692d42c } [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_qm: Start, nego = 0 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = 0 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 4 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 4 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_isakmp: Start, nego = -1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = -1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ikev2_fb_isakmp_sa_freed: Received notification from the ISAKMP library that the IKE SA ee1400 is freed [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] IKE SA delete called for p1 sa 5696450 (ref cnt 2) local:2.2.2.2, remote:1.1.1.1, IKEv1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696450 stop timer. timer duration 0, reason 0. [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696450 reference count is not zero (1). Delaying deletion of SA [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 1 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 2 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ike_free_sa: Start [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Freeing fallback negotiation ee5800 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_pm_p1_sa_destroy: p1 sa 5696450 (ref cnt 0), waiting_for_del 0xe709c0 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_peer_remove_p1sa_entry: Remove p1 sa 5696450 from peer entry 0xee3800 [May 24 12:28:32][2.2.2.2 <-> 1.1.1.1] iked_peer_entry_patricia_delete:Peer entry 0xee3800 deleted for local 2.2.2.2:500 and remote 1.1.1.1:500 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { a3842521 7c65783a - 00000000 00000000 } / 00000000, remote = 1.1.1.1:500 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_get_sa: We are responder and this is initiators first packet [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_sa_allocate: Start, SA = { a3842521 7c65783a - da08d4f5 bb4b8b1a } [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_udp_callback_common: New SA [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_init_isakmp_sa: Start, remote = 1.1.1.1:500, initiator = 0 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_alloc: Allocated fallback negotiation ee5800 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] P1 SA 5696451 start timer. timer duration 30, reason 1. [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: Updating responder IKE cookie [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: Original IKE cookie [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] 00000000: da08 d4f5 bb4b 8b1a .....K.. [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: New IKE cookie [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] 00000000: 6db6 a9bb 11c5 3b8d m.....;. [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_fb_st_new_p1_connection_local_addresses: Accepting new Phase-1 negotiation: local=2.2.2.2:500, remote=1.1.1.1:500 (neg ee5800) [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { a3842521 7c65783a - 6db6a9bb 11c53b8d} / 00000000, nego = -1 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Found 1 proposals [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_t: Start, # trans = 1 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation R (2)/-1, exchange = 2, auth_method = any, Responder [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..28] = 9436e8d6 7174ef9a ... [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..16] = afcad713 68a1f1c9 ... [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..20] = 48656172 74426561 ... [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_proposal: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] iked_pm_phase1_sa_cfg_lookup_by_addr: Found SA-CFG Colo_VPN by ip address for local:2.2.2.2, remote:1.1.1.1 IKEv1 remote_port:500 ksa_cfg_remote_port=0 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sa_select: SA_SELECT: Selecting IKEv1 proposal. [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Comparing 1 input proposals against 1 policy proposals [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Comparing input proposal #1 against policy proposal #1 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Comparing 1 protocol(s) [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Comparing transforms of protocol 1 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Comparing 1 input transforms against 1 policy transforms [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Comparing input transform #1 against policy transform #0 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Transform id 1 matches, comparing attributes [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing 6 input attributes against 6 policy attributes [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 0 against policy attribute 0 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 1 match [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 0 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 1 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 2 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 2 match [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 2 against policy attribute 0 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 2 against policy attribute 1 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 4 match [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 0 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 1 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 2 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 3 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 4 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 5 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 3 match [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input attribute 4 is life type/duration, ignoring [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input attribute 5 is life type/duration, ignoring [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Attributes matched successfully [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Setting life in seconds to 28800 from policy [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Attributes match; selected input transform 0 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Protocols match [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Selected proposal number 1 and transforms for 1 protocols [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Selected transform id 1 for protocol 1 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Proposals match [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_fb_spd_select_sa_cb: Diffie-Hellman group number 2 selected [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_fb_spd_select_sa_cb: Authentication method number 1 selected [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_isakmp_sa_reply: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { a3842521 7c65783a - 6db6a9bb 11c53b8d}, nego = -1 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation R (2)/1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_proposal: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_sa_values: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_vendor_ids: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM SA R (4) [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0xa3842521 7c65783a - 6db6a9bb 11c53b8d } / 00000000, nego = -1 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 132 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { a3842521 7c65783a - 6db6a9bb 11c53b8d}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_packet_allocate: Allocated packet e48400 from freelist [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { a3842521 7c65783a - 6db6a9bb 11c53b8d } [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { a3842521 7c65783a - 6db6a9bb 11c53b8d } / 00000000, remote = 1.1.1.1:500 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { a3842521 7c65783a - 6db6a9bb 11c53b8d } [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { a3842521 7c65783a - 6db6a9bb 11c53b8d} / 00000000, nego = -1 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA R (4)/-1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_nonce: Start, nonce[0..32] = d655a394 9841bc19 ... [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_ke: Ke[0..128] = 609e6870 f1f8e9a1 ... [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_ke: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] iked_dh_generate_sync: Requested DH group 2 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] iked_dh_generate: Generated DH keys using hardware for DH group 2 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [6332] [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_nonce: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_nonce_data_len: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] iked_pm_phase1_sa_cfg_lookup_by_addr: Found SA-CFG Colo_VPN by ip address for local:2.2.2.2, remote:1.1.1.1 IKEv1 remote_port:500 ksa_cfg_remote_port=0 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_find_pre_shared_key: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { a3842521 7c65783a - 6db6a9bb 11c53b8d}, nego = -1 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA R (4)/258, exchange = 2, auth_method = pre shared key, Responder [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_calc_skeyid: Calculating skeyid [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] iked_dh_compute_synch: Requested DH group 2 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] Peer public key has length 128 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: DH Compute Secs [0] USecs [5362] [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: Computed DH using hardware [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM KE R (6) [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0xa3842521 7c65783a - 6db6a9bb 11c53b8d } / 00000000, nego = -1 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 180 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { a3842521 7c65783a - 6db6a9bb 11c53b8d}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_packet_allocate: Allocated packet e48800 from freelist [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { a3842521 7c65783a - 6db6a9bb 11c53b8d } [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { a3842521 7c65783a - 6db6a9bb 11c53b8d } / 00000000, remote = 1.1.1.1:500 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { a3842521 7c65783a - 6db6a9bb 11c53b8d } [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { a3842521 7c65783a - 6db6a9bb 11c53b8d} / 00000000, nego = -1 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Decrypting packet [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE R (6)/-1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_encrypt: Check that packet was encrypted succeeded [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_id: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_hash: Start, hash[0..20] = 2e572542 0bdfea22 ... [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = false, local = false [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_id: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { a3842521 7c65783a - 6db6a9bb 11c53b8d}, nego = -1 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE R (6)/256, exchange = 2, auth_method = pre shared key, Responder [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_hash: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = false, local = true [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_status_n: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_encrypt: Marking encryption for packet [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_wait_done: Marking for waiting for done [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_all_done: MESSAGE: Phase 1 { 0xa3842521 7c65783a - 0x6db6a9bb 11c53b8d } / 00000000, version = 1.0, xchg = Identity protect, auth_method = Pre shared keys, Responder, cipher = 3de [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM final R (8) [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0xa3842521 7c65783a - 6db6a9bb 11c53b8d } / 00000000, nego = -1 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 68 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { a3842521 7c65783a - 6db6a9bb 11c53b8d}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_send_notify: Connected, SA = { a3842521 7c65783a - 6db6a9bb 11c53b8d}, nego = -1 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_done: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] kmd_ipaddr2ikeid: ipaddr = 1.1.1.1 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] iked_pm_id_validate id NOT matched. [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] P1 SA 5696451 stop timer. timer duration 30, reason 1. [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] P1 SA 5696451 start timer. timer duration 0, reason 3. [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Freeing fallback negotiation ee5800 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] P1 SA 5696451 timer expiry. ref cnt 1, timer reason Defer delete timer expired (3), flags 0x230. [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] Initiate IKE P1 SA 5696451 delete. curr ref count 1, del flags 0x3 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_delete_done_cb: For p1 sa index 5696451, ref cnt 1, status: Error ok [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_remove_callback: Start, delete SA = { a3842521 7c65783a - 6db6a9bb 11c53b8d}, nego = -1 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_delete_negotiation: Start, SA = { a3842521 7c65783a - 6db6a9bb 11c53b8d}, nego = -1 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: Deleting tunnel_id: 0 from IKE tunnel table [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: The tunnel id: 0 doesn't exist in IKE tunnel table [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_sa_delete: Start, SA = { a3842521 7c65783a - 6db6a9bb 11c53b8d } [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_isakmp: Start, nego = -1 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = -1 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ikev2_fb_isakmp_sa_freed: Received notification from the ISAKMP library that the IKE SA ee1400 is freed [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] IKE SA delete called for p1 sa 5696451 (ref cnt 1) local:2.2.2.2, remote:1.1.1.1, IKEv1 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] P1 SA 5696451 stop timer. timer duration 0, reason 0. [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] iked_pm_p1_sa_destroy: p1 sa 5696451 (ref cnt 0), waiting_for_del 0x0 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 1 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 2 [May 24 12:29:08][2.2.2.2 <-> 1.1.1.1] ike_free_sa: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] Triggering negotiation for Colo_VPN config block [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_callback: lookup peer entry for gateway gw_Colo_VPN, local_port=500, remote_port=500 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_create_peer_entry: Created peer entry 0xee3800 for local 2.2.2.2:500 remote 1.1.1.1:500 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_fetch_or_create_peer_entry: Create peer entry 0xee3800 for local 2.2.2.2:500 remote 1.1.1.1:500. gw gw_Colo_VPN, VR id 0 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_callback: FOUND peer entry for gateway gw_Colo_VPN [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] Initiating new P1 SA for gateway gw_Colo_VPN [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696452 start timer. timer duration 30, reason 1. [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_negotiation Set p2_ed in sa_cfg=Colo_VPN [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_peer_insert_p1sa_entry: Insert p1 sa 5696452 in peer entry 0xee3800 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_negotiation Convert traffic selectors from V1 format to V2 format for narrowing/matching selectors [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_alloc: Allocated fallback negotiation ee5800 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_spd_notify_request: Sending Initial contact [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] IKE SA fill called for negotiation of local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect: Start, remote_name = 1.1.1.1:500, xchg = 2, flags = 00090000 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_sa_allocate: Start, SA = { 90f1f7da 357fe80b - 00000000 00000000 } [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_init_isakmp_sa: Start, remote = 1.1.1.1:500, initiator = 1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect: SA = { 90f1f7da 357fe80b - 00000000 00000000}, nego = -1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation I (1)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_sa_proposal: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_vendor_ids: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM SA I (3) [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x90f1f7da 357fe80b - 00000000 00000000 } / 00000000, nego = -1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 144 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 90f1f7da 357fe80b - 00000000 00000000}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Not found SA = { 90f1f7da 357fe80b - 6bfffdb0 7bdee7eb } [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 90f1f7da 357fe80b - 6bfffdb0 7bdee7eb } / 00000000, remote = 1.1.1.1:500 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Not found SA = { 90f1f7da 357fe80b - 6bfffdb0 7bdee7eb } [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find_half: Found half SA = { 90f1f7da 357fe80b - 00000000 00000000 } [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_get_sa: We are intiator, first response packet [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_sa_upgrade: Start, SA = { 90f1f7da 357fe80b - 00000000 00000000 } -> { ... - 6bfffdb0 7bdee7eb } [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 90f1f7da 357fe80b - 6bfffdb0 7bdee7eb} / 00000000, nego = -1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Found 1 proposals [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_t: Start, # trans = 1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA I (3)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_value: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..28] = 9436e8d6 7174ef9a ... [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..16] = afcad713 68a1f1c9 ... [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..20] = 48656172 74426561 ... [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_ke: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_dh_generate_sync: Requested DH group 2 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_dh_generate: Generated DH keys using hardware for DH group 2 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [5959] [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_nonce: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_nonce_data_len: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM KE I (5) [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x90f1f7da 357fe80b - 6bfffdb0 7bdee7eb } / 00000000, nego = -1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 180 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 90f1f7da 357fe80b - 6bfffdb0 7bdee7eb}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 90f1f7da 357fe80b - 6bfffdb0 7bdee7eb } [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 90f1f7da 357fe80b - 6bfffdb0 7bdee7eb } / 00000000, remote = 1.1.1.1:500 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 90f1f7da 357fe80b - 6bfffdb0 7bdee7eb } [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 90f1f7da 357fe80b - 6bfffdb0 7bdee7eb} / 00000000, nego = -1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE I (5)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_nonce: Start, nonce[0..32] = c08fc83f dee5326f ... [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_ke: Ke[0..128] = 705c905b c8d97622 ... [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_hash: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_dh_compute_synch: Requested DH group 2 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] Peer public key has length 128 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: DH Compute Secs [0] USecs [5245] [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: Computed DH using hardware [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = ipv4(any:0,[0..3]=2.2.2.2) -> 1.1.1.1:500, id = No Id [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_find_pre_shared_key: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = true, local = true [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_status_n: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_encrypt: Marking encryption for packet [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM final I (7) [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x90f1f7da 357fe80b - 6bfffdb0 7bdee7eb } / 00000000, nego = -1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 92 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 90f1f7da 357fe80b - 6bfffdb0 7bdee7eb}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 90f1f7da 357fe80b - 6bfffdb0 7bdee7eb } [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 90f1f7da 357fe80b - 6bfffdb0 7bdee7eb } / 00000000, remote = 1.1.1.1:500 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 90f1f7da 357fe80b - 6bfffdb0 7bdee7eb } [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 90f1f7da 357fe80b - 6bfffdb0 7bdee7eb} / 00000000, nego = -1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Decrypting packet [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM final I (7)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_encrypt: Check that packet was encrypted succeeded [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_id: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_hash: Start, hash[0..20] = bf773d17 2f7726c7 ... [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = true, local = false [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_wait_done: Marking for waiting for done [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_all_done: MESSAGE: Phase 1 { 0x90f1f7da 357fe80b - 0x6bfffdb0 7bdee7eb } / 00000000, version = 1.0, xchg = Identity protect, auth_method = Pre shared keys, Initiator, cipher = 3de [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM done I (9) [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_send_notify: Connected, SA = { 90f1f7da 357fe80b - 6bfffdb0 7bdee7eb}, nego = -1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_done: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] kmd_ipaddr2ikeid: ipaddr = 1.1.1.1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_pm_id_validate id NOT matched. [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696452 stop timer. timer duration 30, reason 1. [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696452 start timer. timer duration 0, reason 3. [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ipsec_spi_allocate: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] Added (spi=0x647a0508, protocol=0) entry to the spi table [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ipsec_spi_allocate: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] Added (spi=0x447cf69c, protocol=0) entry to the spi table [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect_ipsec: Start, remote_name = :500, flags = 00010000 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Start, SA = { 90f1f7da 357fe80b - 6bfffdb0 7bdee7eb} [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Found slot 0, max 1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect_ipsec: SA = { 90f1f7da 357fe80b - 6bfffdb0 7bdee7eb}, nego = 0 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_init_qm_negotiation: Start, initiator = 1, message_id = 44d7f2b7 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start QM I (14)/-1, exchange = 32, auth_method = phase1, Initiator [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_hash_1: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_sa_proposals: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_nonce: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_qm_nonce_data_len: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_optional_ke: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_dh_generate_sync: Requested DH group 2 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_dh_generate: Generated DH keys using hardware for DH group 2 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [6220] [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_optional_ids: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_qm_optional_id: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_qm_optional_id: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] Construction NHTB payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 P1 SA index 5696452 sa-cfg Colo_VPN [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] Inside iked_get_primary_addr_by_intf_name... AF = 2 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] No address found for interface st0.0 family inet [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_get_interface_primary_ip_by_family:Can Not find family for tunnel interface st0.0 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_nhtb_get_tunnel_ip:Can Not get primary IP for tunnel interface st0.0 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] Could not get local tunnel ip address. Not sending NHTB notify payload for sa-cfg Colo_VPN [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_encrypt: Marking encryption for packet [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = QM HASH SA I (16) [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x90f1f7da 357fe80b - 6bfffdb0 7bdee7eb } / 44d7f2b7, nego = 0 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_finalize_qm_hash_1: Hash[0..20] = 56171f86 15a01976 ... [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 292 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 90f1f7da 357fe80b - 6bfffdb0 7bdee7eb}, nego = 0, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696452 timer expiry. ref cnt 2, timer reason Defer delete timer expired (3), flags 0x30. [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] Initiate IKE P1 SA 5696452 delete. curr ref count 2, del flags 0x2 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_delete_notify_done_cb: For p1 sa index 5696452, ref cnt 2, status: Error ok [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_expire_callback: Start, expire SA = { 90f1f7da 357fe80b - 6bfffdb0 7bdee7eb}, nego = -1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Start, SA = { 90f1f7da 357fe80b - 6bfffdb0 7bdee7eb} [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Found slot 1, max 2 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_init_info_exchange: Created random message id = 2bbb2570 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_init_info_exchange: Phase 1 done, use HASH and N or D payload [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x90f1f7da 357fe80b - 6bfffdb0 7bdee7eb } / 2bbb2570, nego = 1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 84 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_expire_callback: Sending notification to 1.1.1.1:500 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 90f1f7da 357fe80b - 6bfffdb0 7bdee7eb}, nego = 1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_delete_negotiation: Start, SA = { 90f1f7da 357fe80b - 6bfffdb0 7bdee7eb}, nego = 1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_info: Start, nego = 1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = 1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_remove_callback: Start, delete SA = { 90f1f7da 357fe80b - 6bfffdb0 7bdee7eb}, nego = -1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_delete_negotiation: Start, SA = { 90f1f7da 357fe80b - 6bfffdb0 7bdee7eb}, nego = -1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: Deleting tunnel_id: 0 from IKE tunnel table [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: The tunnel id: 0 doesn't exist in IKE tunnel table [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_sa_delete: Start, SA = { 90f1f7da 357fe80b - 6bfffdb0 7bdee7eb } [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_qm: Start, nego = 0 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = 0 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 4 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 4 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_isakmp: Start, nego = -1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = -1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ikev2_fb_isakmp_sa_freed: Received notification from the ISAKMP library that the IKE SA ee1400 is freed [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] IKE SA delete called for p1 sa 5696452 (ref cnt 2) local:2.2.2.2, remote:1.1.1.1, IKEv1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696452 stop timer. timer duration 0, reason 0. [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696452 reference count is not zero (1). Delaying deletion of SA [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 1 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 2 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ike_free_sa: Start [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Freeing fallback negotiation ee5800 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_pm_p1_sa_destroy: p1 sa 5696452 (ref cnt 0), waiting_for_del 0xe709c0 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_peer_remove_p1sa_entry: Remove p1 sa 5696452 from peer entry 0xee3800 [May 24 12:29:32][2.2.2.2 <-> 1.1.1.1] iked_peer_entry_patricia_delete:Peer entry 0xee3800 deleted for local 2.2.2.2:500 and remote 1.1.1.1:500 [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 65d508fe 5e81caa1 - 00000000 00000000 } / 00000000, remote = 1.1.1.1:500 [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_get_sa: We are responder and this is initiators first packet [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_sa_allocate: Start, SA = { 65d508fe 5e81caa1 - 958a9d51 a8db5bb4 } [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_udp_callback_common: New SA [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_init_isakmp_sa: Start, remote = 1.1.1.1:500, initiator = 0 [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_alloc: Allocated fallback negotiation ee5800 [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] P1 SA 5696453 start timer. timer duration 30, reason 1. [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: Updating responder IKE cookie [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: Original IKE cookie [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] 00000000: 958a 9d51 a8db 5bb4 ...Q..