Hi,
We have been using a Site-to-Site VPN configuration for quite some time now. But since this monday it won't come up anymore.
We've got an SRX220 with a static WAN-IP and an SRX110 with a dynamic WAN-IP. VPN is created using "local-identity user-at-hostname", and we've never experienced any problems with this.
Below is the config.
SRX110 (dynamic WAN-IP):
[edit security ike]
admin@SRX110# show
policy ike_pol_CLIENT {
mode aggressive;
proposal-set standard;
pre-shared-key ascii-text ""; ## SECRET-DATA
}
gateway gw_CLIENT {
ike-policy ike_pol_CLIENT;
address <<SRX220-ADDRESS>>;
dead-peer-detection;
local-identity user-at-hostname "vpn@client.nl";
external-interface fe-0/0/2.0;
}
[edit security ipsec]
admin@SRX110# show
policy ipsec_pol_CLIENT {
perfect-forward-secrecy {
keys group2;
}
proposal-set standard;
}
vpn CLIENT {
bind-interface st0.3;
ike {
gateway gw_CLIENT;
ipsec-policy ipsec_pol_CLIENT;
}
establish-tunnels immediately;
}
SRX220 (static WAN-IP):
[edit security ike]
admin@SRX220# show
policy ike_pol_CLIENT {
mode aggressive;
proposal-set standard;
pre-shared-key ascii-text ""; ## SECRET-DATA
}
gateway gw_CLIENT {
ike-policy ike_pol_CLIENT;
dynamic user-at-hostname "vpn@client.nl";
local-identity inet <<SRX220-ADDRESS>>;
external-interface ge-0/0/0.0;
}
[edit security ipsec]
admin@SRX220# show
policy ipsec_pol_CLIENT {
perfect-forward-secrecy {
keys group2;
}
proposal-set standard;
}
vpn CLIENT {
bind-interface st0.14;
ike {
gateway gw_CLIENT;
ipsec-policy ipsec_pol_CLIENT;
}
establish-tunnels immediately;
}
Below the traceoptions (flag all).
SRX110 (dynamic WAN-IP):
Oct 14 09:29:08 iked_pm_ike_spd_notify_request: Sending Initial contact
Oct 14 09:29:08 ssh_ike_connect: Start, remote_name = <<SRX220-ADDRESS>>:500, xchg = 4, flags = 00040000
Oct 14 09:29:08 ike_sa_allocate: Start, SA = { 50676703 2418a55a - 00000000 00000000 }
Oct 14 09:29:08 ike_init_isakmp_sa: Start, remote = <<SRX220-ADDRESS>>:500, initiator = 1
Oct 14 09:29:08 <<SRX110-ADDRESS>>:500 (Initiator) <-> <<SRX220-ADDRESS>>:500 { 50676703 2418a55a - 00000000 00000000 [-1] / 0x00000000 } Aggr; Warning: Number of proposals != 1 in ISAKMP SA, this is against draft!
Oct 14 09:29:08 ssh_ike_connect: SA = { 50676703 2418a55a - 00000000 00000000}, nego = -1
Oct 14 09:29:08 ike_st_o_sa_proposal: Start
Oct 14 09:29:08 ike_st_o_ke: Start
Oct 14 09:29:08 ike_st_o_nonce: Start
Oct 14 09:29:08 ike_policy_reply_isakmp_nonce_data_len: Start
Oct 14 09:29:08 ike_st_o_id: Start
Oct 14 09:29:08 ike_policy_reply_isakmp_vendor_ids: Start
Oct 14 09:29:08 ike_st_o_private: Start
Oct 14 09:29:08 ike_policy_reply_private_payload_out: Start
Oct 14 09:29:08 ike_encode_packet: Start, SA = { 0x50676703 2418a55a - 00000000 00000000 } / 00000000, nego = -1
Oct 14 09:29:08 ike_send_packet: Start, send SA = { 50676703 2418a55a - 00000000 00000000}, nego = -1, dst = <<SRX220-ADDRESS>>:500, routing table id = 0
Oct 14 09:29:08 ikev2_packet_allocate: Allocated packet a38000 from freelist
Oct 14 09:29:08 ike_sa_find: Not found SA = { 50676703 2418a55a - bd7521d8 50cb6096 }
Oct 14 09:29:08 ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library
Oct 14 09:29:08 ike_get_sa: Start, SA = { 50676703 2418a55a - bd7521d8 50cb6096 } / 00000000, remote = <<SRX220-ADDRESS>>:500
Oct 14 09:29:08 ike_sa_find: Not found SA = { 50676703 2418a55a - bd7521d8 50cb6096 }
Oct 14 09:29:08 ike_sa_find_half: Found half SA = { 50676703 2418a55a - 00000000 00000000 }
Oct 14 09:29:08 ike_sa_upgrade: Start, SA = { 50676703 2418a55a - 00000000 00000000 } -> { ... - bd7521d8 50cb6096 }
Oct 14 09:29:08 ike_decode_packet: Start
Oct 14 09:29:08 ike_decode_packet: Start, SA = { 50676703 2418a55a - bd7521d8 50cb6096} / 00000000, nego = -1
Oct 14 09:29:08 ike_decode_payload_sa: Start
Oct 14 09:29:08 ike_decode_payload_t: Start, # trans = 1
Oct 14 09:29:08 ike_st_i_sa_value: Start
Oct 14 09:29:08 ike_st_i_nonce: Start, nonce[0..16] = c80e50f7 9761e13f ...