[. [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: New IKE cookie [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] 00000000: d83b 7b6c 570b dcc9 .;{lW... [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_fb_st_new_p1_connection_local_addresses: Accepting new Phase-1 negotiation: local=2.2.2.2:500, remote=1.1.1.1:500 (neg ee5800) [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 65d508fe 5e81caa1 - d83b7b6c 570bdcc9} / 00000000, nego = -1 [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Start [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Found 1 proposals [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_t: Start, # trans = 1 [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation R (2)/-1, exchange = 2, auth_method = any, Responder [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..28] = 9436e8d6 7174ef9a ... [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..16] = afcad713 68a1f1c9 ... [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..20] = 48656172 74426561 ... [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_proposal: Start [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] iked_pm_phase1_sa_cfg_lookup_by_addr: Found SA-CFG Colo_VPN by ip address for local:2.2.2.2, remote:1.1.1.1 IKEv1 remote_port:500 ksa_cfg_remote_port=0 [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sa_select: SA_SELECT: Selecting IKEv1 proposal. [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Comparing 1 input proposals against 1 policy proposals [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Comparing input proposal #1 against policy proposal #1 [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Comparing 1 protocol(s) [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Comparing transforms of protocol 1 [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Comparing 1 input transforms against 1 policy transforms [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Comparing input transform #1 against policy transform #0 [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Transform id 1 matches, comparing attributes [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing 6 input attributes against 6 policy attributes [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 0 against policy attribute 0 [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 1 match [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 0 [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 1 [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 2 [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 2 match [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 2 against policy attribute 0 [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 2 against policy attribute 1 [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 4 match [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 0 [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 1 [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 2 [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 3 [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 4 [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 5 [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 3 match [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input attribute 4 is life type/duration, ignoring [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input attribute 5 is life type/duration, ignoring [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Attributes matched successfully [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Setting life in seconds to 28800 from policy [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Attributes match; selected input transform 0 [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Protocols match [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Selected proposal number 1 and transforms for 1 protocols [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Selected transform id 1 for protocol 1 [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Proposals match [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_fb_spd_select_sa_cb: Diffie-Hellman group number 2 selected [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_fb_spd_select_sa_cb: Authentication method number 1 selected [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_isakmp_sa_reply: Start [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { 65d508fe 5e81caa1 - d83b7b6c 570bdcc9}, nego = -1 [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation R (2)/1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_proposal: Start [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_st_o_sa_values: Start [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_vendor_ids: Start [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM SA R (4) [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x65d508fe 5e81caa1 - d83b7b6c 570bdcc9 } / 00000000, nego = -1 [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 132 [May 24 12:29:45][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 65d508fe 5e81caa1 - d83b7b6c 570bdcc9}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ikev2_packet_allocate: Allocated packet e49c00 from freelist [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 65d508fe 5e81caa1 - d83b7b6c 570bdcc9 } [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 65d508fe 5e81caa1 - d83b7b6c 570bdcc9 } / 00000000, remote = 1.1.1.1:500 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 65d508fe 5e81caa1 - d83b7b6c 570bdcc9 } [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 65d508fe 5e81caa1 - d83b7b6c 570bdcc9} / 00000000, nego = -1 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA R (4)/-1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_st_i_nonce: Start, nonce[0..32] = 647bf2fe 621c270b ... [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_st_i_ke: Ke[0..128] = def82c01 a5262067 ... [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_st_o_ke: Start [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] iked_dh_generate_sync: Requested DH group 2 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] iked_dh_generate: Generated DH keys using hardware for DH group 2 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [7268] [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_st_o_nonce: Start [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_nonce_data_len: Start [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] iked_pm_phase1_sa_cfg_lookup_by_addr: Found SA-CFG Colo_VPN by ip address for local:2.2.2.2, remote:1.1.1.1 IKEv1 remote_port:500 ksa_cfg_remote_port=0 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_find_pre_shared_key: Start [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { 65d508fe 5e81caa1 - d83b7b6c 570bdcc9}, nego = -1 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA R (4)/258, exchange = 2, auth_method = pre shared key, Responder [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_st_o_calc_skeyid: Calculating skeyid [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] iked_dh_compute_synch: Requested DH group 2 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] Peer public key has length 128 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: DH Compute Secs [0] USecs [5889] [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: Computed DH using hardware [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM KE R (6) [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x65d508fe 5e81caa1 - d83b7b6c 570bdcc9 } / 00000000, nego = -1 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 180 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 65d508fe 5e81caa1 - d83b7b6c 570bdcc9}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ikev2_packet_allocate: Allocated packet e4a000 from freelist [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 65d508fe 5e81caa1 - d83b7b6c 570bdcc9 } [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 65d508fe 5e81caa1 - d83b7b6c 570bdcc9 } / 00000000, remote = 1.1.1.1:500 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 65d508fe 5e81caa1 - d83b7b6c 570bdcc9 } [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 65d508fe 5e81caa1 - d83b7b6c 570bdcc9} / 00000000, nego = -1 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Decrypting packet [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE R (6)/-1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_st_i_encrypt: Check that packet was encrypted succeeded [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_st_i_id: Start [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_st_i_hash: Start, hash[0..20] = 89294309 d756508f ... [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = false, local = false [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_id: Start [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { 65d508fe 5e81caa1 - d83b7b6c 570bdcc9}, nego = -1 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE R (6)/256, exchange = 2, auth_method = pre shared key, Responder [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_st_o_hash: Start [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = false, local = true [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_st_o_status_n: Start [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_st_o_encrypt: Marking encryption for packet [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_st_o_wait_done: Marking for waiting for done [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_st_o_all_done: MESSAGE: Phase 1 { 0x65d508fe 5e81caa1 - 0xd83b7b6c 570bdcc9 } / 00000000, version = 1.0, xchg = Identity protect, auth_method = Pre shared keys, Responder, cipher = 3de [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM final R (8) [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x65d508fe 5e81caa1 - d83b7b6c 570bdcc9 } / 00000000, nego = -1 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 68 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 65d508fe 5e81caa1 - d83b7b6c 570bdcc9}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_send_notify: Connected, SA = { 65d508fe 5e81caa1 - d83b7b6c 570bdcc9}, nego = -1 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_done: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] kmd_ipaddr2ikeid: ipaddr = 1.1.1.1 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] iked_pm_id_validate id NOT matched. [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] P1 SA 5696453 stop timer. timer duration 30, reason 1. [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] P1 SA 5696453 start timer. timer duration 0, reason 3. [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Freeing fallback negotiation ee5800 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] P1 SA 5696453 timer expiry. ref cnt 1, timer reason Defer delete timer expired (3), flags 0x230. [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] Initiate IKE P1 SA 5696453 delete. curr ref count 1, del flags 0x3 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_delete_done_cb: For p1 sa index 5696453, ref cnt 1, status: Error ok [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_remove_callback: Start, delete SA = { 65d508fe 5e81caa1 - d83b7b6c 570bdcc9}, nego = -1 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_delete_negotiation: Start, SA = { 65d508fe 5e81caa1 - d83b7b6c 570bdcc9}, nego = -1 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: Deleting tunnel_id: 0 from IKE tunnel table [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: The tunnel id: 0 doesn't exist in IKE tunnel table [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_sa_delete: Start, SA = { 65d508fe 5e81caa1 - d83b7b6c 570bdcc9 } [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_isakmp: Start, nego = -1 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = -1 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ikev2_fb_isakmp_sa_freed: Received notification from the ISAKMP library that the IKE SA ee1400 is freed [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] IKE SA delete called for p1 sa 5696453 (ref cnt 1) local:2.2.2.2, remote:1.1.1.1, IKEv1 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] P1 SA 5696453 stop timer. timer duration 0, reason 0. [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] iked_pm_p1_sa_destroy: p1 sa 5696453 (ref cnt 0), waiting_for_del 0x0 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 1 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 2 [May 24 12:29:46][2.2.2.2 <-> 1.1.1.1] ike_free_sa: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { a57cc3ae 2fae2d78 - 00000000 00000000 } / 00000000, remote = 1.1.1.1:500 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_get_sa: We are responder and this is initiators first packet [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_sa_allocate: Start, SA = { a57cc3ae 2fae2d78 - 25c9866a d144b3a0 } [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_udp_callback_common: New SA [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_init_isakmp_sa: Start, remote = 1.1.1.1:500, initiator = 0 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_alloc: Allocated fallback negotiation ee5800 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] P1 SA 5696454 start timer. timer duration 30, reason 1. [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: Updating responder IKE cookie [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: Original IKE cookie [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] 00000000: 25c9 866a d144 b3a0 %..j.D.. [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: New IKE cookie [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] 00000000: 66a6 66ba 1552 fe39 f.f..R.9 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_fb_st_new_p1_connection_local_addresses: Accepting new Phase-1 negotiation: local=2.2.2.2:500, remote=1.1.1.1:500 (neg ee5800) [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { a57cc3ae 2fae2d78 - 66a666ba 1552fe39} / 00000000, nego = -1 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Found 1 proposals [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_t: Start, # trans = 1 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation R (2)/-1, exchange = 2, auth_method = any, Responder [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..28] = 9436e8d6 7174ef9a ... [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..16] = afcad713 68a1f1c9 ... [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..20] = 48656172 74426561 ... [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_proposal: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] iked_pm_phase1_sa_cfg_lookup_by_addr: Found SA-CFG Colo_VPN by ip address for local:2.2.2.2, remote:1.1.1.1 IKEv1 remote_port:500 ksa_cfg_remote_port=0 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sa_select: SA_SELECT: Selecting IKEv1 proposal. [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Comparing 1 input proposals against 1 policy proposals [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Comparing input proposal #1 against policy proposal #1 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Comparing 1 protocol(s) [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Comparing transforms of protocol 1 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Comparing 1 input transforms against 1 policy transforms [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Comparing input transform #1 against policy transform #0 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Transform id 1 matches, comparing attributes [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing 6 input attributes against 6 policy attributes [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 0 against policy attribute 0 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 1 match [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 0 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 1 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 2 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 2 match [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 2 against policy attribute 0 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 2 against policy attribute 1 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 4 match [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 0 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 1 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 2 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 3 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 4 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 5 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 3 match [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input attribute 4 is life type/duration, ignoring [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input attribute 5 is life type/duration, ignoring [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Attributes matched successfully [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Setting life in seconds to 28800 from policy [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Attributes match; selected input transform 0 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Protocols match [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Selected proposal number 1 and transforms for 1 protocols [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Selected transform id 1 for protocol 1 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Proposals match [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_fb_spd_select_sa_cb: Diffie-Hellman group number 2 selected [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_fb_spd_select_sa_cb: Authentication method number 1 selected [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_isakmp_sa_reply: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { a57cc3ae 2fae2d78 - 66a666ba 1552fe39}, nego = -1 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation R (2)/1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_proposal: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_o_sa_values: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_vendor_ids: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM SA R (4) [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0xa57cc3ae 2fae2d78 - 66a666ba 1552fe39 } / 00000000, nego = -1 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 132 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { a57cc3ae 2fae2d78 - 66a666ba 1552fe39}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_packet_allocate: Allocated packet e4a800 from freelist [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { a57cc3ae 2fae2d78 - 66a666ba 1552fe39 } [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { a57cc3ae 2fae2d78 - 66a666ba 1552fe39 } / 00000000, remote = 1.1.1.1:500 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { a57cc3ae 2fae2d78 - 66a666ba 1552fe39 } [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { a57cc3ae 2fae2d78 - 66a666ba 1552fe39} / 00000000, nego = -1 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA R (4)/-1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_nonce: Start, nonce[0..32] = 60c6ee99 fc725726 ... [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_ke: Ke[0..128] = ed5ca7b4 bcc72b82 ... [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_o_ke: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] iked_dh_generate_sync: Requested DH group 2 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] iked_dh_generate: Generated DH keys using hardware for DH group 2 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [6116] [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_o_nonce: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_nonce_data_len: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] iked_pm_phase1_sa_cfg_lookup_by_addr: Found SA-CFG Colo_VPN by ip address for local:2.2.2.2, remote:1.1.1.1 IKEv1 remote_port:500 ksa_cfg_remote_port=0 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_find_pre_shared_key: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { a57cc3ae 2fae2d78 - 66a666ba 1552fe39}, nego = -1 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA R (4)/258, exchange = 2, auth_method = pre shared key, Responder [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_o_calc_skeyid: Calculating skeyid [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] iked_dh_compute_synch: Requested DH group 2 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] Peer public key has length 128 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: DH Compute Secs [0] USecs [5220] [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: Computed DH using hardware [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM KE R (6) [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0xa57cc3ae 2fae2d78 - 66a666ba 1552fe39 } / 00000000, nego = -1 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 180 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { a57cc3ae 2fae2d78 - 66a666ba 1552fe39}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_packet_allocate: Allocated packet e4ac00 from freelist [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { a57cc3ae 2fae2d78 - 66a666ba 1552fe39 } [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { a57cc3ae 2fae2d78 - 66a666ba 1552fe39 } / 00000000, remote = 1.1.1.1:500 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { a57cc3ae 2fae2d78 - 66a666ba 1552fe39 } [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { a57cc3ae 2fae2d78 - 66a666ba 1552fe39} / 00000000, nego = -1 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Decrypting packet [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE R (6)/-1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_encrypt: Check that packet was encrypted succeeded [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_id: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_hash: Start, hash[0..20] = afc1c7c1 5202a9db ... [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = false, local = false [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_id: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { a57cc3ae 2fae2d78 - 66a666ba 1552fe39}, nego = -1 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE R (6)/256, exchange = 2, auth_method = pre shared key, Responder [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_o_hash: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = false, local = true [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_o_status_n: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_o_encrypt: Marking encryption for packet [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_o_wait_done: Marking for waiting for done [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_st_o_all_done: MESSAGE: Phase 1 { 0xa57cc3ae 2fae2d78 - 0x66a666ba 1552fe39 } / 00000000, version = 1.0, xchg = Identity protect, auth_method = Pre shared keys, Responder, cipher = 3de [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM final R (8) [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0xa57cc3ae 2fae2d78 - 66a666ba 1552fe39 } / 00000000, nego = -1 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 68 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { a57cc3ae 2fae2d78 - 66a666ba 1552fe39}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_send_notify: Connected, SA = { a57cc3ae 2fae2d78 - 66a666ba 1552fe39}, nego = -1 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_done: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] kmd_ipaddr2ikeid: ipaddr = 1.1.1.1 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] iked_pm_id_validate id NOT matched. [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] P1 SA 5696454 stop timer. timer duration 30, reason 1. [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] P1 SA 5696454 start timer. timer duration 0, reason 3. [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Freeing fallback negotiation ee5800 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] P1 SA 5696454 timer expiry. ref cnt 1, timer reason Defer delete timer expired (3), flags 0x230. [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] Initiate IKE P1 SA 5696454 delete. curr ref count 1, del flags 0x3 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_delete_done_cb: For p1 sa index 5696454, ref cnt 1, status: Error ok [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_remove_callback: Start, delete SA = { a57cc3ae 2fae2d78 - 66a666ba 1552fe39}, nego = -1 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_delete_negotiation: Start, SA = { a57cc3ae 2fae2d78 - 66a666ba 1552fe39}, nego = -1 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: Deleting tunnel_id: 0 from IKE tunnel table [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: The tunnel id: 0 doesn't exist in IKE tunnel table [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_sa_delete: Start, SA = { a57cc3ae 2fae2d78 - 66a666ba 1552fe39 } [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_isakmp: Start, nego = -1 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = -1 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ikev2_fb_isakmp_sa_freed: Received notification from the ISAKMP library that the IKE SA ee1400 is freed [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] IKE SA delete called for p1 sa 5696454 (ref cnt 1) local:2.2.2.2, remote:1.1.1.1, IKEv1 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] P1 SA 5696454 stop timer. timer duration 0, reason 0. [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] iked_pm_p1_sa_destroy: p1 sa 5696454 (ref cnt 0), waiting_for_del 0x0 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 1 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 2 [May 24 12:30:18][2.2.2.2 <-> 1.1.1.1] ike_free_sa: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] Triggering negotiation for Colo_VPN config block [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_callback: lookup peer entry for gateway gw_Colo_VPN, local_port=500, remote_port=500 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_create_peer_entry: Created peer entry 0xee3800 for local 2.2.2.2:500 remote 1.1.1.1:500 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_fetch_or_create_peer_entry: Create peer entry 0xee3800 for local 2.2.2.2:500 remote 1.1.1.1:500. gw gw_Colo_VPN, VR id 0 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_callback: FOUND peer entry for gateway gw_Colo_VPN [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] Initiating new P1 SA for gateway gw_Colo_VPN [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696455 start timer. timer duration 30, reason 1. [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_negotiation Set p2_ed in sa_cfg=Colo_VPN [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_peer_insert_p1sa_entry: Insert p1 sa 5696455 in peer entry 0xee3800 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_negotiation Convert traffic selectors from V1 format to V2 format for narrowing/matching selectors [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_alloc: Allocated fallback negotiation ee5800 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_spd_notify_request: Sending Initial contact [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] IKE SA fill called for negotiation of local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect: Start, remote_name = 1.1.1.1:500, xchg = 2, flags = 00090000 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_sa_allocate: Start, SA = { 4e1c6b5e 46f7341c - 00000000 00000000 } [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_init_isakmp_sa: Start, remote = 1.1.1.1:500, initiator = 1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect: SA = { 4e1c6b5e 46f7341c - 00000000 00000000}, nego = -1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation I (1)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_sa_proposal: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_vendor_ids: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM SA I (3) [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x4e1c6b5e 46f7341c - 00000000 00000000 } / 00000000, nego = -1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 144 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 4e1c6b5e 46f7341c - 00000000 00000000}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Not found SA = { 4e1c6b5e 46f7341c - b28c9bd8 7c080210 } [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 4e1c6b5e 46f7341c - b28c9bd8 7c080210 } / 00000000, remote = 1.1.1.1:500 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Not found SA = { 4e1c6b5e 46f7341c - b28c9bd8 7c080210 } [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find_half: Found half SA = { 4e1c6b5e 46f7341c - 00000000 00000000 } [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_get_sa: We are intiator, first response packet [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_sa_upgrade: Start, SA = { 4e1c6b5e 46f7341c - 00000000 00000000 } -> { ... - b28c9bd8 7c080210 } [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 4e1c6b5e 46f7341c - b28c9bd8 7c080210} / 00000000, nego = -1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Found 1 proposals [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_t: Start, # trans = 1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA I (3)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_value: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..28] = 9436e8d6 7174ef9a ... [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..16] = afcad713 68a1f1c9 ... [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..20] = 48656172 74426561 ... [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_ke: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_dh_generate_sync: Requested DH group 2 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_dh_generate: Generated DH keys using hardware for DH group 2 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [6664] [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_nonce: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_nonce_data_len: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM KE I (5) [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x4e1c6b5e 46f7341c - b28c9bd8 7c080210 } / 00000000, nego = -1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 180 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 4e1c6b5e 46f7341c - b28c9bd8 7c080210}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 4e1c6b5e 46f7341c - b28c9bd8 7c080210 } [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 4e1c6b5e 46f7341c - b28c9bd8 7c080210 } / 00000000, remote = 1.1.1.1:500 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 4e1c6b5e 46f7341c - b28c9bd8 7c080210 } [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 4e1c6b5e 46f7341c - b28c9bd8 7c080210} / 00000000, nego = -1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE I (5)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_nonce: Start, nonce[0..32] = 086f93fd f2a55424 ... [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_ke: Ke[0..128] = f7e87fbe d7649bd4 ... [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_hash: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_dh_compute_synch: Requested DH group 2 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] Peer public key has length 128 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: DH Compute Secs [0] USecs [5561] [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: Computed DH using hardware [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = ipv4(any:0,[0..3]=2.2.2.2) -> 1.1.1.1:500, id = No Id [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_find_pre_shared_key: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = true, local = true [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_status_n: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_encrypt: Marking encryption for packet [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM final I (7) [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x4e1c6b5e 46f7341c - b28c9bd8 7c080210 } / 00000000, nego = -1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 92 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 4e1c6b5e 46f7341c - b28c9bd8 7c080210}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 4e1c6b5e 46f7341c - b28c9bd8 7c080210 } [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 4e1c6b5e 46f7341c - b28c9bd8 7c080210 } / 00000000, remote = 1.1.1.1:500 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 4e1c6b5e 46f7341c - b28c9bd8 7c080210 } [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 4e1c6b5e 46f7341c - b28c9bd8 7c080210} / 00000000, nego = -1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Decrypting packet [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM final I (7)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_encrypt: Check that packet was encrypted succeeded [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_id: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_hash: Start, hash[0..20] = db68bcf9 0351d348 ... [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = true, local = false [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_wait_done: Marking for waiting for done [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_all_done: MESSAGE: Phase 1 { 0x4e1c6b5e 46f7341c - 0xb28c9bd8 7c080210 } / 00000000, version = 1.0, xchg = Identity protect, auth_method = Pre shared keys, Initiator, cipher = 3de [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM done I (9) [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_send_notify: Connected, SA = { 4e1c6b5e 46f7341c - b28c9bd8 7c080210}, nego = -1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_done: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] kmd_ipaddr2ikeid: ipaddr = 1.1.1.1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_pm_id_validate id NOT matched. [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696455 stop timer. timer duration 30, reason 1. [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696455 start timer. timer duration 0, reason 3. [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ipsec_spi_allocate: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] Added (spi=0xfb424203, protocol=0) entry to the spi table [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ipsec_spi_allocate: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] Added (spi=0xed3d1ed6, protocol=0) entry to the spi table [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect_ipsec: Start, remote_name = :500, flags = 00010000 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Start, SA = { 4e1c6b5e 46f7341c - b28c9bd8 7c080210} [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Found slot 0, max 1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect_ipsec: SA = { 4e1c6b5e 46f7341c - b28c9bd8 7c080210}, nego = 0 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_init_qm_negotiation: Start, initiator = 1, message_id = faca4e4e [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start QM I (14)/-1, exchange = 32, auth_method = phase1, Initiator [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_hash_1: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_sa_proposals: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_nonce: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_qm_nonce_data_len: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_optional_ke: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_dh_generate_sync: Requested DH group 2 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_dh_generate: Generated DH keys using hardware for DH group 2 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [8549] [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_optional_ids: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_qm_optional_id: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_qm_optional_id: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] Construction NHTB payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 P1 SA index 5696455 sa-cfg Colo_VPN [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] Inside iked_get_primary_addr_by_intf_name... AF = 2 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] No address found for interface st0.0 family inet [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_get_interface_primary_ip_by_family:Can Not find family for tunnel interface st0.0 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_nhtb_get_tunnel_ip:Can Not get primary IP for tunnel interface st0.0 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] Could not get local tunnel ip address. Not sending NHTB notify payload for sa-cfg Colo_VPN [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_encrypt: Marking encryption for packet [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = QM HASH SA I (16) [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x4e1c6b5e 46f7341c - b28c9bd8 7c080210 } / faca4e4e, nego = 0 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_finalize_qm_hash_1: Hash[0..20] = baf732ac 4cf094ef ... [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 292 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 4e1c6b5e 46f7341c - b28c9bd8 7c080210}, nego = 0, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696455 timer expiry. ref cnt 2, timer reason Defer delete timer expired (3), flags 0x30. [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] Initiate IKE P1 SA 5696455 delete. curr ref count 2, del flags 0x2 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_delete_notify_done_cb: For p1 sa index 5696455, ref cnt 2, status: Error ok [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_expire_callback: Start, expire SA = { 4e1c6b5e 46f7341c - b28c9bd8 7c080210}, nego = -1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Start, SA = { 4e1c6b5e 46f7341c - b28c9bd8 7c080210} [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Found slot 1, max 2 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_init_info_exchange: Created random message id = d2afb981 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_init_info_exchange: Phase 1 done, use HASH and N or D payload [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x4e1c6b5e 46f7341c - b28c9bd8 7c080210 } / d2afb981, nego = 1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 84 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_expire_callback: Sending notification to 1.1.1.1:500 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 4e1c6b5e 46f7341c - b28c9bd8 7c080210}, nego = 1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_delete_negotiation: Start, SA = { 4e1c6b5e 46f7341c - b28c9bd8 7c080210}, nego = 1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_info: Start, nego = 1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = 1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_remove_callback: Start, delete SA = { 4e1c6b5e 46f7341c - b28c9bd8 7c080210}, nego = -1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_delete_negotiation: Start, SA = { 4e1c6b5e 46f7341c - b28c9bd8 7c080210}, nego = -1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: Deleting tunnel_id: 0 from IKE tunnel table [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: The tunnel id: 0 doesn't exist in IKE tunnel table [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_sa_delete: Start, SA = { 4e1c6b5e 46f7341c - b28c9bd8 7c080210 } [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_qm: Start, nego = 0 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = 0 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 4 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 4 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_isakmp: Start, nego = -1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = -1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ikev2_fb_isakmp_sa_freed: Received notification from the ISAKMP library that the IKE SA ee1400 is freed [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] IKE SA delete called for p1 sa 5696455 (ref cnt 2) local:2.2.2.2, remote:1.1.1.1, IKEv1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696455 stop timer. timer duration 0, reason 0. [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696455 reference count is not zero (1). Delaying deletion of SA [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 1 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 2 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ike_free_sa: Start [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Freeing fallback negotiation ee5800 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_pm_p1_sa_destroy: p1 sa 5696455 (ref cnt 0), waiting_for_del 0xe709c0 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_peer_remove_p1sa_entry: Remove p1 sa 5696455 from peer entry 0xee3800 [May 24 12:30:32][2.2.2.2 <-> 1.1.1.1] iked_peer_entry_patricia_delete:Peer entry 0xee3800 deleted for local 2.2.2.2:500 and remote 1.1.1.1:500 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { d73fc7d2 1cd542ba - 00000000 00000000 } / 00000000, remote = 1.1.1.1:500 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_get_sa: We are responder and this is initiators first packet [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_sa_allocate: Start, SA = { d73fc7d2 1cd542ba - 4a9ea1c5 f2d36c9f } [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_udp_callback_common: New SA [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_init_isakmp_sa: Start, remote = 1.1.1.1:500, initiator = 0 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_alloc: Allocated fallback negotiation ee5800 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] P1 SA 5696456 start timer. timer duration 30, reason 1. [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: Updating responder IKE cookie [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: Original IKE cookie [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] 00000000: 4a9e a1c5 f2d3 6c9f J.....l. [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: New IKE cookie [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] 00000000: e365 3783 5716 a452 .e7.W..R [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_fb_st_new_p1_connection_local_addresses: Accepting new Phase-1 negotiation: local=2.2.2.2:500, remote=1.1.1.1:500 (neg ee5800) [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { d73fc7d2 1cd542ba - e3653783 5716a452} / 00000000, nego = -1 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Found 1 proposals [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_t: Start, # trans = 1 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation R (2)/-1, exchange = 2, auth_method = any, Responder [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..28] = 9436e8d6 7174ef9a ... [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..16] = afcad713 68a1f1c9 ... [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..20] = 48656172 74426561 ... [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_proposal: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] iked_pm_phase1_sa_cfg_lookup_by_addr: Found SA-CFG Colo_VPN by ip address for local:2.2.2.2, remote:1.1.1.1 IKEv1 remote_port:500 ksa_cfg_remote_port=0 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sa_select: SA_SELECT: Selecting IKEv1 proposal. [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Comparing 1 input proposals against 1 policy proposals [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Comparing input proposal #1 against policy proposal #1 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Comparing 1 protocol(s) [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Comparing transforms of protocol 1 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Comparing 1 input transforms against 1 policy transforms [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Comparing input transform #1 against policy transform #0 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Transform id 1 matches, comparing attributes [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing 6 input attributes against 6 policy attributes [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 0 against policy attribute 0 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 1 match [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 0 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 1 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 2 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 2 match [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 2 against policy attribute 0 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 2 against policy attribute 1 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 4 match [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 0 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 1 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 2 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 3 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 4 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 5 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 3 match [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input attribute 4 is life type/duration, ignoring [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input attribute 5 is life type/duration, ignoring [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Attributes matched successfully [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Setting life in seconds to 28800 from policy [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Attributes match; selected input transform 0 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Protocols match [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Selected proposal number 1 and transforms for 1 protocols [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Selected transform id 1 for protocol 1 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Proposals match [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_fb_spd_select_sa_cb: Diffie-Hellman group number 2 selected [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_fb_spd_select_sa_cb: Authentication method number 1 selected [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_isakmp_sa_reply: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { d73fc7d2 1cd542ba - e3653783 5716a452}, nego = -1 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation R (2)/1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_proposal: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_sa_values: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_vendor_ids: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM SA R (4) [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0xd73fc7d2 1cd542ba - e3653783 5716a452 } / 00000000, nego = -1 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 132 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { d73fc7d2 1cd542ba - e3653783 5716a452}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_packet_allocate: Allocated packet e4c000 from freelist [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { d73fc7d2 1cd542ba - e3653783 5716a452 } [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { d73fc7d2 1cd542ba - e3653783 5716a452 } / 00000000, remote = 1.1.1.1:500 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { d73fc7d2 1cd542ba - e3653783 5716a452 } [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { d73fc7d2 1cd542ba - e3653783 5716a452} / 00000000, nego = -1 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA R (4)/-1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_nonce: Start, nonce[0..32] = 75a05ed8 4233841d ... [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_ke: Ke[0..128] = ae7031ef bd3cdb5c ... [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_ke: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] iked_dh_generate_sync: Requested DH group 2 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] iked_dh_generate: Generated DH keys using hardware for DH group 2 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [6256] [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_nonce: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_nonce_data_len: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] iked_pm_phase1_sa_cfg_lookup_by_addr: Found SA-CFG Colo_VPN by ip address for local:2.2.2.2, remote:1.1.1.1 IKEv1 remote_port:500 ksa_cfg_remote_port=0 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_find_pre_shared_key: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { d73fc7d2 1cd542ba - e3653783 5716a452}, nego = -1 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA R (4)/258, exchange = 2, auth_method = pre shared key, Responder [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_calc_skeyid: Calculating skeyid [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] iked_dh_compute_synch: Requested DH group 2 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] Peer public key has length 128 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: DH Compute Secs [0] USecs [5546] [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: Computed DH using hardware [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM KE R (6) [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0xd73fc7d2 1cd542ba - e3653783 5716a452 } / 00000000, nego = -1 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 180 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { d73fc7d2 1cd542ba - e3653783 5716a452}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_packet_allocate: Allocated packet e4c400 from freelist [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { d73fc7d2 1cd542ba - e3653783 5716a452 } [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { d73fc7d2 1cd542ba - e3653783 5716a452 } / 00000000, remote = 1.1.1.1:500 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { d73fc7d2 1cd542ba - e3653783 5716a452 } [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { d73fc7d2 1cd542ba - e3653783 5716a452} / 00000000, nego = -1 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Decrypting packet [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE R (6)/-1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_encrypt: Check that packet was encrypted succeeded [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_id: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_hash: Start, hash[0..20] = 7399cb62 2e82164b ... [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = false, local = false [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_id: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { d73fc7d2 1cd542ba - e3653783 5716a452}, nego = -1 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE R (6)/256, exchange = 2, auth_method = pre shared key, Responder [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_hash: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = false, local = true [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_status_n: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_encrypt: Marking encryption for packet [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_wait_done: Marking for waiting for done [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_all_done: MESSAGE: Phase 1 { 0xd73fc7d2 1cd542ba - 0xe3653783 5716a452 } / 00000000, version = 1.0, xchg = Identity protect, auth_method = Pre shared keys, Responder, cipher = 3de [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM final R (8) [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0xd73fc7d2 1cd542ba - e3653783 5716a452 } / 00000000, nego = -1 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 68 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { d73fc7d2 1cd542ba - e3653783 5716a452}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_send_notify: Connected, SA = { d73fc7d2 1cd542ba - e3653783 5716a452}, nego = -1 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_done: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] kmd_ipaddr2ikeid: ipaddr = 1.1.1.1 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] iked_pm_id_validate id NOT matched. [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] P1 SA 5696456 stop timer. timer duration 30, reason 1. [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] P1 SA 5696456 start timer. timer duration 0, reason 3. [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Freeing fallback negotiation ee5800 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] P1 SA 5696456 timer expiry. ref cnt 1, timer reason Defer delete timer expired (3), flags 0x230. [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] Initiate IKE P1 SA 5696456 delete. curr ref count 1, del flags 0x3 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_delete_done_cb: For p1 sa index 5696456, ref cnt 1, status: Error ok [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_remove_callback: Start, delete SA = { d73fc7d2 1cd542ba - e3653783 5716a452}, nego = -1 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_delete_negotiation: Start, SA = { d73fc7d2 1cd542ba - e3653783 5716a452}, nego = -1 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: Deleting tunnel_id: 0 from IKE tunnel table [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: The tunnel id: 0 doesn't exist in IKE tunnel table [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_sa_delete: Start, SA = { d73fc7d2 1cd542ba - e3653783 5716a452 } [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_isakmp: Start, nego = -1 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = -1 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ikev2_fb_isakmp_sa_freed: Received notification from the ISAKMP library that the IKE SA ee1400 is freed [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] IKE SA delete called for p1 sa 5696456 (ref cnt 1) local:2.2.2.2, remote:1.1.1.1, IKEv1 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] P1 SA 5696456 stop timer. timer duration 0, reason 0. [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] iked_pm_p1_sa_destroy: p1 sa 5696456 (ref cnt 0), waiting_for_del 0x0 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 1 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 2 [May 24 12:31:08][2.2.2.2 <-> 1.1.1.1] ike_free_sa: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] Triggering negotiation for Colo_VPN config block [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_callback: lookup peer entry for gateway gw_Colo_VPN, local_port=500, remote_port=500 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_create_peer_entry: Created peer entry 0xee3800 for local 2.2.2.2:500 remote 1.1.1.1:500 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_fetch_or_create_peer_entry: Create peer entry 0xee3800 for local 2.2.2.2:500 remote 1.1.1.1:500. gw gw_Colo_VPN, VR id 0 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_callback: FOUND peer entry for gateway gw_Colo_VPN [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] Initiating new P1 SA for gateway gw_Colo_VPN [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696457 start timer. timer duration 30, reason 1. [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_negotiation Set p2_ed in sa_cfg=Colo_VPN [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_peer_insert_p1sa_entry: Insert p1 sa 5696457 in peer entry 0xee3800 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_negotiation Convert traffic selectors from V1 format to V2 format for narrowing/matching selectors [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_alloc: Allocated fallback negotiation ee5800 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_spd_notify_request: Sending Initial contact [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] IKE SA fill called for negotiation of local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect: Start, remote_name = 1.1.1.1:500, xchg = 2, flags = 00090000 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_sa_allocate: Start, SA = { 5cb91248 7124cd6a - 00000000 00000000 } [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_init_isakmp_sa: Start, remote = 1.1.1.1:500, initiator = 1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect: SA = { 5cb91248 7124cd6a - 00000000 00000000}, nego = -1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation I (1)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_sa_proposal: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_vendor_ids: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM SA I (3) [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x5cb91248 7124cd6a - 00000000 00000000 } / 00000000, nego = -1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 144 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 5cb91248 7124cd6a - 00000000 00000000}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Not found SA = { 5cb91248 7124cd6a - 8cb15d53 f21c1047 } [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 5cb91248 7124cd6a - 8cb15d53 f21c1047 } / 00000000, remote = 1.1.1.1:500 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Not found SA = { 5cb91248 7124cd6a - 8cb15d53 f21c1047 } [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find_half: Found half SA = { 5cb91248 7124cd6a - 00000000 00000000 } [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_get_sa: We are intiator, first response packet [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_sa_upgrade: Start, SA = { 5cb91248 7124cd6a - 00000000 00000000 } -> { ... - 8cb15d53 f21c1047 } [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 5cb91248 7124cd6a - 8cb15d53 f21c1047} / 00000000, nego = -1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Found 1 proposals [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_t: Start, # trans = 1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA I (3)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_value: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..28] = 9436e8d6 7174ef9a ... [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..16] = afcad713 68a1f1c9 ... [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..20] = 48656172 74426561 ... [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_ke: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_dh_generate_sync: Requested DH group 2 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_dh_generate: Generated DH keys using hardware for DH group 2 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [6581] [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_nonce: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_nonce_data_len: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM KE I (5) [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x5cb91248 7124cd6a - 8cb15d53 f21c1047 } / 00000000, nego = -1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 180 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 5cb91248 7124cd6a - 8cb15d53 f21c1047}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 5cb91248 7124cd6a - 8cb15d53 f21c1047 } [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 5cb91248 7124cd6a - 8cb15d53 f21c1047 } / 00000000, remote = 1.1.1.1:500 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 5cb91248 7124cd6a - 8cb15d53 f21c1047 } [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 5cb91248 7124cd6a - 8cb15d53 f21c1047} / 00000000, nego = -1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE I (5)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_nonce: Start, nonce[0..32] = 93053073 4bbff46b ... [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_ke: Ke[0..128] = 05290ad2 0c78b25f ... [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_hash: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_dh_compute_synch: Requested DH group 2 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] Peer public key has length 128 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: DH Compute Secs [0] USecs [5623] [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: Computed DH using hardware [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = ipv4(any:0,[0..3]=2.2.2.2) -> 1.1.1.1:500, id = No Id [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_find_pre_shared_key: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = true, local = true [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_status_n: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_encrypt: Marking encryption for packet [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM final I (7) [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x5cb91248 7124cd6a - 8cb15d53 f21c1047 } / 00000000, nego = -1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 92 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 5cb91248 7124cd6a - 8cb15d53 f21c1047}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 5cb91248 7124cd6a - 8cb15d53 f21c1047 } [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 5cb91248 7124cd6a - 8cb15d53 f21c1047 } / 00000000, remote = 1.1.1.1:500 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 5cb91248 7124cd6a - 8cb15d53 f21c1047 } [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 5cb91248 7124cd6a - 8cb15d53 f21c1047} / 00000000, nego = -1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Decrypting packet [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM final I (7)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_encrypt: Check that packet was encrypted succeeded [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_id: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_hash: Start, hash[0..20] = 441f8b93 2dcb4d25 ... [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = true, local = false [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_wait_done: Marking for waiting for done [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_all_done: MESSAGE: Phase 1 { 0x5cb91248 7124cd6a - 0x8cb15d53 f21c1047 } / 00000000, version = 1.0, xchg = Identity protect, auth_method = Pre shared keys, Initiator, cipher = 3de [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM done I (9) [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_send_notify: Connected, SA = { 5cb91248 7124cd6a - 8cb15d53 f21c1047}, nego = -1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_done: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] kmd_ipaddr2ikeid: ipaddr = 1.1.1.1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_pm_id_validate id NOT matched. [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696457 stop timer. timer duration 30, reason 1. [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696457 start timer. timer duration 0, reason 3. [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ipsec_spi_allocate: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] Added (spi=0xc9c0f4dd, protocol=0) entry to the spi table [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ipsec_spi_allocate: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] Added (spi=0xf5bb25ba, protocol=0) entry to the spi table [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect_ipsec: Start, remote_name = :500, flags = 00010000 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Start, SA = { 5cb91248 7124cd6a - 8cb15d53 f21c1047} [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Found slot 0, max 1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect_ipsec: SA = { 5cb91248 7124cd6a - 8cb15d53 f21c1047}, nego = 0 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_init_qm_negotiation: Start, initiator = 1, message_id = 384f457c [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start QM I (14)/-1, exchange = 32, auth_method = phase1, Initiator [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_hash_1: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_sa_proposals: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_nonce: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_qm_nonce_data_len: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_optional_ke: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_dh_generate_sync: Requested DH group 2 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_dh_generate: Generated DH keys using hardware for DH group 2 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [7250] [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_optional_ids: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_qm_optional_id: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_qm_optional_id: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] Construction NHTB payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 P1 SA index 5696457 sa-cfg Colo_VPN [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] Inside iked_get_primary_addr_by_intf_name... AF = 2 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] No address found for interface st0.0 family inet [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_get_interface_primary_ip_by_family:Can Not find family for tunnel interface st0.0 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_nhtb_get_tunnel_ip:Can Not get primary IP for tunnel interface st0.0 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] Could not get local tunnel ip address. Not sending NHTB notify payload for sa-cfg Colo_VPN [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_encrypt: Marking encryption for packet [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = QM HASH SA I (16) [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x5cb91248 7124cd6a - 8cb15d53 f21c1047 } / 384f457c, nego = 0 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_finalize_qm_hash_1: Hash[0..20] = 669d28b6 58123a5c ... [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 292 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 5cb91248 7124cd6a - 8cb15d53 f21c1047}, nego = 0, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696457 timer expiry. ref cnt 2, timer reason Defer delete timer expired (3), flags 0x30. [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] Initiate IKE P1 SA 5696457 delete. curr ref count 2, del flags 0x2 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_delete_notify_done_cb: For p1 sa index 5696457, ref cnt 2, status: Error ok [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_expire_callback: Start, expire SA = { 5cb91248 7124cd6a - 8cb15d53 f21c1047}, nego = -1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Start, SA = { 5cb91248 7124cd6a - 8cb15d53 f21c1047} [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Found slot 1, max 2 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_init_info_exchange: Created random message id = 4ac91ae9 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_init_info_exchange: Phase 1 done, use HASH and N or D payload [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x5cb91248 7124cd6a - 8cb15d53 f21c1047 } / 4ac91ae9, nego = 1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 84 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_expire_callback: Sending notification to 1.1.1.1:500 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 5cb91248 7124cd6a - 8cb15d53 f21c1047}, nego = 1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_delete_negotiation: Start, SA = { 5cb91248 7124cd6a - 8cb15d53 f21c1047}, nego = 1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_info: Start, nego = 1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = 1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_remove_callback: Start, delete SA = { 5cb91248 7124cd6a - 8cb15d53 f21c1047}, nego = -1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_delete_negotiation: Start, SA = { 5cb91248 7124cd6a - 8cb15d53 f21c1047}, nego = -1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: Deleting tunnel_id: 0 from IKE tunnel table [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: The tunnel id: 0 doesn't exist in IKE tunnel table [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_sa_delete: Start, SA = { 5cb91248 7124cd6a - 8cb15d53 f21c1047 } [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_qm: Start, nego = 0 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = 0 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 4 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 4 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_isakmp: Start, nego = -1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = -1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ikev2_fb_isakmp_sa_freed: Received notification from the ISAKMP library that the IKE SA ee1400 is freed [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] IKE SA delete called for p1 sa 5696457 (ref cnt 2) local:2.2.2.2, remote:1.1.1.1, IKEv1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696457 stop timer. timer duration 0, reason 0. [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696457 reference count is not zero (1). Delaying deletion of SA [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 1 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 2 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ike_free_sa: Start [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Freeing fallback negotiation ee5800 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_pm_p1_sa_destroy: p1 sa 5696457 (ref cnt 0), waiting_for_del 0xe709c0 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_peer_remove_p1sa_entry: Remove p1 sa 5696457 from peer entry 0xee3800 [May 24 12:31:32][2.2.2.2 <-> 1.1.1.1] iked_peer_entry_patricia_delete:Peer entry 0xee3800 deleted for local 2.2.2.2:500 and remote 1.1.1.1:500 [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 97b3193c 98030fad - 00000000 00000000 } / 00000000, remote = 1.1.1.1:500 [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_get_sa: We are responder and this is initiators first packet [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_sa_allocate: Start, SA = { 97b3193c 98030fad - d0a51a8b 2d597fc6 } [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_udp_callback_common: New SA [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_init_isakmp_sa: Start, remote = 1.1.1.1:500, initiator = 0 [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_alloc: Allocated fallback negotiation ee5800 [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] P1 SA 5696458 start timer. timer duration 30, reason 1. [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: Updating responder IKE cookie [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: Original IKE cookie [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] 00000000: d0a5 1a8b 2d59 7fc6 ....