Oct 14 09:29:08 ike_st_i_id: Start
Oct 14 09:29:08 ike_st_i_ke: Ke[0..128] = 4313e71e 1fc6e7b7 ...
Oct 14 09:29:08 ike_st_i_hash: Start, hash[0..20] = cf7f5a21 e59a31a5 ...
Oct 14 09:29:08 ike_calc_mac: Start, initiator = true, local = false
Oct 14 09:29:08 ike_find_pre_shared_key: Find pre shared key key for <<SRX110-ADDRESS>>:500, id = usr@fqdn(any:0,[0..14]=vpn@grift-it.nl) -> <<SRX220-ADDRESS>>:500, id = ipv4(any:0,[0..3]=<<SRX220-ADDRESS>>)
Oct 14 09:29:08 ike_policy_reply_find_pre_shared_key: Start
Oct 14 09:29:08 ike_st_i_cert: Start
Oct 14 09:29:08 ike_st_i_vid: VID[0..16] = afcad713 68a1f1c9 ...
Oct 14 09:29:08 ike_st_i_vid: VID[0..16] = 27bab5dc 01ea0760 ...
Oct 14 09:29:08 ike_st_i_vid: VID[0..16] = 6105c422 e76847e4 ...
Oct 14 09:29:08 ike_st_i_vid: VID[0..16] = 4485152d 18b6bbcd ...
Oct 14 09:29:08 ike_st_i_vid: VID[0..16] = cd604643 35df21f8 ...
Oct 14 09:29:08 ike_st_i_vid: VID[0..16] = 90cb8091 3ebb696e ...
Oct 14 09:29:08 ike_st_i_vid: VID[0..16] = 7d9419a6 5310ca6f ...
Oct 14 09:29:08 ike_st_i_vid: VID[0..16] = 4a131c81 07035845 ...
Oct 14 09:29:08 ike_st_i_vid: VID[0..28] = 69936922 8741c6d4 ...