-Y.. [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: New IKE cookie [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] 00000000: 42d8 b4d3 0000 95dc B....... [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_fb_st_new_p1_connection_local_addresses: Accepting new Phase-1 negotiation: local=2.2.2.2:500, remote=1.1.1.1:500 (neg ee5800) [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 97b3193c 98030fad - 42d8b4d3 000095dc} / 00000000, nego = -1 [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Start [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Found 1 proposals [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_t: Start, # trans = 1 [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation R (2)/-1, exchange = 2, auth_method = any, Responder [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..28] = 9436e8d6 7174ef9a ... [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..16] = afcad713 68a1f1c9 ... [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..20] = 48656172 74426561 ... [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_proposal: Start [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] iked_pm_phase1_sa_cfg_lookup_by_addr: Found SA-CFG Colo_VPN by ip address for local:2.2.2.2, remote:1.1.1.1 IKEv1 remote_port:500 ksa_cfg_remote_port=0 [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sa_select: SA_SELECT: Selecting IKEv1 proposal. [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Comparing 1 input proposals against 1 policy proposals [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Comparing input proposal #1 against policy proposal #1 [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Comparing 1 protocol(s) [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Comparing transforms of protocol 1 [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Comparing 1 input transforms against 1 policy transforms [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Comparing input transform #1 against policy transform #0 [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Transform id 1 matches, comparing attributes [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing 6 input attributes against 6 policy attributes [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 0 against policy attribute 0 [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 1 match [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 0 [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 1 [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 2 [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 2 match [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 2 against policy attribute 0 [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 2 against policy attribute 1 [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 4 match [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 0 [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 1 [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 2 [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 3 [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 4 [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 5 [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 3 match [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input attribute 4 is life type/duration, ignoring [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input attribute 5 is life type/duration, ignoring [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Attributes matched successfully [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Setting life in seconds to 28800 from policy [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Attributes match; selected input transform 0 [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Protocols match [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Selected proposal number 1 and transforms for 1 protocols [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Selected transform id 1 for protocol 1 [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Proposals match [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_fb_spd_select_sa_cb: Diffie-Hellman group number 2 selected [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_fb_spd_select_sa_cb: Authentication method number 1 selected [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_isakmp_sa_reply: Start [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { 97b3193c 98030fad - 42d8b4d3 000095dc}, nego = -1 [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation R (2)/1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_proposal: Start [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_st_o_sa_values: Start [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_vendor_ids: Start [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM SA R (4) [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x97b3193c 98030fad - 42d8b4d3 000095dc } / 00000000, nego = -1 [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 132 [May 24 12:31:45][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 97b3193c 98030fad - 42d8b4d3 000095dc}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ikev2_packet_allocate: Allocated packet e4d800 from freelist [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 97b3193c 98030fad - 42d8b4d3 000095dc } [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 97b3193c 98030fad - 42d8b4d3 000095dc } / 00000000, remote = 1.1.1.1:500 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 97b3193c 98030fad - 42d8b4d3 000095dc } [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 97b3193c 98030fad - 42d8b4d3 000095dc} / 00000000, nego = -1 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA R (4)/-1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_st_i_nonce: Start, nonce[0..32] = ce7ca2a2 93237318 ... [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_st_i_ke: Ke[0..128] = 94e20f07 d23269a0 ... [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_st_o_ke: Start [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] iked_dh_generate_sync: Requested DH group 2 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] iked_dh_generate: Generated DH keys using hardware for DH group 2 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [6034] [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_st_o_nonce: Start [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_nonce_data_len: Start [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] iked_pm_phase1_sa_cfg_lookup_by_addr: Found SA-CFG Colo_VPN by ip address for local:2.2.2.2, remote:1.1.1.1 IKEv1 remote_port:500 ksa_cfg_remote_port=0 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_find_pre_shared_key: Start [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { 97b3193c 98030fad - 42d8b4d3 000095dc}, nego = -1 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA R (4)/258, exchange = 2, auth_method = pre shared key, Responder [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_st_o_calc_skeyid: Calculating skeyid [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] iked_dh_compute_synch: Requested DH group 2 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] Peer public key has length 128 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: DH Compute Secs [0] USecs [5844] [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: Computed DH using hardware [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM KE R (6) [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x97b3193c 98030fad - 42d8b4d3 000095dc } / 00000000, nego = -1 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 180 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 97b3193c 98030fad - 42d8b4d3 000095dc}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ikev2_packet_allocate: Allocated packet e4dc00 from freelist [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 97b3193c 98030fad - 42d8b4d3 000095dc } [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 97b3193c 98030fad - 42d8b4d3 000095dc } / 00000000, remote = 1.1.1.1:500 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 97b3193c 98030fad - 42d8b4d3 000095dc } [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 97b3193c 98030fad - 42d8b4d3 000095dc} / 00000000, nego = -1 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Decrypting packet [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE R (6)/-1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_st_i_encrypt: Check that packet was encrypted succeeded [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_st_i_id: Start [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_st_i_hash: Start, hash[0..20] = 5a4c4bb5 f9717d00 ... [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = false, local = false [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_id: Start [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { 97b3193c 98030fad - 42d8b4d3 000095dc}, nego = -1 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE R (6)/256, exchange = 2, auth_method = pre shared key, Responder [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_st_o_hash: Start [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = false, local = true [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_st_o_status_n: Start [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_st_o_encrypt: Marking encryption for packet [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_st_o_wait_done: Marking for waiting for done [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_st_o_all_done: MESSAGE: Phase 1 { 0x97b3193c 98030fad - 0x42d8b4d3 000095dc } / 00000000, version = 1.0, xchg = Identity protect, auth_method = Pre shared keys, Responder, cipher = 3de [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM final R (8) [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x97b3193c 98030fad - 42d8b4d3 000095dc } / 00000000, nego = -1 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 68 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 97b3193c 98030fad - 42d8b4d3 000095dc}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_send_notify: Connected, SA = { 97b3193c 98030fad - 42d8b4d3 000095dc}, nego = -1 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_done: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] kmd_ipaddr2ikeid: ipaddr = 1.1.1.1 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] iked_pm_id_validate id NOT matched. [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] P1 SA 5696458 stop timer. timer duration 30, reason 1. [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] P1 SA 5696458 start timer. timer duration 0, reason 3. [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Freeing fallback negotiation ee5800 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] P1 SA 5696458 timer expiry. ref cnt 1, timer reason Defer delete timer expired (3), flags 0x230. [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] Initiate IKE P1 SA 5696458 delete. curr ref count 1, del flags 0x3 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_delete_done_cb: For p1 sa index 5696458, ref cnt 1, status: Error ok [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_remove_callback: Start, delete SA = { 97b3193c 98030fad - 42d8b4d3 000095dc}, nego = -1 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_delete_negotiation: Start, SA = { 97b3193c 98030fad - 42d8b4d3 000095dc}, nego = -1 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: Deleting tunnel_id: 0 from IKE tunnel table [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: The tunnel id: 0 doesn't exist in IKE tunnel table [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_sa_delete: Start, SA = { 97b3193c 98030fad - 42d8b4d3 000095dc } [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_isakmp: Start, nego = -1 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = -1 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ikev2_fb_isakmp_sa_freed: Received notification from the ISAKMP library that the IKE SA ee1400 is freed [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] IKE SA delete called for p1 sa 5696458 (ref cnt 1) local:2.2.2.2, remote:1.1.1.1, IKEv1 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] P1 SA 5696458 stop timer. timer duration 0, reason 0. [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] iked_pm_p1_sa_destroy: p1 sa 5696458 (ref cnt 0), waiting_for_del 0x0 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 1 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 2 [May 24 12:31:46][2.2.2.2 <-> 1.1.1.1] ike_free_sa: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_config_process_sa_cfg Find action on Colo_VPN [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] kmd_ipaddr2ikeid: ipaddr = 0.0.0.0/0 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] kmd_ipaddr2ikeid: ipaddr = 0.0.0.0/0 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_config_process_sa_cfg action=3 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] kmd_sa_cfg_children_sa_free: processing SA Colo_VPN [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] Found existing config for SA Colo_VPN [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] kmd_ipaddr2ikeid: ipaddr = 0.0.0.0/0 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] kmd_ipaddr2ikeid: ipaddr = 0.0.0.0/0 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] kmd_ipsec_apply_sacfg: Resetting VPN Monitoring parameters [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] sa_cfg = Colo_VPN and gateway = gw_Colo_VPN are linked, sa_cfg local addrss is: 2.2.2.2 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] S2S dist_id(0) gw_id(0) copied from gateway to sa_cfg [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] Inside iked_get_primary_addr_by_intf_name... AF = 2 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_get_primary_addr_by_intf_name:2421 intf_name fe-0/0/0.0, af=inet, addr_len=4 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_get_primary_addr_by_intf_name:2425 ip address = 2.2.2.2 ifam_flags = 0xc0 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] Got address 2.2.2.2 as prefered address for interface fe-0/0/0.0 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] kmd_ike_gw_populate_sa_cfg: Found ip address for local interface 2.2.2.2 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_config_stage_update_and_activate update_required for sa_cfg = Colo_VPN [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_sa_cfg_get_parent_sa_cfg_child_sas_count No parent for sa_cfg Colo_VPN count is 0 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_deactivate_bind_interface: No more NHTB entries are active for st0.0. Bringing down the interface [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] kmd_update_tunnel_interface: update ifl st0.0 status DOWN for sa_cfg Colo_VPN [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_is_anchoring_instance sa_dist_id=0, self_dist_id=255 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_stop_vpnm_timer: processing SA Colo_VPN [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] Triggering negotiation for Colo_VPN config block [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_callback: lookup peer entry for gateway gw_Colo_VPN, local_port=500, remote_port=500 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_create_peer_entry: Created peer entry 0xee3e00 for local 2.2.2.2:500 remote 1.1.1.1:500 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_fetch_or_create_peer_entry: Create peer entry 0xee3e00 for local 2.2.2.2:500 remote 1.1.1.1:500. gw gw_Colo_VPN, VR id 0 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_callback: FOUND peer entry for gateway gw_Colo_VPN [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] Initiating new P1 SA for gateway gw_Colo_VPN [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] P1 SA 5696459 start timer. timer duration 30, reason 1. [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_negotiation Set p2_ed in sa_cfg=Colo_VPN [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_peer_insert_p1sa_entry: Insert p1 sa 5696459 in peer entry 0xee3e00 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_negotiation Convert traffic selectors from V1 format to V2 format for narrowing/matching selectors [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_alloc: Allocated fallback negotiation ee5800 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_spd_notify_request: Sending Initial contact [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] IKE SA fill called for negotiation of local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect: Start, remote_name = 1.1.1.1:500, xchg = 2, flags = 00090000 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_sa_allocate: Start, SA = { deb5ef2b 762c2769 - 00000000 00000000 } [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_init_isakmp_sa: Start, remote = 1.1.1.1:500, initiator = 1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect: SA = { deb5ef2b 762c2769 - 00000000 00000000}, nego = -1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation I (1)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_sa_proposal: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_vendor_ids: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM SA I (3) [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0xdeb5ef2b 762c2769 - 00000000 00000000 } / 00000000, nego = -1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 144 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { deb5ef2b 762c2769 - 00000000 00000000}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Not found SA = { deb5ef2b 762c2769 - f54adbe1 6da21d72 } [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { deb5ef2b 762c2769 - f54adbe1 6da21d72 } / 00000000, remote = 1.1.1.1:500 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Not found SA = { deb5ef2b 762c2769 - f54adbe1 6da21d72 } [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_sa_find_half: Found half SA = { deb5ef2b 762c2769 - 00000000 00000000 } [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_get_sa: We are intiator, first response packet [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_sa_upgrade: Start, SA = { deb5ef2b 762c2769 - 00000000 00000000 } -> { ... - f54adbe1 6da21d72 } [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { deb5ef2b 762c2769 - f54adbe1 6da21d72} / 00000000, nego = -1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Found 1 proposals [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_t: Start, # trans = 1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA I (3)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_value: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..28] = 9436e8d6 7174ef9a ... [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..16] = afcad713 68a1f1c9 ... [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..20] = 48656172 74426561 ... [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_ke: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_dh_generate_sync: Requested DH group 2 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_dh_generate: Generated DH keys using hardware for DH group 2 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [6260] [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_nonce: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_nonce_data_len: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM KE I (5) [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0xdeb5ef2b 762c2769 - f54adbe1 6da21d72 } / 00000000, nego = -1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 180 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { deb5ef2b 762c2769 - f54adbe1 6da21d72}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { deb5ef2b 762c2769 - f54adbe1 6da21d72 } [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { deb5ef2b 762c2769 - f54adbe1 6da21d72 } / 00000000, remote = 1.1.1.1:500 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { deb5ef2b 762c2769 - f54adbe1 6da21d72 } [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { deb5ef2b 762c2769 - f54adbe1 6da21d72} / 00000000, nego = -1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE I (5)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_nonce: Start, nonce[0..32] = 271ceae4 0af418ef ... [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_ke: Ke[0..128] = d92976c6 1cbf1374 ... [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_hash: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_dh_compute_synch: Requested DH group 2 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] Peer public key has length 128 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: DH Compute Secs [0] USecs [5784] [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: Computed DH using hardware [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = ipv4(any:0,[0..3]=2.2.2.2) -> 1.1.1.1:500, id = No Id [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_find_pre_shared_key: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = true, local = true [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_status_n: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_encrypt: Marking encryption for packet [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM final I (7) [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0xdeb5ef2b 762c2769 - f54adbe1 6da21d72 } / 00000000, nego = -1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 92 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { deb5ef2b 762c2769 - f54adbe1 6da21d72}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { deb5ef2b 762c2769 - f54adbe1 6da21d72 } [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { deb5ef2b 762c2769 - f54adbe1 6da21d72 } / 00000000, remote = 1.1.1.1:500 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { deb5ef2b 762c2769 - f54adbe1 6da21d72 } [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { deb5ef2b 762c2769 - f54adbe1 6da21d72} / 00000000, nego = -1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Decrypting packet [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM final I (7)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_encrypt: Check that packet was encrypted succeeded [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_id: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_hash: Start, hash[0..20] = 4fd04315 f9c134bf ... [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = true, local = false [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_wait_done: Marking for waiting for done [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_all_done: MESSAGE: Phase 1 { 0xdeb5ef2b 762c2769 - 0xf54adbe1 6da21d72 } / 00000000, version = 1.0, xchg = Identity protect, auth_method = Pre shared keys, Initiator, cipher = 3de [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM done I (9) [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_send_notify: Connected, SA = { deb5ef2b 762c2769 - f54adbe1 6da21d72}, nego = -1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_done: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] kmd_ipaddr2ikeid: ipaddr = 1.1.1.1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_pm_id_validate id NOT matched. [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] P1 SA 5696459 stop timer. timer duration 30, reason 1. [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] P1 SA 5696459 start timer. timer duration 0, reason 3. [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_pm_ipsec_spi_allocate: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] Added (spi=0xad0c35c1, protocol=0) entry to the spi table [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_pm_ipsec_spi_allocate: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] Added (spi=0xe299e6ec, protocol=0) entry to the spi table [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect_ipsec: Start, remote_name = :500, flags = 00010000 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Start, SA = { deb5ef2b 762c2769 - f54adbe1 6da21d72} [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Found slot 0, max 1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect_ipsec: SA = { deb5ef2b 762c2769 - f54adbe1 6da21d72}, nego = 0 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_init_qm_negotiation: Start, initiator = 1, message_id = a2989396 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start QM I (14)/-1, exchange = 32, auth_method = phase1, Initiator [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_hash_1: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_sa_proposals: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_nonce: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_qm_nonce_data_len: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_optional_ke: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_dh_generate_sync: Requested DH group 2 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_dh_generate: Generated DH keys using hardware for DH group 2 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [6087] [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_optional_ids: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_qm_optional_id: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_qm_optional_id: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] Construction NHTB payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 P1 SA index 5696459 sa-cfg Colo_VPN [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] Inside iked_get_primary_addr_by_intf_name... AF = 2 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] No address found for interface st0.0 family inet [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_get_interface_primary_ip_by_family:Can Not find family for tunnel interface st0.0 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_nhtb_get_tunnel_ip:Can Not get primary IP for tunnel interface st0.0 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] Could not get local tunnel ip address. Not sending NHTB notify payload for sa-cfg Colo_VPN [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_st_o_encrypt: Marking encryption for packet [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = QM HASH SA I (16) [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0xdeb5ef2b 762c2769 - f54adbe1 6da21d72 } / a2989396, nego = 0 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_finalize_qm_hash_1: Hash[0..20] = 00723ec5 1d65fc62 ... [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 292 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { deb5ef2b 762c2769 - f54adbe1 6da21d72}, nego = 0, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] P1 SA 5696459 timer expiry. ref cnt 2, timer reason Defer delete timer expired (3), flags 0x30. [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] Initiate IKE P1 SA 5696459 delete. curr ref count 2, del flags 0x2 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_delete_notify_done_cb: For p1 sa index 5696459, ref cnt 2, status: Error ok [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_expire_callback: Start, expire SA = { deb5ef2b 762c2769 - f54adbe1 6da21d72}, nego = -1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Start, SA = { deb5ef2b 762c2769 - f54adbe1 6da21d72} [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Found slot 1, max 2 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_init_info_exchange: Created random message id = 8498195a [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_init_info_exchange: Phase 1 done, use HASH and N or D payload [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0xdeb5ef2b 762c2769 - f54adbe1 6da21d72 } / 8498195a, nego = 1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 84 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_expire_callback: Sending notification to 1.1.1.1:500 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { deb5ef2b 762c2769 - f54adbe1 6da21d72}, nego = 1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_delete_negotiation: Start, SA = { deb5ef2b 762c2769 - f54adbe1 6da21d72}, nego = 1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_info: Start, nego = 1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = 1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_remove_callback: Start, delete SA = { deb5ef2b 762c2769 - f54adbe1 6da21d72}, nego = -1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_delete_negotiation: Start, SA = { deb5ef2b 762c2769 - f54adbe1 6da21d72}, nego = -1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: Deleting tunnel_id: 0 from IKE tunnel table [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: The tunnel id: 0 doesn't exist in IKE tunnel table [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_sa_delete: Start, SA = { deb5ef2b 762c2769 - f54adbe1 6da21d72 } [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_qm: Start, nego = 0 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = 0 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 4 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 4 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_isakmp: Start, nego = -1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = -1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ikev2_fb_isakmp_sa_freed: Received notification from the ISAKMP library that the IKE SA ee1400 is freed [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] IKE SA delete called for p1 sa 5696459 (ref cnt 2) local:2.2.2.2, remote:1.1.1.1, IKEv1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] P1 SA 5696459 stop timer. timer duration 0, reason 0. [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] P1 SA 5696459 reference count is not zero (1). Delaying deletion of SA [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 1 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 2 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ike_free_sa: Start [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Freeing fallback negotiation ee5800 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_pm_p1_sa_destroy: p1 sa 5696459 (ref cnt 0), waiting_for_del 0xdf93e0 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_peer_remove_p1sa_entry: Remove p1 sa 5696459 from peer entry 0xee3e00 [May 24 12:32:08][2.2.2.2 <-> 1.1.1.1] iked_peer_entry_patricia_delete:Peer entry 0xee3e00 deleted for local 2.2.2.2:500 and remote 1.1.1.1:500 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 52710193 eae11b6f - 00000000 00000000 } / 00000000, remote = 1.1.1.1:500 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_get_sa: We are responder and this is initiators first packet [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_sa_allocate: Start, SA = { 52710193 eae11b6f - 097a8797 d56fef45 } [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_udp_callback_common: New SA [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_init_isakmp_sa: Start, remote = 1.1.1.1:500, initiator = 0 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_alloc: Allocated fallback negotiation ee5800 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] P1 SA 5696460 start timer. timer duration 30, reason 1. [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: Updating responder IKE cookie [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: Original IKE cookie [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] 00000000: 097a 8797 d56f ef45 .z...o.E [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: New IKE cookie [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] 00000000: 75d1 dfaf 8ba4 cbee u....... [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_fb_st_new_p1_connection_local_addresses: Accepting new Phase-1 negotiation: local=2.2.2.2:500, remote=1.1.1.1:500 (neg ee5800) [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 52710193 eae11b6f - 75d1dfaf 8ba4cbee} / 00000000, nego = -1 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Found 1 proposals [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_t: Start, # trans = 1 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation R (2)/-1, exchange = 2, auth_method = any, Responder [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..28] = 9436e8d6 7174ef9a ... [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..16] = afcad713 68a1f1c9 ... [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..20] = 48656172 74426561 ... [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_proposal: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] iked_pm_phase1_sa_cfg_lookup_by_addr: Found SA-CFG Colo_VPN by ip address for local:2.2.2.2, remote:1.1.1.1 IKEv1 remote_port:500 ksa_cfg_remote_port=0 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sa_select: SA_SELECT: Selecting IKEv1 proposal. [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Comparing 1 input proposals against 1 policy proposals [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Comparing input proposal #1 against policy proposal #1 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Comparing 1 protocol(s) [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Comparing transforms of protocol 1 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Comparing 1 input transforms against 1 policy transforms [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Comparing input transform #1 against policy transform #0 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Transform id 1 matches, comparing attributes [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing 6 input attributes against 6 policy attributes [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 0 against policy attribute 0 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 1 match [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 0 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 1 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 2 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 2 match [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 2 against policy attribute 0 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 2 against policy attribute 1 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 4 match [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 0 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 1 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 2 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 3 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 4 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 5 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 3 match [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input attribute 4 is life type/duration, ignoring [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input attribute 5 is life type/duration, ignoring [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Attributes matched successfully [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Setting life in seconds to 28800 from policy [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Attributes match; selected input transform 0 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Protocols match [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Selected proposal number 1 and transforms for 1 protocols [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Selected transform id 1 for protocol 1 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Proposals match [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_fb_spd_select_sa_cb: Diffie-Hellman group number 2 selected [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_fb_spd_select_sa_cb: Authentication method number 1 selected [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_isakmp_sa_reply: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { 52710193 eae11b6f - 75d1dfaf 8ba4cbee}, nego = -1 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation R (2)/1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_proposal: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_o_sa_values: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_vendor_ids: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM SA R (4) [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x52710193 eae11b6f - 75d1dfaf 8ba4cbee } / 00000000, nego = -1 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 132 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 52710193 eae11b6f - 75d1dfaf 8ba4cbee}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_packet_allocate: Allocated packet e4f000 from freelist [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 52710193 eae11b6f - 75d1dfaf 8ba4cbee } [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 52710193 eae11b6f - 75d1dfaf 8ba4cbee } / 00000000, remote = 1.1.1.1:500 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 52710193 eae11b6f - 75d1dfaf 8ba4cbee } [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 52710193 eae11b6f - 75d1dfaf 8ba4cbee} / 00000000, nego = -1 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA R (4)/-1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_nonce: Start, nonce[0..32] = b4837482 31d693ea ... [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_ke: Ke[0..128] = 6e954304 c6820750 ... [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_o_ke: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] iked_dh_generate_sync: Requested DH group 2 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] iked_dh_generate: Generated DH keys using hardware for DH group 2 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [6140] [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_o_nonce: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_nonce_data_len: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] iked_pm_phase1_sa_cfg_lookup_by_addr: Found SA-CFG Colo_VPN by ip address for local:2.2.2.2, remote:1.1.1.1 IKEv1 remote_port:500 ksa_cfg_remote_port=0 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_find_pre_shared_key: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { 52710193 eae11b6f - 75d1dfaf 8ba4cbee}, nego = -1 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA R (4)/258, exchange = 2, auth_method = pre shared key, Responder [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_o_calc_skeyid: Calculating skeyid [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] iked_dh_compute_synch: Requested DH group 2 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] Peer public key has length 128 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: DH Compute Secs [0] USecs [5329] [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: Computed DH using hardware [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM KE R (6) [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x52710193 eae11b6f - 75d1dfaf 8ba4cbee } / 00000000, nego = -1 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 180 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 52710193 eae11b6f - 75d1dfaf 8ba4cbee}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_packet_allocate: Allocated packet e4f400 from freelist [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 52710193 eae11b6f - 75d1dfaf 8ba4cbee } [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 52710193 eae11b6f - 75d1dfaf 8ba4cbee } / 00000000, remote = 1.1.1.1:500 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 52710193 eae11b6f - 75d1dfaf 8ba4cbee } [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 52710193 eae11b6f - 75d1dfaf 8ba4cbee} / 00000000, nego = -1 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Decrypting packet [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE R (6)/-1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_encrypt: Check that packet was encrypted succeeded [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_id: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_hash: Start, hash[0..20] = 4e97965c ce339097 ... [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = false, local = false [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_id: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { 52710193 eae11b6f - 75d1dfaf 8ba4cbee}, nego = -1 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE R (6)/256, exchange = 2, auth_method = pre shared key, Responder [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_o_hash: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = false, local = true [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_o_status_n: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_o_encrypt: Marking encryption for packet [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_o_wait_done: Marking for waiting for done [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_st_o_all_done: MESSAGE: Phase 1 { 0x52710193 eae11b6f - 0x75d1dfaf 8ba4cbee } / 00000000, version = 1.0, xchg = Identity protect, auth_method = Pre shared keys, Responder, cipher = 3de [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM final R (8) [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x52710193 eae11b6f - 75d1dfaf 8ba4cbee } / 00000000, nego = -1 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 68 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 52710193 eae11b6f - 75d1dfaf 8ba4cbee}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_send_notify: Connected, SA = { 52710193 eae11b6f - 75d1dfaf 8ba4cbee}, nego = -1 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_done: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] kmd_ipaddr2ikeid: ipaddr = 1.1.1.1 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] iked_pm_id_validate id NOT matched. [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] P1 SA 5696460 stop timer. timer duration 30, reason 1. [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] P1 SA 5696460 start timer. timer duration 0, reason 3. [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Freeing fallback negotiation ee5800 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] P1 SA 5696460 timer expiry. ref cnt 1, timer reason Defer delete timer expired (3), flags 0x230. [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] Initiate IKE P1 SA 5696460 delete. curr ref count 1, del flags 0x3 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_delete_done_cb: For p1 sa index 5696460, ref cnt 1, status: Error ok [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_remove_callback: Start, delete SA = { 52710193 eae11b6f - 75d1dfaf 8ba4cbee}, nego = -1 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_delete_negotiation: Start, SA = { 52710193 eae11b6f - 75d1dfaf 8ba4cbee}, nego = -1 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: Deleting tunnel_id: 0 from IKE tunnel table [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: The tunnel id: 0 doesn't exist in IKE tunnel table [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_sa_delete: Start, SA = { 52710193 eae11b6f - 75d1dfaf 8ba4cbee } [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_isakmp: Start, nego = -1 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = -1 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ikev2_fb_isakmp_sa_freed: Received notification from the ISAKMP library that the IKE SA ee1400 is freed [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] IKE SA delete called for p1 sa 5696460 (ref cnt 1) local:2.2.2.2, remote:1.1.1.1, IKEv1 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] P1 SA 5696460 stop timer. timer duration 0, reason 0. [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] iked_pm_p1_sa_destroy: p1 sa 5696460 (ref cnt 0), waiting_for_del 0x0 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 1 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 2 [May 24 12:32:18][2.2.2.2 <-> 1.1.1.1] ike_free_sa: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] Triggering negotiation for Colo_VPN config block [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_callback: lookup peer entry for gateway gw_Colo_VPN, local_port=500, remote_port=500 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_create_peer_entry: Created peer entry 0xee3e00 for local 2.2.2.2:500 remote 1.1.1.1:500 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_fetch_or_create_peer_entry: Create peer entry 0xee3e00 for local 2.2.2.2:500 remote 1.1.1.1:500. gw gw_Colo_VPN, VR id 0 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_callback: FOUND peer entry for gateway gw_Colo_VPN [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] Initiating new P1 SA for gateway gw_Colo_VPN [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696461 start timer. timer duration 30, reason 1. [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_negotiation Set p2_ed in sa_cfg=Colo_VPN [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_peer_insert_p1sa_entry: Insert p1 sa 5696461 in peer entry 0xee3e00 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_negotiation Convert traffic selectors from V1 format to V2 format for narrowing/matching selectors [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_alloc: Allocated fallback negotiation ee5800 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_spd_notify_request: Sending Initial contact [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] IKE SA fill called for negotiation of local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect: Start, remote_name = 1.1.1.1:500, xchg = 2, flags = 00090000 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_sa_allocate: Start, SA = { aa94fdfa 7b7f891e - 00000000 00000000 } [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_init_isakmp_sa: Start, remote = 1.1.1.1:500, initiator = 1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect: SA = { aa94fdfa 7b7f891e - 00000000 00000000}, nego = -1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation I (1)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_sa_proposal: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_vendor_ids: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM SA I (3) [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0xaa94fdfa 7b7f891e - 00000000 00000000 } / 00000000, nego = -1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 144 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { aa94fdfa 7b7f891e - 00000000 00000000}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Not found SA = { aa94fdfa 7b7f891e - 2f1e185e a0b64dda } [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { aa94fdfa 7b7f891e - 2f1e185e a0b64dda } / 00000000, remote = 1.1.1.1:500 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Not found SA = { aa94fdfa 7b7f891e - 2f1e185e a0b64dda } [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find_half: Found half SA = { aa94fdfa 7b7f891e - 00000000 00000000 } [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_get_sa: We are intiator, first response packet [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_sa_upgrade: Start, SA = { aa94fdfa 7b7f891e - 00000000 00000000 } -> { ... - 2f1e185e a0b64dda } [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { aa94fdfa 7b7f891e - 2f1e185e a0b64dda} / 00000000, nego = -1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Found 1 proposals [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_t: Start, # trans = 1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA I (3)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_value: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..28] = 9436e8d6 7174ef9a ... [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..16] = afcad713 68a1f1c9 ... [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..20] = 48656172 74426561 ... [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_ke: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_dh_generate_sync: Requested DH group 2 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_dh_generate: Generated DH keys using hardware for DH group 2 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [6290] [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_nonce: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_nonce_data_len: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM KE I (5) [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0xaa94fdfa 7b7f891e - 2f1e185e a0b64dda } / 00000000, nego = -1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 180 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { aa94fdfa 7b7f891e - 2f1e185e a0b64dda}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { aa94fdfa 7b7f891e - 2f1e185e a0b64dda } [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { aa94fdfa 7b7f891e - 2f1e185e a0b64dda } / 00000000, remote = 1.1.1.1:500 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { aa94fdfa 7b7f891e - 2f1e185e a0b64dda } [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { aa94fdfa 7b7f891e - 2f1e185e a0b64dda} / 00000000, nego = -1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE I (5)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_nonce: Start, nonce[0..32] = d56ef6da 4ea6eb51 ... [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_ke: Ke[0..128] = c8a87185 8b248f2e ... [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_hash: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_dh_compute_synch: Requested DH group 2 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] Peer public key has length 128 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: DH Compute Secs [0] USecs [5480] [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: Computed DH using hardware [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = ipv4(any:0,[0..3]=2.2.2.2) -> 1.1.1.1:500, id = No Id [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_find_pre_shared_key: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = true, local = true [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_status_n: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_encrypt: Marking encryption for packet [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM final I (7) [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0xaa94fdfa 7b7f891e - 2f1e185e a0b64dda } / 00000000, nego = -1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 92 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { aa94fdfa 7b7f891e - 2f1e185e a0b64dda}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { aa94fdfa 7b7f891e - 2f1e185e a0b64dda } [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { aa94fdfa 7b7f891e - 2f1e185e a0b64dda } / 00000000, remote = 1.1.1.1:500 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { aa94fdfa 7b7f891e - 2f1e185e a0b64dda } [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { aa94fdfa 7b7f891e - 2f1e185e a0b64dda} / 00000000, nego = -1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Decrypting packet [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM final I (7)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_encrypt: Check that packet was encrypted succeeded [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_id: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_hash: Start, hash[0..20] = 0b0d7c88 2624afc0 ... [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = true, local = false [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_wait_done: Marking for waiting for done [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_all_done: MESSAGE: Phase 1 { 0xaa94fdfa 7b7f891e - 0x2f1e185e a0b64dda } / 00000000, version = 1.0, xchg = Identity protect, auth_method = Pre shared keys, Initiator, cipher = 3de [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM done I (9) [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_send_notify: Connected, SA = { aa94fdfa 7b7f891e - 2f1e185e a0b64dda}, nego = -1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_done: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] kmd_ipaddr2ikeid: ipaddr = 1.1.1.1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_pm_id_validate id NOT matched. [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696461 stop timer. timer duration 30, reason 1. [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696461 start timer. timer duration 0, reason 3. [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ipsec_spi_allocate: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] Added (spi=0x6f7a87dc, protocol=0) entry to the spi table [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ipsec_spi_allocate: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] Added (spi=0xc39e4abd, protocol=0) entry to the spi table [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect_ipsec: Start, remote_name = :500, flags = 00010000 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Start, SA = { aa94fdfa 7b7f891e - 2f1e185e a0b64dda} [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Found slot 0, max 1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect_ipsec: SA = { aa94fdfa 7b7f891e - 2f1e185e a0b64dda}, nego = 0 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_init_qm_negotiation: Start, initiator = 1, message_id = c73887d1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start QM I (14)/-1, exchange = 32, auth_method = phase1, Initiator [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_hash_1: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_sa_proposals: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_nonce: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_qm_nonce_data_len: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_optional_ke: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_dh_generate_sync: Requested DH group 2 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_dh_generate: Generated DH keys using hardware for DH group 2 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [5945] [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_optional_ids: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_qm_optional_id: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_qm_optional_id: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] Construction NHTB payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 P1 SA index 5696461 sa-cfg Colo_VPN [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] Inside iked_get_primary_addr_by_intf_name... AF = 2 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] No address found for interface st0.0 family inet [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_get_interface_primary_ip_by_family:Can Not find family for tunnel interface st0.0 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_nhtb_get_tunnel_ip:Can Not get primary IP for tunnel interface st0.0 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] Could not get local tunnel ip address. Not sending NHTB notify payload for sa-cfg Colo_VPN [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_encrypt: Marking encryption for packet [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = QM HASH SA I (16) [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0xaa94fdfa 7b7f891e - 2f1e185e a0b64dda } / c73887d1, nego = 0 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_finalize_qm_hash_1: Hash[0..20] = 494da73e 51441cdb ... [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 292 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { aa94fdfa 7b7f891e - 2f1e185e a0b64dda}, nego = 0, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696461 timer expiry. ref cnt 2, timer reason Defer delete timer expired (3), flags 0x30. [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] Initiate IKE P1 SA 5696461 delete. curr ref count 2, del flags 0x2 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_delete_notify_done_cb: For p1 sa index 5696461, ref cnt 2, status: Error ok [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_expire_callback: Start, expire SA = { aa94fdfa 7b7f891e - 2f1e185e a0b64dda}, nego = -1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Start, SA = { aa94fdfa 7b7f891e - 2f1e185e a0b64dda} [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Found slot 1, max 2 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_init_info_exchange: Created random message id = 51fb02dc [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_init_info_exchange: Phase 1 done, use HASH and N or D payload [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0xaa94fdfa 7b7f891e - 2f1e185e a0b64dda } / 51fb02dc, nego = 1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 84 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_expire_callback: Sending notification to 1.1.1.1:500 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { aa94fdfa 7b7f891e - 2f1e185e a0b64dda}, nego = 1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_delete_negotiation: Start, SA = { aa94fdfa 7b7f891e - 2f1e185e a0b64dda}, nego = 1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_info: Start, nego = 1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = 1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_remove_callback: Start, delete SA = { aa94fdfa 7b7f891e - 2f1e185e a0b64dda}, nego = -1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_delete_negotiation: Start, SA = { aa94fdfa 7b7f891e - 2f1e185e a0b64dda}, nego = -1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: Deleting tunnel_id: 0 from IKE tunnel table [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: The tunnel id: 0 doesn't exist in IKE tunnel table [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_sa_delete: Start, SA = { aa94fdfa 7b7f891e - 2f1e185e a0b64dda } [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_qm: Start, nego = 0 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = 0 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 4 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 4 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_isakmp: Start, nego = -1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = -1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ikev2_fb_isakmp_sa_freed: Received notification from the ISAKMP library that the IKE SA ee1400 is freed [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] IKE SA delete called for p1 sa 5696461 (ref cnt 2) local:2.2.2.2, remote:1.1.1.1, IKEv1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696461 stop timer. timer duration 0, reason 0. [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696461 reference count is not zero (1). Delaying deletion of SA [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 1 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 2 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ike_free_sa: Start [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Freeing fallback negotiation ee5800 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_pm_p1_sa_destroy: p1 sa 5696461 (ref cnt 0), waiting_for_del 0xe70a20 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_peer_remove_p1sa_entry: Remove p1 sa 5696461 from peer entry 0xee3e00 [May 24 12:32:32][2.2.2.2 <-> 1.1.1.1] iked_peer_entry_patricia_delete:Peer entry 0xee3e00 deleted for local 2.2.2.2:500 and remote 1.1.1.1:500 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 7fcd0f41 63d420d7 - 00000000 00000000 } / 00000000, remote = 1.1.1.1:500 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_get_sa: We are responder and this is initiators first packet [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_sa_allocate: Start, SA = { 7fcd0f41 63d420d7 - a4ba5bef ff740b4e } [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_udp_callback_common: New SA [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_init_isakmp_sa: Start, remote = 1.1.1.1:500, initiator = 0 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_alloc: Allocated fallback negotiation ee5800 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] P1 SA 5696462 start timer. timer duration 30, reason 1. [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: Updating responder IKE cookie [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: Original IKE cookie [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] 00000000: a4ba 5bef ff74 0b4e ..[..t.N [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: New IKE cookie [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] 00000000: 706e 327e b90d 9824 pn2~...