Oct 14 09:29:08 ike_st_i_private: Start
Oct 14 09:29:08 ike_st_o_hash: Start
Oct 14 09:29:08 ike_calc_mac: Start, initiator = true, local = true
Oct 14 09:29:08 ike_st_o_status_n: Start
Oct 14 09:29:08 ike_st_o_private: Start
Oct 14 09:29:08 ike_policy_reply_private_payload_out: Start
Oct 14 09:29:08 ike_policy_reply_private_payload_out: Start
Oct 14 09:29:08 ike_policy_reply_private_payload_out: Start
Oct 14 09:29:08 ike_st_o_optional_encrypt: Marking encryption for packet
Oct 14 09:29:08 ike_st_o_wait_done: Marking for waiting for done
Oct 14 09:29:08 ike_st_o_all_done: MESSAGE: Phase 1 { 0x50676703 2418a55a - 0xbd7521d8 50cb6096 } / 00000000, version = 1.0, xchg = Aggressive, auth_method = Pre shared keys, Initiator, cipher = 3des-cbc, hash = sha1, prf = hmac-sha1, life = 0 kB / 28800 sec, key len = 0
Oct 14 09:29:08 <<SRX110-ADDRESS>>:500 (Initiator) <-> <<SRX220-ADDRESS>>:500 { 50676703 2418a55a - bd7521d8 50cb6096 [-1] / 0x00000000 } Aggr; MESSAGE: Phase 1 version = 1.0, auth_method = Pre shared keys, cipher = 3des-cbc, hash = sha1, prf = hmac-sha1, life = 0 kB / 28800 sec,
Oct 14 09:29:08 ike_encode_packet: Start, SA = { 0x50676703 2418a55a - bd7521d8 50cb6096 } / 00000000, nego = -1
Oct 14 09:29:08 ike_send_packet: Start, send SA = { 50676703 2418a55a - bd7521d8 50cb6096}, nego = -1, dst = <<SRX220-ADDRESS>>:500, routing table id = 0
Oct 14 09:29:08 ike_send_notify: Connected, SA = { 50676703 2418a55a - bd7521d8 50cb6096}, nego = -1
Oct 14 09:29:08 iked_pm_ike_sa_done: local:<<SRX110-ADDRESS>>, remote:<<SRX220-ADDRESS>> IKEv1
Oct 14 09:29:08 IKE negotiation done for local:<<SRX110-ADDRESS>>, remote:<<SRX220-ADDRESS>> IKEv1 with status: Error ok
Oct 14 09:29:08 Added (spi=0x390ed5a3, protocol=0) entry to the spi table
Oct 14 09:29:08 Added (spi=0x9e7e8f5d, protocol=0) entry to the spi table
Oct 14 09:29:08 ssh_ike_connect_ipsec: Start, remote_name = :500, flags = 00010000
Oct 14 09:29:08 ike_sa_find_ip_port: Remote = all:500, Found SA = { 50676703 2418a55a - bd7521d8 50cb6096}
Oct 14 09:29:08 ike_alloc_negotiation: Start, SA = { 50676703 2418a55a - bd7521d8 50cb6096}
Oct 14 09:29:08 ssh_ike_connect_ipsec: SA = { 50676703 2418a55a - bd7521d8 50cb6096}, nego = 0
Oct 14 09:29:08 ike_init_qm_negotiation: Start, initiator = 1, message_id = 52a938bd
Oct 14 09:29:08 ike_st_o_qm_hash_1: Start
Oct 14 09:29:08 ike_st_o_qm_sa_proposals: Start
Oct 14 09:29:08 ike_st_o_qm_nonce: Start
Oct 14 09:29:08 ike_policy_reply_qm_nonce_data_len: Start
Oct 14 09:29:08 ike_st_o_qm_optional_ke: Start
Oct 14 09:29:08 ike_st_o_qm_optional_ids: Start
Oct 14 09:29:08 ike_st_qm_optional_id: Start
Oct 14 09:29:08 ike_st_qm_optional_id: Start
Oct 14 09:29:08 ike_st_o_private: Start
Oct 14 09:29:08 Construction NHTB payload for local:<<SRX110-ADDRESS>>, remote:<<SRX220-ADDRESS>> IKEv1 P1 SA index 4570866 sa-cfg CLIENT
Oct 14 09:29:08 ike_policy_reply_private_payload_out: Start
Oct 14 09:29:08 ike_policy_reply_private_payload_out: Start
Oct 14 09:29:08 ike_st_o_encrypt: Marking encryption for packet
Oct 14 09:29:08 ike_encode_packet: Start, SA = { 0x50676703 2418a55a - bd7521d8 50cb6096 } / 52a938bd, nego = 0
Oct 14 09:29:08 ike_finalize_qm_hash_1: Hash[0..20] = d81b2b32 97d45670 ...