$ [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_fb_st_new_p1_connection_local_addresses: Accepting new Phase-1 negotiation: local=2.2.2.2:500, remote=1.1.1.1:500 (neg ee5800) [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 7fcd0f41 63d420d7 - 706e327e b90d9824} / 00000000, nego = -1 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Start [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Found 1 proposals [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_t: Start, # trans = 1 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation R (2)/-1, exchange = 2, auth_method = any, Responder [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..28] = 9436e8d6 7174ef9a ... [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..16] = afcad713 68a1f1c9 ... [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..20] = 48656172 74426561 ... [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_proposal: Start [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] iked_pm_phase1_sa_cfg_lookup_by_addr: Found SA-CFG Colo_VPN by ip address for local:2.2.2.2, remote:1.1.1.1 IKEv1 remote_port:500 ksa_cfg_remote_port=0 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sa_select: SA_SELECT: Selecting IKEv1 proposal. [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Comparing 1 input proposals against 1 policy proposals [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Comparing input proposal #1 against policy proposal #1 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Comparing 1 protocol(s) [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Comparing transforms of protocol 1 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Comparing 1 input transforms against 1 policy transforms [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Comparing input transform #1 against policy transform #0 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Transform id 1 matches, comparing attributes [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing 6 input attributes against 6 policy attributes [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 0 against policy attribute 0 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 1 match [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 0 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 1 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 2 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 2 match [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 2 against policy attribute 0 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 2 against policy attribute 1 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 4 match [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 0 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 1 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 2 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 3 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 4 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 5 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 3 match [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input attribute 4 is life type/duration, ignoring [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input attribute 5 is life type/duration, ignoring [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Attributes matched successfully [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Setting life in seconds to 28800 from policy [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Attributes match; selected input transform 0 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Protocols match [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Selected proposal number 1 and transforms for 1 protocols [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Selected transform id 1 for protocol 1 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Proposals match [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_fb_spd_select_sa_cb: Diffie-Hellman group number 2 selected [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_fb_spd_select_sa_cb: Authentication method number 1 selected [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_isakmp_sa_reply: Start [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { 7fcd0f41 63d420d7 - 706e327e b90d9824}, nego = -1 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation R (2)/1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_proposal: Start [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_st_o_sa_values: Start [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_vendor_ids: Start [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM SA R (4) [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x7fcd0f41 63d420d7 - 706e327e b90d9824 } / 00000000, nego = -1 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 132 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 7fcd0f41 63d420d7 - 706e327e b90d9824}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_packet_allocate: Allocated packet e50800 from freelist [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 7fcd0f41 63d420d7 - 706e327e b90d9824 } [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 7fcd0f41 63d420d7 - 706e327e b90d9824 } / 00000000, remote = 1.1.1.1:500 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 7fcd0f41 63d420d7 - 706e327e b90d9824 } [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 7fcd0f41 63d420d7 - 706e327e b90d9824} / 00000000, nego = -1 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA R (4)/-1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_st_i_nonce: Start, nonce[0..32] = 42330a83 401dbdc2 ... [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_st_i_ke: Ke[0..128] = 77f05a24 57a3014b ... [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_st_o_ke: Start [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] iked_dh_generate_sync: Requested DH group 2 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] iked_dh_generate: Generated DH keys using hardware for DH group 2 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [6176] [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_st_o_nonce: Start [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_nonce_data_len: Start [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] iked_pm_phase1_sa_cfg_lookup_by_addr: Found SA-CFG Colo_VPN by ip address for local:2.2.2.2, remote:1.1.1.1 IKEv1 remote_port:500 ksa_cfg_remote_port=0 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_find_pre_shared_key: Start [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { 7fcd0f41 63d420d7 - 706e327e b90d9824}, nego = -1 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA R (4)/258, exchange = 2, auth_method = pre shared key, Responder [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_st_o_calc_skeyid: Calculating skeyid [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] iked_dh_compute_synch: Requested DH group 2 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] Peer public key has length 128 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: DH Compute Secs [0] USecs [5333] [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: Computed DH using hardware [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM KE R (6) [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x7fcd0f41 63d420d7 - 706e327e b90d9824 } / 00000000, nego = -1 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 180 [May 24 12:32:56][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 7fcd0f41 63d420d7 - 706e327e b90d9824}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ikev2_packet_allocate: Allocated packet e50c00 from freelist [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 7fcd0f41 63d420d7 - 706e327e b90d9824 } [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 7fcd0f41 63d420d7 - 706e327e b90d9824 } / 00000000, remote = 1.1.1.1:500 [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 7fcd0f41 63d420d7 - 706e327e b90d9824 } [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 7fcd0f41 63d420d7 - 706e327e b90d9824} / 00000000, nego = -1 [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Decrypting packet [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE R (6)/-1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_st_i_encrypt: Check that packet was encrypted succeeded [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_st_i_id: Start [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_st_i_hash: Start, hash[0..20] = 4cee5b8f 0db55dff ... [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = false, local = false [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_id: Start [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { 7fcd0f41 63d420d7 - 706e327e b90d9824}, nego = -1 [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE R (6)/256, exchange = 2, auth_method = pre shared key, Responder [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_st_o_hash: Start [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = false, local = true [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_st_o_status_n: Start [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_st_o_encrypt: Marking encryption for packet [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_st_o_wait_done: Marking for waiting for done [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_st_o_all_done: MESSAGE: Phase 1 { 0x7fcd0f41 63d420d7 - 0x706e327e b90d9824 } / 00000000, version = 1.0, xchg = Identity protect, auth_method = Pre shared keys, Responder, cipher = 3de [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM final R (8) [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x7fcd0f41 63d420d7 - 706e327e b90d9824 } / 00000000, nego = -1 [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 68 [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 7fcd0f41 63d420d7 - 706e327e b90d9824}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_send_notify: Connected, SA = { 7fcd0f41 63d420d7 - 706e327e b90d9824}, nego = -1 [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_done: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] kmd_ipaddr2ikeid: ipaddr = 1.1.1.1 [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] iked_pm_id_validate id NOT matched. [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] P1 SA 5696462 stop timer. timer duration 30, reason 1. [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] P1 SA 5696462 start timer. timer duration 0, reason 3. [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Freeing fallback negotiation ee5800 [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] P1 SA 5696462 timer expiry. ref cnt 1, timer reason Defer delete timer expired (3), flags 0x230. [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] Initiate IKE P1 SA 5696462 delete. curr ref count 1, del flags 0x3 [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_delete_done_cb: For p1 sa index 5696462, ref cnt 1, status: Error ok [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_remove_callback: Start, delete SA = { 7fcd0f41 63d420d7 - 706e327e b90d9824}, nego = -1 [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_delete_negotiation: Start, SA = { 7fcd0f41 63d420d7 - 706e327e b90d9824}, nego = -1 [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: Deleting tunnel_id: 0 from IKE tunnel table [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: The tunnel id: 0 doesn't exist in IKE tunnel table [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_sa_delete: Start, SA = { 7fcd0f41 63d420d7 - 706e327e b90d9824 } [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_isakmp: Start, nego = -1 [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = -1 [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ikev2_fb_isakmp_sa_freed: Received notification from the ISAKMP library that the IKE SA ee1400 is freed [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] IKE SA delete called for p1 sa 5696462 (ref cnt 1) local:2.2.2.2, remote:1.1.1.1, IKEv1 [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] P1 SA 5696462 stop timer. timer duration 0, reason 0. [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] iked_pm_p1_sa_destroy: p1 sa 5696462 (ref cnt 0), waiting_for_del 0x0 [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 1 [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 2 [May 24 12:32:57][2.2.2.2 <-> 1.1.1.1] ike_free_sa: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] Triggering negotiation for Colo_VPN config block [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_callback: lookup peer entry for gateway gw_Colo_VPN, local_port=500, remote_port=500 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_create_peer_entry: Created peer entry 0xee3e00 for local 2.2.2.2:500 remote 1.1.1.1:500 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_fetch_or_create_peer_entry: Create peer entry 0xee3e00 for local 2.2.2.2:500 remote 1.1.1.1:500. gw gw_Colo_VPN, VR id 0 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_callback: FOUND peer entry for gateway gw_Colo_VPN [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] Initiating new P1 SA for gateway gw_Colo_VPN [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696463 start timer. timer duration 30, reason 1. [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_negotiation Set p2_ed in sa_cfg=Colo_VPN [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_peer_insert_p1sa_entry: Insert p1 sa 5696463 in peer entry 0xee3e00 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_negotiation Convert traffic selectors from V1 format to V2 format for narrowing/matching selectors [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_alloc: Allocated fallback negotiation ee5800 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_spd_notify_request: Sending Initial contact [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] IKE SA fill called for negotiation of local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect: Start, remote_name = 1.1.1.1:500, xchg = 2, flags = 00090000 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_sa_allocate: Start, SA = { 8f56e6b2 371203dc - 00000000 00000000 } [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_init_isakmp_sa: Start, remote = 1.1.1.1:500, initiator = 1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect: SA = { 8f56e6b2 371203dc - 00000000 00000000}, nego = -1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation I (1)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_sa_proposal: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_vendor_ids: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM SA I (3) [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x8f56e6b2 371203dc - 00000000 00000000 } / 00000000, nego = -1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 144 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 8f56e6b2 371203dc - 00000000 00000000}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Not found SA = { 8f56e6b2 371203dc - 24f6d65a 272fa16d } [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 8f56e6b2 371203dc - 24f6d65a 272fa16d } / 00000000, remote = 1.1.1.1:500 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Not found SA = { 8f56e6b2 371203dc - 24f6d65a 272fa16d } [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find_half: Found half SA = { 8f56e6b2 371203dc - 00000000 00000000 } [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_get_sa: We are intiator, first response packet [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_sa_upgrade: Start, SA = { 8f56e6b2 371203dc - 00000000 00000000 } -> { ... - 24f6d65a 272fa16d } [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 8f56e6b2 371203dc - 24f6d65a 272fa16d} / 00000000, nego = -1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Found 1 proposals [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_t: Start, # trans = 1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA I (3)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_value: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..28] = 9436e8d6 7174ef9a ... [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..16] = afcad713 68a1f1c9 ... [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..20] = 48656172 74426561 ... [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_ke: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_dh_generate_sync: Requested DH group 2 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_dh_generate: Generated DH keys using hardware for DH group 2 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [7307] [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_nonce: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_nonce_data_len: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM KE I (5) [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x8f56e6b2 371203dc - 24f6d65a 272fa16d } / 00000000, nego = -1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 180 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 8f56e6b2 371203dc - 24f6d65a 272fa16d}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 8f56e6b2 371203dc - 24f6d65a 272fa16d } [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 8f56e6b2 371203dc - 24f6d65a 272fa16d } / 00000000, remote = 1.1.1.1:500 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 8f56e6b2 371203dc - 24f6d65a 272fa16d } [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 8f56e6b2 371203dc - 24f6d65a 272fa16d} / 00000000, nego = -1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE I (5)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_nonce: Start, nonce[0..32] = cfd9efc9 adbf8456 ... [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_ke: Ke[0..128] = 87845ffb fc34d914 ... [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_hash: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_dh_compute_synch: Requested DH group 2 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] Peer public key has length 128 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: DH Compute Secs [0] USecs [5272] [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: Computed DH using hardware [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = ipv4(any:0,[0..3]=2.2.2.2) -> 1.1.1.1:500, id = No Id [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_find_pre_shared_key: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = true, local = true [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_status_n: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_encrypt: Marking encryption for packet [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM final I (7) [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x8f56e6b2 371203dc - 24f6d65a 272fa16d } / 00000000, nego = -1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 92 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 8f56e6b2 371203dc - 24f6d65a 272fa16d}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 8f56e6b2 371203dc - 24f6d65a 272fa16d } [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 8f56e6b2 371203dc - 24f6d65a 272fa16d } / 00000000, remote = 1.1.1.1:500 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 8f56e6b2 371203dc - 24f6d65a 272fa16d } [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 8f56e6b2 371203dc - 24f6d65a 272fa16d} / 00000000, nego = -1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Decrypting packet [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM final I (7)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_encrypt: Check that packet was encrypted succeeded [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_id: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_hash: Start, hash[0..20] = 0e44fb53 f6f0c7a5 ... [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = true, local = false [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_wait_done: Marking for waiting for done [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_all_done: MESSAGE: Phase 1 { 0x8f56e6b2 371203dc - 0x24f6d65a 272fa16d } / 00000000, version = 1.0, xchg = Identity protect, auth_method = Pre shared keys, Initiator, cipher = 3de [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM done I (9) [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_send_notify: Connected, SA = { 8f56e6b2 371203dc - 24f6d65a 272fa16d}, nego = -1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_done: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] kmd_ipaddr2ikeid: ipaddr = 1.1.1.1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_pm_id_validate id NOT matched. [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696463 stop timer. timer duration 30, reason 1. [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696463 start timer. timer duration 0, reason 3. [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ipsec_spi_allocate: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] Added (spi=0x2cc5993a, protocol=0) entry to the spi table [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ipsec_spi_allocate: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] Added (spi=0xc2404726, protocol=0) entry to the spi table [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect_ipsec: Start, remote_name = :500, flags = 00010000 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Start, SA = { 8f56e6b2 371203dc - 24f6d65a 272fa16d} [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Found slot 0, max 1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect_ipsec: SA = { 8f56e6b2 371203dc - 24f6d65a 272fa16d}, nego = 0 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_init_qm_negotiation: Start, initiator = 1, message_id = 9730b256 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start QM I (14)/-1, exchange = 32, auth_method = phase1, Initiator [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_hash_1: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_sa_proposals: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_nonce: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_qm_nonce_data_len: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_optional_ke: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_dh_generate_sync: Requested DH group 2 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_dh_generate: Generated DH keys using hardware for DH group 2 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [6307] [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_optional_ids: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_qm_optional_id: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_qm_optional_id: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] Construction NHTB payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 P1 SA index 5696463 sa-cfg Colo_VPN [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] Inside iked_get_primary_addr_by_intf_name... AF = 2 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] No address found for interface st0.0 family inet [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_get_interface_primary_ip_by_family:Can Not find family for tunnel interface st0.0 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_nhtb_get_tunnel_ip:Can Not get primary IP for tunnel interface st0.0 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] Could not get local tunnel ip address. Not sending NHTB notify payload for sa-cfg Colo_VPN [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_encrypt: Marking encryption for packet [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = QM HASH SA I (16) [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x8f56e6b2 371203dc - 24f6d65a 272fa16d } / 9730b256, nego = 0 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_finalize_qm_hash_1: Hash[0..20] = 31e2f4a2 6fa3665a ... [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 292 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 8f56e6b2 371203dc - 24f6d65a 272fa16d}, nego = 0, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696463 timer expiry. ref cnt 2, timer reason Defer delete timer expired (3), flags 0x30. [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] Initiate IKE P1 SA 5696463 delete. curr ref count 2, del flags 0x2 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_delete_notify_done_cb: For p1 sa index 5696463, ref cnt 2, status: Error ok [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_expire_callback: Start, expire SA = { 8f56e6b2 371203dc - 24f6d65a 272fa16d}, nego = -1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Start, SA = { 8f56e6b2 371203dc - 24f6d65a 272fa16d} [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Found slot 1, max 2 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_init_info_exchange: Created random message id = d5f00b93 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_init_info_exchange: Phase 1 done, use HASH and N or D payload [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x8f56e6b2 371203dc - 24f6d65a 272fa16d } / d5f00b93, nego = 1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 84 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_expire_callback: Sending notification to 1.1.1.1:500 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 8f56e6b2 371203dc - 24f6d65a 272fa16d}, nego = 1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_delete_negotiation: Start, SA = { 8f56e6b2 371203dc - 24f6d65a 272fa16d}, nego = 1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_info: Start, nego = 1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = 1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_remove_callback: Start, delete SA = { 8f56e6b2 371203dc - 24f6d65a 272fa16d}, nego = -1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_delete_negotiation: Start, SA = { 8f56e6b2 371203dc - 24f6d65a 272fa16d}, nego = -1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: Deleting tunnel_id: 0 from IKE tunnel table [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: The tunnel id: 0 doesn't exist in IKE tunnel table [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_sa_delete: Start, SA = { 8f56e6b2 371203dc - 24f6d65a 272fa16d } [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_qm: Start, nego = 0 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = 0 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 4 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 4 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_isakmp: Start, nego = -1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = -1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ikev2_fb_isakmp_sa_freed: Received notification from the ISAKMP library that the IKE SA ee1400 is freed [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] IKE SA delete called for p1 sa 5696463 (ref cnt 2) local:2.2.2.2, remote:1.1.1.1, IKEv1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696463 stop timer. timer duration 0, reason 0. [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696463 reference count is not zero (1). Delaying deletion of SA [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 1 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 2 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ike_free_sa: Start [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Freeing fallback negotiation ee5800 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_pm_p1_sa_destroy: p1 sa 5696463 (ref cnt 0), waiting_for_del 0xe709e0 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_peer_remove_p1sa_entry: Remove p1 sa 5696463 from peer entry 0xee3e00 [May 24 12:33:32][2.2.2.2 <-> 1.1.1.1] iked_peer_entry_patricia_delete:Peer entry 0xee3e00 deleted for local 2.2.2.2:500 and remote 1.1.1.1:500 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { a3103a14 3f7c0ed9 - 00000000 00000000 } / 00000000, remote = 1.1.1.1:500 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_get_sa: We are responder and this is initiators first packet [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_sa_allocate: Start, SA = { a3103a14 3f7c0ed9 - e55197f3 0e1145c3 } [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_udp_callback_common: New SA [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_init_isakmp_sa: Start, remote = 1.1.1.1:500, initiator = 0 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_alloc: Allocated fallback negotiation ee5800 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] P1 SA 5696464 start timer. timer duration 30, reason 1. [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: Updating responder IKE cookie [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: Original IKE cookie [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] 00000000: e551 97f3 0e11 45c3 .Q....E. [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: New IKE cookie [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] 00000000: 1dc3 fd48 4a81 c28a ...HJ... [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_fb_st_new_p1_connection_local_addresses: Accepting new Phase-1 negotiation: local=2.2.2.2:500, remote=1.1.1.1:500 (neg ee5800) [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { a3103a14 3f7c0ed9 - 1dc3fd48 4a81c28a} / 00000000, nego = -1 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Found 1 proposals [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_t: Start, # trans = 1 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation R (2)/-1, exchange = 2, auth_method = any, Responder [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..28] = 9436e8d6 7174ef9a ... [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..16] = afcad713 68a1f1c9 ... [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..20] = 48656172 74426561 ... [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_proposal: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] iked_pm_phase1_sa_cfg_lookup_by_addr: Found SA-CFG Colo_VPN by ip address for local:2.2.2.2, remote:1.1.1.1 IKEv1 remote_port:500 ksa_cfg_remote_port=0 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sa_select: SA_SELECT: Selecting IKEv1 proposal. [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Comparing 1 input proposals against 1 policy proposals [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Comparing input proposal #1 against policy proposal #1 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Comparing 1 protocol(s) [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Comparing transforms of protocol 1 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Comparing 1 input transforms against 1 policy transforms [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Comparing input transform #1 against policy transform #0 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Transform id 1 matches, comparing attributes [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing 6 input attributes against 6 policy attributes [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 0 against policy attribute 0 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 1 match [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 0 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 1 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 2 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 2 match [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 2 against policy attribute 0 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 2 against policy attribute 1 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 4 match [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 0 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 1 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 2 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 3 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 4 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 5 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 3 match [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input attribute 4 is life type/duration, ignoring [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input attribute 5 is life type/duration, ignoring [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Attributes matched successfully [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Setting life in seconds to 28800 from policy [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Attributes match; selected input transform 0 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Protocols match [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Selected proposal number 1 and transforms for 1 protocols [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Selected transform id 1 for protocol 1 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Proposals match [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_fb_spd_select_sa_cb: Diffie-Hellman group number 2 selected [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_fb_spd_select_sa_cb: Authentication method number 1 selected [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_isakmp_sa_reply: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { a3103a14 3f7c0ed9 - 1dc3fd48 4a81c28a}, nego = -1 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation R (2)/1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_proposal: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_o_sa_values: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_vendor_ids: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM SA R (4) [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0xa3103a14 3f7c0ed9 - 1dc3fd48 4a81c28a } / 00000000, nego = -1 