Oct 14 09:29:08 ike_send_packet: Start, send SA = { 50676703 2418a55a - bd7521d8 50cb6096}, nego = 0, dst = <<SRX220-ADDRESS>>:500, routing table id = 0
Oct 14 09:29:08 ikev2_packet_allocate: Allocated packet a38400 from freelist
Oct 14 09:29:08 ike_sa_find: Found SA = { 50676703 2418a55a - bd7521d8 50cb6096 }
Oct 14 09:29:08 ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library
Oct 14 09:29:08 ike_get_sa: Start, SA = { 50676703 2418a55a - bd7521d8 50cb6096 } / 499eb11f, remote = <<SRX220-ADDRESS>>:500
Oct 14 09:29:08 ike_sa_find: Found SA = { 50676703 2418a55a - bd7521d8 50cb6096 }
Oct 14 09:29:08 ike_st_o_done: ISAKMP SA negotiation done
Oct 14 09:29:08 ike_send_notify: Connected, SA = { 50676703 2418a55a - bd7521d8 50cb6096}, nego = -1
Oct 14 09:29:08 ike_free_negotiation_isakmp: Start, nego = -1
Oct 14 09:29:08 ike_free_negotiation: Start, nego = -1
Oct 14 09:29:08 ike_alloc_negotiation: Start, SA = { 50676703 2418a55a - bd7521d8 50cb6096}
Oct 14 09:29:08 ike_decode_packet: Start
Oct 14 09:29:08 ike_decode_packet: Start, SA = { 50676703 2418a55a - bd7521d8 50cb6096} / 499eb11f, nego = 1
Oct 14 09:29:08 ike_st_i_encrypt: Check that packet was encrypted succeeded
Oct 14 09:29:08 ike_st_i_gen_hash: Start, hash[0..20] = 983f6c86 079464c1 ...
Oct 14 09:29:08 ike_st_i_d: Start, doi = 1, protocol = 1, spis[0..1][0..16] = [50676703 2418a55a ...]
Oct 14 09:29:08 ike_sa_find: Found SA = { 50676703 2418a55a - bd7521d8 50cb6096 }
Oct 14 09:29:08 <none>:500 (Responder) <-> <<SRX220-ADDRESS>>:500 { 50676703 2418a55a - bd7521d8 50cb6096 [1] / 0x499eb11f } Info; delete spi[16] = 0x50676703 2418a55a bd7521d8 50cb6096
Oct 14 09:29:08 ike_st_i_private: Start
Oct 14 09:29:08 ike_send_notify: Connected, SA = { 50676703 2418a55a - bd7521d8 50cb6096}, nego = 1
Oct 14 09:29:08 ike_delete_negotiation: Start, SA = { 50676703 2418a55a - bd7521d8 50cb6096}, nego = 1
Oct 14 09:29:08 ike_free_negotiation_info: Start, nego = 1
Oct 14 09:29:08 ike_free_negotiation: Start, nego = 1
Oct 14 09:29:08 ike_remove_callback: Start, delete SA = { 50676703 2418a55a - bd7521d8 50cb6096}, nego = -1
Oct 14 09:29:08 ike_delete_negotiation: Start, SA = { 50676703 2418a55a - bd7521d8 50cb6096}, nego = -1
Oct 14 09:29:08 ssh_ike_tunnel_table_entry_delete: Deleting tunnel_id: 0 from IKE tunnel table
Oct 14 09:29:08 ssh_ike_tunnel_table_entry_delete: The tunnel id: 0 doesn't exist in IKE tunnel table
Oct 14 09:29:08 ike_sa_delete: Start, SA = { 50676703 2418a55a - bd7521d8 50cb6096 }
Oct 14 09:29:08 ike_free_negotiation_qm: Start, nego = 0
Oct 14 09:29:08 ike_free_negotiation: Start, nego = 0
Oct 14 09:29:08 ike_free_id_payload: Start, id type = 4
Oct 14 09:29:08 ike_free_id_payload: Start, id type = 4
Oct 14 09:29:08 ike_free_negotiation_isakmp: Start, nego = -1
Oct 14 09:29:08 ike_free_negotiation: Start, nego = -1
Oct 14 09:29:08 IKE SA delete called for p1 sa 4570866 (ref cnt 2) local:<<SRX110-ADDRESS>>, remote:<<SRX220-ADDRESS>>, IKEv1
Oct 14 09:29:08 P1 SA 4570866 reference count is not zero (1). Delaying deletion of SA
Oct 14 09:29:08 ike_free_id_payload: Start, id type = 3
Oct 14 09:29:08 ike_free_id_payload: Start, id type = 1