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 132 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { a3103a14 3f7c0ed9 - 1dc3fd48 4a81c28a}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_packet_allocate: Allocated packet e52000 from freelist [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { a3103a14 3f7c0ed9 - 1dc3fd48 4a81c28a } [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { a3103a14 3f7c0ed9 - 1dc3fd48 4a81c28a } / 00000000, remote = 1.1.1.1:500 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { a3103a14 3f7c0ed9 - 1dc3fd48 4a81c28a } [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { a3103a14 3f7c0ed9 - 1dc3fd48 4a81c28a} / 00000000, nego = -1 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA R (4)/-1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_i_nonce: Start, nonce[0..32] = 7c17098b 6647a65f ... [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_i_ke: Ke[0..128] = 66433117 42f6095c ... [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_o_ke: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] iked_dh_generate_sync: Requested DH group 2 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] iked_dh_generate: Generated DH keys using hardware for DH group 2 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [6262] [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_o_nonce: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_nonce_data_len: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] iked_pm_phase1_sa_cfg_lookup_by_addr: Found SA-CFG Colo_VPN by ip address for local:2.2.2.2, remote:1.1.1.1 IKEv1 remote_port:500 ksa_cfg_remote_port=0 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_find_pre_shared_key: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { a3103a14 3f7c0ed9 - 1dc3fd48 4a81c28a}, nego = -1 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA R (4)/258, exchange = 2, auth_method = pre shared key, Responder [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_o_calc_skeyid: Calculating skeyid [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] iked_dh_compute_synch: Requested DH group 2 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] Peer public key has length 128 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: DH Compute Secs [0] USecs [5419] [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: Computed DH using hardware [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM KE R (6) [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0xa3103a14 3f7c0ed9 - 1dc3fd48 4a81c28a } / 00000000, nego = -1 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 180 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { a3103a14 3f7c0ed9 - 1dc3fd48 4a81c28a}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_packet_allocate: Allocated packet e52400 from freelist [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { a3103a14 3f7c0ed9 - 1dc3fd48 4a81c28a } [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { a3103a14 3f7c0ed9 - 1dc3fd48 4a81c28a } / 00000000, remote = 1.1.1.1:500 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { a3103a14 3f7c0ed9 - 1dc3fd48 4a81c28a } [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { a3103a14 3f7c0ed9 - 1dc3fd48 4a81c28a} / 00000000, nego = -1 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Decrypting packet [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE R (6)/-1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_i_encrypt: Check that packet was encrypted succeeded [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_i_id: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_i_hash: Start, hash[0..20] = 783a8cb7 5faf272d ... [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = false, local = false [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_id: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { a3103a14 3f7c0ed9 - 1dc3fd48 4a81c28a}, nego = -1 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE R (6)/256, exchange = 2, auth_method = pre shared key, Responder [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_o_hash: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = false, local = true [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_o_status_n: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_o_encrypt: Marking encryption for packet [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_o_wait_done: Marking for waiting for done [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_st_o_all_done: MESSAGE: Phase 1 { 0xa3103a14 3f7c0ed9 - 0x1dc3fd48 4a81c28a } / 00000000, version = 1.0, xchg = Identity protect, auth_method = Pre shared keys, Responder, cipher = 3de [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM final R (8) [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0xa3103a14 3f7c0ed9 - 1dc3fd48 4a81c28a } / 00000000, nego = -1 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 68 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { a3103a14 3f7c0ed9 - 1dc3fd48 4a81c28a}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_send_notify: Connected, SA = { a3103a14 3f7c0ed9 - 1dc3fd48 4a81c28a}, nego = -1 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_done: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] kmd_ipaddr2ikeid: ipaddr = 1.1.1.1 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] iked_pm_id_validate id NOT matched. [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] P1 SA 5696464 stop timer. timer duration 30, reason 1. [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] P1 SA 5696464 start timer. timer duration 0, reason 3. [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Freeing fallback negotiation ee5800 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] P1 SA 5696464 timer expiry. ref cnt 1, timer reason Defer delete timer expired (3), flags 0x230. [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] Initiate IKE P1 SA 5696464 delete. curr ref count 1, del flags 0x3 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_delete_done_cb: For p1 sa index 5696464, ref cnt 1, status: Error ok [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_remove_callback: Start, delete SA = { a3103a14 3f7c0ed9 - 1dc3fd48 4a81c28a}, nego = -1 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_delete_negotiation: Start, SA = { a3103a14 3f7c0ed9 - 1dc3fd48 4a81c28a}, nego = -1 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: Deleting tunnel_id: 0 from IKE tunnel table [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: The tunnel id: 0 doesn't exist in IKE tunnel table [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_sa_delete: Start, SA = { a3103a14 3f7c0ed9 - 1dc3fd48 4a81c28a } [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_isakmp: Start, nego = -1 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = -1 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ikev2_fb_isakmp_sa_freed: Received notification from the ISAKMP library that the IKE SA ee1400 is freed [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] IKE SA delete called for p1 sa 5696464 (ref cnt 1) local:2.2.2.2, remote:1.1.1.1, IKEv1 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] P1 SA 5696464 stop timer. timer duration 0, reason 0. [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] iked_pm_p1_sa_destroy: p1 sa 5696464 (ref cnt 0), waiting_for_del 0x0 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 1 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 2 [May 24 12:33:38][2.2.2.2 <-> 1.1.1.1] ike_free_sa: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 158fb672 84796273 - 00000000 00000000 } / 00000000, remote = 1.1.1.1:500 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_get_sa: We are responder and this is initiators first packet [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_sa_allocate: Start, SA = { 158fb672 84796273 - 2879a341 e6dfd026 } [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_udp_callback_common: New SA [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_init_isakmp_sa: Start, remote = 1.1.1.1:500, initiator = 0 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_alloc: Allocated fallback negotiation ee5800 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] P1 SA 5696465 start timer. timer duration 30, reason 1. [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: Updating responder IKE cookie [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: Original IKE cookie [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] 00000000: 2879 a341 e6df d026 (y.A...& [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: New IKE cookie [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] 00000000: 2aca d08f a433 d060 *....3.` [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_fb_st_new_p1_connection_local_addresses: Accepting new Phase-1 negotiation: local=2.2.2.2:500, remote=1.1.1.1:500 (neg ee5800) [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 158fb672 84796273 - 2acad08f a433d060} / 00000000, nego = -1 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Found 1 proposals [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_t: Start, # trans = 1 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation R (2)/-1, exchange = 2, auth_method = any, Responder [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..28] = 9436e8d6 7174ef9a ... [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..16] = afcad713 68a1f1c9 ... [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..20] = 48656172 74426561 ... [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_proposal: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] iked_pm_phase1_sa_cfg_lookup_by_addr: Found SA-CFG Colo_VPN by ip address for local:2.2.2.2, remote:1.1.1.1 IKEv1 remote_port:500 ksa_cfg_remote_port=0 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sa_select: SA_SELECT: Selecting IKEv1 proposal. [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Comparing 1 input proposals against 1 policy proposals [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Comparing input proposal #1 against policy proposal #1 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Comparing 1 protocol(s) [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Comparing transforms of protocol 1 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Comparing 1 input transforms against 1 policy transforms [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Comparing input transform #1 against policy transform #0 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Transform id 1 matches, comparing attributes [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing 6 input attributes against 6 policy attributes [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 0 against policy attribute 0 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 1 match [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 0 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 1 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 2 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 2 match [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 2 against policy attribute 0 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 2 against policy attribute 1 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 4 match [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 0 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 1 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 2 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 3 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 4 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 5 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 3 match [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input attribute 4 is life type/duration, ignoring [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input attribute 5 is life type/duration, ignoring [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Attributes matched successfully [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Setting life in seconds to 28800 from policy [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Attributes match; selected input transform 0 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Protocols match [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Selected proposal number 1 and transforms for 1 protocols [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Selected transform id 1 for protocol 1 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Proposals match [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_fb_spd_select_sa_cb: Diffie-Hellman group number 2 selected [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_fb_spd_select_sa_cb: Authentication method number 1 selected [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_isakmp_sa_reply: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { 158fb672 84796273 - 2acad08f a433d060}, nego = -1 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation R (2)/1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_proposal: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_o_sa_values: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_vendor_ids: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM SA R (4) [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x158fb672 84796273 - 2acad08f a433d060 } / 00000000, nego = -1 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 132 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 158fb672 84796273 - 2acad08f a433d060}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_packet_allocate: Allocated packet e52c00 from freelist [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 158fb672 84796273 - 2acad08f a433d060 } [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 158fb672 84796273 - 2acad08f a433d060 } / 00000000, remote = 1.1.1.1:500 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 158fb672 84796273 - 2acad08f a433d060 } [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 158fb672 84796273 - 2acad08f a433d060} / 00000000, nego = -1 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA R (4)/-1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_i_nonce: Start, nonce[0..32] = 2a11dbaa af347f12 ... [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_i_ke: Ke[0..128] = d5d40f0c a88c1bd0 ... [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_o_ke: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] iked_dh_generate_sync: Requested DH group 2 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] iked_dh_generate: Generated DH keys using hardware for DH group 2 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [6043] [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_o_nonce: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_nonce_data_len: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] iked_pm_phase1_sa_cfg_lookup_by_addr: Found SA-CFG Colo_VPN by ip address for local:2.2.2.2, remote:1.1.1.1 IKEv1 remote_port:500 ksa_cfg_remote_port=0 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_find_pre_shared_key: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { 158fb672 84796273 - 2acad08f a433d060}, nego = -1 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA R (4)/258, exchange = 2, auth_method = pre shared key, Responder [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_o_calc_skeyid: Calculating skeyid [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] iked_dh_compute_synch: Requested DH group 2 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] Peer public key has length 128 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: DH Compute Secs [0] USecs [5747] [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: Computed DH using hardware [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM KE R (6) [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x158fb672 84796273 - 2acad08f a433d060 } / 00000000, nego = -1 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 180 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 158fb672 84796273 - 2acad08f a433d060}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_packet_allocate: Allocated packet e53000 from freelist [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 158fb672 84796273 - 2acad08f a433d060 } [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 158fb672 84796273 - 2acad08f a433d060 } / 00000000, remote = 1.1.1.1:500 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 158fb672 84796273 - 2acad08f a433d060 } [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 158fb672 84796273 - 2acad08f a433d060} / 00000000, nego = -1 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Decrypting packet [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE R (6)/-1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_i_encrypt: Check that packet was encrypted succeeded [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_i_id: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_i_hash: Start, hash[0..20] = 41c8721d 326e28bc ... [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = false, local = false [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_id: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { 158fb672 84796273 - 2acad08f a433d060}, nego = -1 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE R (6)/256, exchange = 2, auth_method = pre shared key, Responder [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_o_hash: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = false, local = true [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_o_status_n: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_o_encrypt: Marking encryption for packet [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_o_wait_done: Marking for waiting for done [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_st_o_all_done: MESSAGE: Phase 1 { 0x158fb672 84796273 - 0x2acad08f a433d060 } / 00000000, version = 1.0, xchg = Identity protect, auth_method = Pre shared keys, Responder, cipher = 3de [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM final R (8) [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x158fb672 84796273 - 2acad08f a433d060 } / 00000000, nego = -1 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 68 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 158fb672 84796273 - 2acad08f a433d060}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_send_notify: Connected, SA = { 158fb672 84796273 - 2acad08f a433d060}, nego = -1 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_done: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] kmd_ipaddr2ikeid: ipaddr = 1.1.1.1 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] iked_pm_id_validate id NOT matched. [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] P1 SA 5696465 stop timer. timer duration 30, reason 1. [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] P1 SA 5696465 start timer. timer duration 0, reason 3. [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Freeing fallback negotiation ee5800 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] P1 SA 5696465 timer expiry. ref cnt 1, timer reason Defer delete timer expired (3), flags 0x230. [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] Initiate IKE P1 SA 5696465 delete. curr ref count 1, del flags 0x3 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_delete_done_cb: For p1 sa index 5696465, ref cnt 1, status: Error ok [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_remove_callback: Start, delete SA = { 158fb672 84796273 - 2acad08f a433d060}, nego = -1 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_delete_negotiation: Start, SA = { 158fb672 84796273 - 2acad08f a433d060}, nego = -1 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: Deleting tunnel_id: 0 from IKE tunnel table [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: The tunnel id: 0 doesn't exist in IKE tunnel table [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_sa_delete: Start, SA = { 158fb672 84796273 - 2acad08f a433d060 } [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_isakmp: Start, nego = -1 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = -1 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ikev2_fb_isakmp_sa_freed: Received notification from the ISAKMP library that the IKE SA ee1400 is freed [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] IKE SA delete called for p1 sa 5696465 (ref cnt 1) local:2.2.2.2, remote:1.1.1.1, IKEv1 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] P1 SA 5696465 stop timer. timer duration 0, reason 0. [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] iked_pm_p1_sa_destroy: p1 sa 5696465 (ref cnt 0), waiting_for_del 0x0 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 1 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 2 [May 24 12:34:13][2.2.2.2 <-> 1.1.1.1] ike_free_sa: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] Triggering negotiation for Colo_VPN config block [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_callback: lookup peer entry for gateway gw_Colo_VPN, local_port=500, remote_port=500 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_create_peer_entry: Created peer entry 0xee3e00 for local 2.2.2.2:500 remote 1.1.1.1:500 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_fetch_or_create_peer_entry: Create peer entry 0xee3e00 for local 2.2.2.2:500 remote 1.1.1.1:500. gw gw_Colo_VPN, VR id 0 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_callback: FOUND peer entry for gateway gw_Colo_VPN [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] Initiating new P1 SA for gateway gw_Colo_VPN [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696466 start timer. timer duration 30, reason 1. [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_negotiation Set p2_ed in sa_cfg=Colo_VPN [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_peer_insert_p1sa_entry: Insert p1 sa 5696466 in peer entry 0xee3e00 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_pm_trigger_negotiation Convert traffic selectors from V1 format to V2 format for narrowing/matching selectors [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_alloc: Allocated fallback negotiation ee5800 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_spd_notify_request: Sending Initial contact [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] IKE SA fill called for negotiation of local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect: Start, remote_name = 1.1.1.1:500, xchg = 2, flags = 00090000 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_sa_allocate: Start, SA = { 59e603e9 839c40e2 - 00000000 00000000 } [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_init_isakmp_sa: Start, remote = 1.1.1.1:500, initiator = 1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect: SA = { 59e603e9 839c40e2 - 00000000 00000000}, nego = -1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation I (1)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_sa_proposal: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_vendor_ids: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM SA I (3) [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x59e603e9 839c40e2 - 00000000 00000000 } / 00000000, nego = -1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 144 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 59e603e9 839c40e2 - 00000000 00000000}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Not found SA = { 59e603e9 839c40e2 - eb493ee7 6edbe2b5 } [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 59e603e9 839c40e2 - eb493ee7 6edbe2b5 } / 00000000, remote = 1.1.1.1:500 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Not found SA = { 59e603e9 839c40e2 - eb493ee7 6edbe2b5 } [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find_half: Found half SA = { 59e603e9 839c40e2 - 00000000 00000000 } [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_get_sa: We are intiator, first response packet [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_sa_upgrade: Start, SA = { 59e603e9 839c40e2 - 00000000 00000000 } -> { ... - eb493ee7 6edbe2b5 } [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 59e603e9 839c40e2 - eb493ee7 6edbe2b5} / 00000000, nego = -1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Found 1 proposals [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_t: Start, # trans = 1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA I (3)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_value: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..28] = 9436e8d6 7174ef9a ... [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..16] = afcad713 68a1f1c9 ... [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..20] = 48656172 74426561 ... [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_ke: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_dh_generate_sync: Requested DH group 2 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_dh_generate: Generated DH keys using hardware for DH group 2 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [5969] [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_nonce: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_nonce_data_len: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM KE I (5) [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x59e603e9 839c40e2 - eb493ee7 6edbe2b5 } / 00000000, nego = -1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 180 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 59e603e9 839c40e2 - eb493ee7 6edbe2b5}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 59e603e9 839c40e2 - eb493ee7 6edbe2b5 } [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 59e603e9 839c40e2 - eb493ee7 6edbe2b5 } / 00000000, remote = 1.1.1.1:500 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 59e603e9 839c40e2 - eb493ee7 6edbe2b5 } [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 59e603e9 839c40e2 - eb493ee7 6edbe2b5} / 00000000, nego = -1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE I (5)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_nonce: Start, nonce[0..32] = e044fffd a13aae98 ... [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_ke: Ke[0..128] = 2d7dbea7 cc9a628e ... [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_hash: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_dh_compute_synch: Requested DH group 2 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] Peer public key has length 128 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: DH Compute Secs [0] USecs [5149] [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: Computed DH using hardware [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = ipv4(any:0,[0..3]=2.2.2.2) -> 1.1.1.1:500, id = No Id [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_find_pre_shared_key: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = true, local = true [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_status_n: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_encrypt: Marking encryption for packet [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM final I (7) [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x59e603e9 839c40e2 - eb493ee7 6edbe2b5 } / 00000000, nego = -1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 92 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 59e603e9 839c40e2 - eb493ee7 6edbe2b5}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 59e603e9 839c40e2 - eb493ee7 6edbe2b5 } [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 59e603e9 839c40e2 - eb493ee7 6edbe2b5 } / 00000000, remote = 1.1.1.1:500 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 59e603e9 839c40e2 - eb493ee7 6edbe2b5 } [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 59e603e9 839c40e2 - eb493ee7 6edbe2b5} / 00000000, nego = -1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Decrypting packet [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM final I (7)/-1, exchange = 2, auth_method = pre shared key, Initiator [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_encrypt: Check that packet was encrypted succeeded [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_id: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_hash: Start, hash[0..20] = e02c5714 e47d053e ... [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = true, local = false [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_wait_done: Marking for waiting for done [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_all_done: MESSAGE: Phase 1 { 0x59e603e9 839c40e2 - 0xeb493ee7 6edbe2b5 } / 00000000, version = 1.0, xchg = Identity protect, auth_method = Pre shared keys, Initiator, cipher = 3de [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM done I (9) [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_send_notify: Connected, SA = { 59e603e9 839c40e2 - eb493ee7 6edbe2b5}, nego = -1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_done: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] kmd_ipaddr2ikeid: ipaddr = 1.1.1.1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_pm_id_validate id NOT matched. [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696466 stop timer. timer duration 30, reason 1. [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696466 start timer. timer duration 0, reason 3. [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ipsec_spi_allocate: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] Added (spi=0x92907bb6, protocol=0) entry to the spi table [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ipsec_spi_allocate: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] Added (spi=0x62f4fa5f, protocol=0) entry to the spi table [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect_ipsec: Start, remote_name = :500, flags = 00010000 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Start, SA = { 59e603e9 839c40e2 - eb493ee7 6edbe2b5} [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Found slot 0, max 1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_connect_ipsec: SA = { 59e603e9 839c40e2 - eb493ee7 6edbe2b5}, nego = 0 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_init_qm_negotiation: Start, initiator = 1, message_id = 12b5adfb [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start QM I (14)/-1, exchange = 32, auth_method = phase1, Initiator [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_hash_1: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_sa_proposals: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_nonce: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_qm_nonce_data_len: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_optional_ke: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_dh_generate_sync: Requested DH group 2 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_dh_generate: Generated DH keys using hardware for DH group 2 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [6255] [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_qm_optional_ids: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_qm_optional_id: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_qm_optional_id: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] Construction NHTB payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 P1 SA index 5696466 sa-cfg Colo_VPN [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] Inside iked_get_primary_addr_by_intf_name... AF = 2 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] No address found for interface st0.0 family inet [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_get_interface_primary_ip_by_family:Can Not find family for tunnel interface st0.0 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_nhtb_get_tunnel_ip:Can Not get primary IP for tunnel interface st0.0 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] Could not get local tunnel ip address. Not sending NHTB notify payload for sa-cfg Colo_VPN [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_st_o_encrypt: Marking encryption for packet [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = QM HASH SA I (16) [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x59e603e9 839c40e2 - eb493ee7 6edbe2b5 } / 12b5adfb, nego = 0 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_finalize_qm_hash_1: Hash[0..20] = fe560f33 13fa0c51 ... [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 292 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 59e603e9 839c40e2 - eb493ee7 6edbe2b5}, nego = 0, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696466 timer expiry. ref cnt 2, timer reason Defer delete timer expired (3), flags 0x30. [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] Initiate IKE P1 SA 5696466 delete. curr ref count 2, del flags 0x2 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_delete_notify_done_cb: For p1 sa index 5696466, ref cnt 2, status: Error ok [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_expire_callback: Start, expire SA = { 59e603e9 839c40e2 - eb493ee7 6edbe2b5}, nego = -1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Start, SA = { 59e603e9 839c40e2 - eb493ee7 6edbe2b5} [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_alloc_negotiation: Found slot 1, max 2 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_init_info_exchange: Created random message id = b5b7ff15 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_init_info_exchange: Phase 1 done, use HASH and N or D payload [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x59e603e9 839c40e2 - eb493ee7 6edbe2b5 } / b5b7ff15, nego = 1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 84 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_expire_callback: Sending notification to 1.1.1.1:500 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 59e603e9 839c40e2 - eb493ee7 6edbe2b5}, nego = 1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_delete_negotiation: Start, SA = { 59e603e9 839c40e2 - eb493ee7 6edbe2b5}, nego = 1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_info: Start, nego = 1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = 1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_remove_callback: Start, delete SA = { 59e603e9 839c40e2 - eb493ee7 6edbe2b5}, nego = -1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_delete_negotiation: Start, SA = { 59e603e9 839c40e2 - eb493ee7 6edbe2b5}, nego = -1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: Deleting tunnel_id: 0 from IKE tunnel table [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: The tunnel id: 0 doesn't exist in IKE tunnel table [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_sa_delete: Start, SA = { 59e603e9 839c40e2 - eb493ee7 6edbe2b5 } [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_qm: Start, nego = 0 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = 0 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 4 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 4 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_isakmp: Start, nego = -1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = -1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ikev2_fb_isakmp_sa_freed: Received notification from the ISAKMP library that the IKE SA ee1400 is freed [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] IKE SA delete called for p1 sa 5696466 (ref cnt 2) local:2.2.2.2, remote:1.1.1.1, IKEv1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696466 stop timer. timer duration 0, reason 0. [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] P1 SA 5696466 reference count is not zero (1). Delaying deletion of SA [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 1 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 2 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ike_free_sa: Start [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Freeing fallback negotiation ee5800 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_pm_p1_sa_destroy: p1 sa 5696466 (ref cnt 0), waiting_for_del 0xe709c0 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_peer_remove_p1sa_entry: Remove p1 sa 5696466 from peer entry 0xee3e00 [May 24 12:34:32][2.2.2.2 <-> 1.1.1.1] iked_peer_entry_patricia_delete:Peer entry 0xee3e00 deleted for local 2.2.2.2:500 and remote 1.1.1.1:500 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 3c813097 3e1078b1 - 00000000 00000000 } / 00000000, remote = 1.1.1.1:500 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_get_sa: We are responder and this is initiators first packet [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_sa_allocate: Start, SA = { 3c813097 3e1078b1 - 89c67e1f 1d76932f } [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_udp_callback_common: New SA [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_init_isakmp_sa: Start, remote = 1.1.1.1:500, initiator = 0 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_alloc: Allocated fallback negotiation ee5800 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] P1 SA 5696467 start timer. timer duration 30, reason 1. [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: Updating responder IKE cookie [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: Original IKE cookie [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] 00000000: 89c6 7e1f 1d76 932f ..~..v./ [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: New IKE cookie [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] 00000000: 2ef7 51ad 938d 2f49 ..Q.../I [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_fb_st_new_p1_connection_local_addresses: Accepting new Phase-1 negotiation: local=2.2.2.2:500, remote=1.1.1.1:500 (neg ee5800) [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 3c813097 3e1078b1 - 2ef751ad 938d2f49} / 00000000, nego = -1 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Found 1 proposals [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_t: Start, # trans = 1 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation R (2)/-1, exchange = 2, auth_method = any, Responder [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..28] = 9436e8d6 7174ef9a ... [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..16] = afcad713 68a1f1c9 ... [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..20] = 48656172 74426561 ... [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_proposal: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] iked_pm_phase1_sa_cfg_lookup_by_addr: Found SA-CFG Colo_VPN by ip address for local:2.2.2.2, remote:1.1.1.1 IKEv1 remote_port:500 ksa_cfg_remote_port=0 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sa_select: SA_SELECT: Selecting IKEv1 proposal. [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Comparing 1 input proposals against 1 policy proposals [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Comparing input proposal #1 against policy proposal #1 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Comparing 1 protocol(s) [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Comparing transforms of protocol 1 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Comparing 1 input transforms against 1 policy transforms [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Comparing input transform #1 against policy transform #0 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Transform id 1 matches, comparing attributes [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing 6 input attributes against 6 policy attributes [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 0 against policy attribute 0 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 1 match [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 0 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 1 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 2 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 2 match [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 2 against policy attribute 0 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 2 against policy attribute 1 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 4 match [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 0 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 1 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 2 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 3 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 4 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 5 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 3 match [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input attribute 4 is life type/duration, ignoring [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input attribute 5 is life type/duration, ignoring [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Attributes matched successfully [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Setting life in seconds to 28800 from policy [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Attributes match; selected input transform 0 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Protocols match [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Selected proposal number 1 and transforms for 1 protocols [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Selected transform id 1 for protocol 1 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Proposals match [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_fb_spd_select_sa_cb: Diffie-Hellman group number 2 selected [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_fb_spd_select_sa_cb: Authentication method number 1 selected [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_isakmp_sa_reply: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { 3c813097 3e1078b1 - 2ef751ad 938d2f49}, nego = -1 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation R (2)/1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_proposal: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_o_sa_values: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_vendor_ids: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM SA R (4) [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x3c813097 3e1078b1 - 2ef751ad 938d2f49 } / 00000000, nego = -1 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 132 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 3c813097 3e1078b1 - 2ef751ad 938d2f49}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_packet_allocate: Allocated packet e54400 from freelist [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 3c813097 3e1078b1 - 2ef751ad 938d2f49 } [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 3c813097 3e1078b1 - 2ef751ad 938d2f49 } / 00000000, remote = 1.1.1.1:500 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 3c813097 3e1078b1 - 2ef751ad 938d2f49 } [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 3c813097 3e1078b1 - 2ef751ad 938d2f49} / 00000000, nego = -1 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA R (4)/-1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_i_nonce: Start, nonce[0..32] = c780c039 07265228 ... [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_i_ke: Ke[0..128] = 29e07cc3 9b5b5305 ... [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_o_ke: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] iked_dh_generate_sync: Requested DH group 2 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] iked_dh_generate: Generated DH keys using hardware for DH group 2 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [6801] [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_o_nonce: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_nonce_data_len: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] iked_pm_phase1_sa_cfg_lookup_by_addr: Found SA-CFG Colo_VPN by ip address for local:2.2.2.2, remote:1.1.1.1 IKEv1 remote_port:500 ksa_cfg_remote_port=0 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_find_pre_shared_key: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { 3c813097 3e1078b1 - 2ef751ad 938d2f49}, nego = -1 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA R (4)/258, exchange = 2, auth_method = pre shared key, Responder [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_o_calc_skeyid: Calculating skeyid [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] iked_dh_compute_synch: Requested DH group 2 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] Peer public key has length 128 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: DH Compute Secs [0] USecs [6040] [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: Computed DH using hardware [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM KE R (6) [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x3c813097 3e1078b1 - 2ef751ad 938d2f49 } / 00000000, nego = -1 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 180 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 3c813097 3e1078b1 - 2ef751ad 938d2f49}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_packet_allocate: Allocated packet e54800 from freelist [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 3c813097 3e1078b1 - 2ef751ad 938d2f49 } [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 3c813097 3e1078b1 - 2ef751ad 938d2f49 } / 00000000, remote = 1.1.1.1:500 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 3c813097 3e1078b1 - 2ef751ad 938d2f49 } [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 3c813097 3e1078b1 - 2ef751ad 938d2f49} / 00000000, nego = -1 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Decrypting packet [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE R (6)/-1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_i_encrypt: Check that packet was encrypted succeeded [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_i_id: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_i_hash: Start, hash[0..20] = bc90b5e0 277bc56b ... [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = false, local = false [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_id: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { 3c813097 3e1078b1 - 2ef751ad 938d2f49}, nego = -1 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE R (6)/256, exchange = 2, auth_method = pre shared key, Responder [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_o_hash: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = false, local = true [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_o_status_n: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_o_encrypt: Marking encryption for packet [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_o_wait_done: Marking for waiting for done [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_st_o_all_done: MESSAGE: Phase 1 { 0x3c813097 3e1078b1 - 0x2ef751ad 938d2f49 } / 00000000, version = 1.0, xchg = Identity protect, auth_method = Pre shared keys, Responder, cipher = 3de [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM final R (8) [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x3c813097 3e1078b1 - 2ef751ad 938d2f49 } / 00000000, nego = -1 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 68 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 3c813097 3e1078b1 - 2ef751ad 938d2f49}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_send_notify: Connected, SA = { 3c813097 3e1078b1 - 2ef751ad 938d2f49}, nego = -1 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_done: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] kmd_ipaddr2ikeid: ipaddr = 1.1.1.1 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] iked_pm_id_validate id NOT matched. [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] P1 SA 5696467 stop timer. timer duration 30, reason 1. [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] P1 SA 5696467 start timer. timer duration 0, reason 3. [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Freeing fallback negotiation ee5800 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] P1 SA 5696467 timer expiry. ref cnt 1, timer reason Defer delete timer expired (3), flags 0x230. [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] Initiate IKE P1 SA 5696467 delete. curr ref count 1, del flags 0x3 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_delete_done_cb: For p1 sa index 5696467, ref cnt 1, status: Error ok [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_remove_callback: Start, delete SA = { 3c813097 3e1078b1 - 2ef751ad 938d2f49}, nego = -1 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_delete_negotiation: Start, SA = { 3c813097 3e1078b1 - 2ef751ad 938d2f49}, nego = -1 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: Deleting tunnel_id: 0 from IKE tunnel table [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: The tunnel id: 0 doesn't exist in IKE tunnel table [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_sa_delete: Start, SA = { 3c813097 3e1078b1 - 2ef751ad 938d2f49 } [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_isakmp: Start, nego = -1 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = -1 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ikev2_fb_isakmp_sa_freed: Received notification from the ISAKMP library that the IKE SA ee1400 is freed [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] IKE SA delete called for p1 sa 5696467 (ref cnt 1) local:2.2.2.2, remote:1.1.1.1, IKEv1 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] P1 SA 5696467 stop timer. timer duration 0, reason 0. [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] iked_pm_p1_sa_destroy: p1 sa 5696467 (ref cnt 0), waiting_for_del 0x0 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 1 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 2 [May 24 12:34:48][2.2.2.2 <-> 1.1.1.1] ike_free_sa: Start [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 31e44277 0f05d8ec - 00000000 00000000 } / 00000000, remote = 1.1.1.1:500 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_get_sa: We are responder and this is initiators first packet [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_sa_allocate: Start, SA = { 31e44277 0f05d8ec - 6fd97a49 ed25f133 } [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_udp_callback_common: New SA [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_init_isakmp_sa: Start, remote = 1.1.1.1:500, initiator = 0 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_alloc: Allocated fallback negotiation ee5800 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] P1 SA 5696468 start timer. timer duration 30, reason 1. [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: Updating responder IKE cookie [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: Original IKE cookie [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] 00000000: 6fd9 7a49 ed25 f133 o.zI.%.3 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ssh_isakmp_update_responder_cookie: New IKE cookie [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] 00000000: 8079 b058 a6ee e566 .y.X...f [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_fb_st_new_p1_connection_local_addresses: Accepting new Phase-1 negotiation: local=2.2.2.2:500, remote=1.1.1.1:500 (neg ee5800) [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 31e44277 0f05d8ec - 8079b058 a6eee566} / 00000000, nego = -1 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Start [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_sa: Found 1 proposals [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_decode_payload_t: Start, # trans = 1 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation R (2)/-1, exchange = 2, auth_method = any, Responder [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..28] = 9436e8d6 7174ef9a ... [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..16] = afcad713 68a1f1c9 ... [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_st_i_vid: VID[0..20] = 48656172 74426561 ... [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_proposal: Start [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] Parsing notification payload for local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] iked_pm_phase1_sa_cfg_lookup_by_addr: Found SA-CFG Colo_VPN by ip address for local:2.2.2.2, remote:1.1.1.1 IKEv1 remote_port:500 ksa_cfg_remote_port=0 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sa_select: SA_SELECT: Selecting IKEv1 proposal. [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Comparing 1 input proposals against 1 policy proposals [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Comparing input proposal #1 against policy proposal #1 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Comparing 1 protocol(s) [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Comparing transforms of protocol 1 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Comparing 1 input transforms against 1 policy transforms [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Comparing input transform #1 against policy transform #0 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Transform id 1 matches, comparing attributes [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing 6 input attributes against 6 policy attributes [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 0 against policy attribute 0 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 1 match [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 0 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 1 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 2 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 2 match [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 2 against policy attribute 0 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 2 against policy attribute 1 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 4 match [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 0 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 1 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 2 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 3 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 4 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Comparing input attribute 3 against policy attribute 5 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input and policy attributes of type 3 match [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input attribute 4 is life type/duration, ignoring [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Input attribute 5 is life type/duration, ignoring [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Attributes matched successfully [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_ikev1_attribute_check: Setting life in seconds to 28800 from policy [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_transform: Attributes match; selected input transform 0 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Protocols match [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Selected proposal number 1 and transforms for 1 protocols [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_choose_v1_proposal: Selected transform id 1 for protocol 1 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ssh_ikev2_sav1_select: Proposals match [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_fb_spd_select_sa_cb: Diffie-Hellman group number 2 selected [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_fb_spd_select_sa_cb: Authentication method number 1 selected [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_isakmp_sa_reply: Start [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { 31e44277 0f05d8ec - 8079b058 a6eee566}, nego = -1 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = Start sa negotiation R (2)/1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_st_i_sa_proposal: Start [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_st_o_sa_values: Start [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_vendor_ids: Start [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM SA R (4) [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x31e44277 0f05d8ec - 8079b058 a6eee566 } / 00000000, nego = -1 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 132 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 31e44277 0f05d8ec - 8079b058 a6eee566}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_packet_allocate: Allocated packet e55000 from freelist [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 31e44277 0f05d8ec - 8079b058 a6eee566 } [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 31e44277 0f05d8ec - 8079b058 a6eee566 } / 00000000, remote = 1.1.1.1:500 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 31e44277 0f05d8ec - 8079b058 a6eee566 } [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 31e44277 0f05d8ec - 8079b058 a6eee566} / 00000000, nego = -1 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA R (4)/-1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_st_i_nonce: Start, nonce[0..32] = 1132c4e2 cb359328 ... [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_st_i_ke: Ke[0..128] = b4917f09 06ccd038 ... [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_st_i_cr: Start [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_st_o_ke: Start [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] iked_dh_generate_sync: Requested DH group 2 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] iked_dh_generate: Generated DH keys using hardware for DH group 2 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [6225] [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_st_o_nonce: Start [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_nonce_data_len: Start [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] iked_pm_phase1_sa_cfg_lookup_by_addr: Found SA-CFG Colo_VPN by ip address for local:2.2.2.2, remote:1.1.1.1 IKEv1 remote_port:500 ksa_cfg_remote_port=0 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_find_pre_shared_key: Start [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { 31e44277 0f05d8ec - 8079b058 a6eee566}, nego = -1 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM SA R (4)/258, exchange = 2, auth_method = pre shared key, Responder [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_st_o_calc_skeyid: Calculating skeyid [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group type dl-modp [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group size 1024 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] iked_dh_get_group: DH Group 2 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] iked_dh_compute_synch: Requested DH group 2 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] Peer public key has length 128 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: DH Compute Secs [0] USecs [5331] [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] juniper_dlp_diffie_hellman_final_async: Computed DH using hardware [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_find_pre_shared_key: Find pre shared key key for 2.2.2.2:500, id = No Id -> 1.1.1.1:500, id = No Id [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM KE R (6) [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x31e44277 0f05d8ec - 8079b058 a6eee566 } / 00000000, nego = -1 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 180 [May 24 12:35:21][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 31e44277 0f05d8ec - 8079b058 a6eee566}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ikev2_packet_allocate: Allocated packet e55400 from freelist [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 31e44277 0f05d8ec - 8079b058 a6eee566 } [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_get_sa: Start, SA = { 31e44277 0f05d8ec - 8079b058 a6eee566 } / 00000000, remote = 1.1.1.1:500 [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_sa_find: Found SA = { 31e44277 0f05d8ec - 8079b058 a6eee566 } [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Start, SA = { 31e44277 0f05d8ec - 8079b058 a6eee566} / 00000000, nego = -1 [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_decode_packet: Decrypting packet [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE R (6)/-1, exchange = 2, auth_method = pre shared key, Responder [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_st_i_encrypt: Check that packet was encrypted succeeded [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_st_i_id: Start [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_st_i_hash: Start, hash[0..20] = 207df201 7b2f8820 ... [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = false, local = false [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_st_i_cert: Start [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_st_i_private: Start [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_process_packet: No output packet, returning [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_isakmp_id: Start [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Fallback negotiation ee5800 has still 1 references [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_state_restart_packet: Start, restart packet SA = { 31e44277 0f05d8ec - 8079b058 a6eee566}, nego = -1 [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_state_step: Current state = MM KE R (6)/256, exchange = 2, auth_method = pre shared key, Responder [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_st_o_id: Start [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_st_o_hash: Start [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_calc_mac: Start, initiator = false, local = true [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_st_o_status_n: Start [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_st_o_private: Start [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_policy_reply_private_payload_out: Start [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_st_o_encrypt: Marking encryption for packet [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_st_o_wait_done: Marking for waiting for done [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_st_o_all_done: MESSAGE: Phase 1 { 0x31e44277 0f05d8ec - 0x8079b058 a6eee566 } / 00000000, version = 1.0, xchg = Identity protect, auth_method = Pre shared keys, Responder, cipher = 3de [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_state_step: All done, new state = MM final R (8) [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Start, SA = { 0x31e44277 0f05d8ec - 8079b058 a6eee566 } / 00000000, nego = -1 [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Encrypting packet [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_encode_packet: Final length = 68 [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_send_packet: Start, send SA = { 31e44277 0f05d8ec - 8079b058 a6eee566}, nego = -1, dst = 1.1.1.1:500, routing table id = 0 [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_send_notify: Connected, SA = { 31e44277 0f05d8ec - 8079b058 a6eee566}, nego = -1 [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_done: local:2.2.2.2, remote:1.1.1.1 IKEv1 [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] kmd_ipaddr2ikeid: ipaddr = 1.1.1.1 [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] iked_pm_id_validate id NOT matched. [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] P1 SA 5696468 stop timer. timer duration 30, reason 1. [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] P1 SA 5696468 start timer. timer duration 0, reason 3. [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ikev2_fallback_negotiation_free: Freeing fallback negotiation ee5800 [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] P1 SA 5696468 timer expiry. ref cnt 1, timer reason Defer delete timer expired (3), flags 0x230. [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] Initiate IKE P1 SA 5696468 delete. curr ref count 1, del flags 0x3 [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] iked_pm_ike_sa_delete_done_cb: For p1 sa index 5696468, ref cnt 1, status: Error ok [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_remove_callback: Start, delete SA = { 31e44277 0f05d8ec - 8079b058 a6eee566}, nego = -1 [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_delete_negotiation: Start, SA = { 31e44277 0f05d8ec - 8079b058 a6eee566}, nego = -1 [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: Deleting tunnel_id: 0 from IKE tunnel table [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ssh_ike_tunnel_table_entry_delete: The tunnel id: 0 doesn't exist in IKE tunnel table [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_sa_delete: Start, SA = { 31e44277 0f05d8ec - 8079b058 a6eee566 } [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation_isakmp: Start, nego = -1 [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_free_negotiation: Start, nego = -1 [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ikev2_fb_isakmp_sa_freed: Received notification from the ISAKMP library that the IKE SA ee1400 is freed [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] IKE SA delete called for p1 sa 5696468 (ref cnt 1) local:2.2.2.2, remote:1.1.1.1, IKEv1 [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] P1 SA 5696468 stop timer. timer duration 0, reason 0. [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] iked_pm_p1_sa_destroy: p1 sa 5696468 (ref cnt 0), waiting_for_del 0x0 [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 1 [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_free_id_payload: Start, id type = 2 [May 24 12:35:22][2.2.2.2 <-> 1.1.1.1] ike_free_sa: Start