Oct 14 09:29:08 ike_free_sa: Start
Oct 14 09:29:08 iked_pm_p1_sa_destroy: p1 sa 4570866 (ref cnt 0), waiting_for_del 0xa822c0
Oct 14 09:29:08 iked_deferred_free_inactive_peer_entry: Free 1 peer_entry(s)
SRX220 (static WAN-IP - used for multiple VPN connections):
Oct 14 09:39:02 iked_pm_dpd_timer_callback: No dpd for gateway(0xa0d400)
Oct 14 09:39:02 iked_pm_dpd_timer_callback: No dpd for gateway(0xa0d400)
Oct 14 09:39:02 iked_pm_dpd_timer_callback: No dpd for gateway(0xa0d400)
Oct 14 09:39:02 iked_pm_dpd_timer_callback: No dpd for gateway(0xa0d400)
Oct 14 09:39:02 iked_pm_dpd_timer_callback: No dpd for gateway(0xa0d400)
Oct 14 09:39:02 iked_pm_dpd_timer_callback: No dpd for gateway(0xa0d400)
Oct 14 09:39:02 iked_pm_dpd_timer_callback: No dpd for gateway(0xa0d400)
Oct 14 09:39:02 iked_pm_dpd_timer_callback: No dpd for gateway(0xa0d400)
Oct 14 09:39:02 iked_pm_dpd_timer_callback: No dpd for gateway(0xa0d400)
Oct 14 09:39:02 iked_pm_dpd_timer_callback: No dpd for gateway(0xa0d400)
Oct 14 09:39:02 iked_pm_dpd_timer_callback: No dpd for gateway(0xa0d400)
Oct 14 09:39:02 iked_pm_dpd_timer_callback: No dpd for gateway(0xa0d400)
Oct 14 09:39:02 iked_pm_dpd_timer_callback: No dpd for gateway(0xa0d400)
Oct 14 09:39:02 iked_pm_dpd_timer_callback: No dpd for gateway(0xa0d400)
Oct 14 09:39:02 iked_pm_dpd_timer_callback: No dpd for gateway(0xa0d400)
Oct 14 09:39:02 iked_pm_dpd_timer_callback: No dpd for gateway(0xa0d400)
Oct 14 09:39:02 iked_pm_dpd_timer_callback: No dpd for gateway(0xa0d400)
Oct 14 09:39:02 iked_pm_dpd_timer_callback: No dpd for gateway(0x9e6800)
Oct 14 09:39:02 iked_pm_dpd_timer_callback: No dpd for gateway(0xa0d400)
Oct 14 09:39:03 DPD -> TTL decrement 2 (no-response) for remote peer <<UNIMPORTANT-ADDRESS-1>>
Oct 14 09:39:03 ssh_ike_connect_notify: Start, remote_name = :500, flags = 00010000
Oct 14 09:39:03 ike_sa_find_ip_port: Remote = all:500, Found SA = { 34344b02 c8b86d37 - 959df49d 4ae49a3b}
Oct 14 09:39:03 ike_alloc_negotiation: Start, SA = { 34344b02 c8b86d37 - 959df49d 4ae49a3b}
Oct 14 09:39:03 ssh_ike_connect_notify: SA = { 34344b02 c8b86d37 - 959df49d 4ae49a3b}, nego = 0
Oct 14 09:39:03 ike_encode_packet: Start, SA = { 0x34344b02 c8b86d37 - 959df49d 4ae49a3b } / 24e2c3dc, nego = 0
Oct 14 09:39:03 ike_send_packet: Start, send SA = { 34344b02 c8b86d37 - 959df49d 4ae49a3b}, nego = 0, dst = <<UNIMPORTANT-ADDRESS-1>>:500, routing table id = 0
Oct 14 09:39:03 ike_delete_negotiation: Start, SA = { 34344b02 c8b86d37 - 959df49d 4ae49a3b}, nego = 0
Oct 14 09:39:03 ike_free_negotiation_info: Start, nego = 0
Oct 14 09:39:03 ike_free_negotiation: Start, nego = 0
Oct 14 09:39:04 ikev2_packet_allocate: Allocated packet a3a000 from freelist
Oct 14 09:39:04 ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library
Oct 14 09:39:04 ike_get_sa: Start, SA = { d4014a00 57304730 - 00000000 00000000 } / 00000000, remote = <<SRX110-ADDRESS>>:500
Oct 14 09:39:04 ike_sa_allocate: Start, SA = { d4014a00 57304730 - 510e6cba f07390c6 }
Oct 14 09:39:04 ike_init_isakmp_sa: Start, remote = <<SRX110-ADDRESS>>:500, initiator = 0
Oct 14 09:39:04 ike_decode_packet: Start
Oct 14 09:39:05 ike_decode_packet: Start, SA = { d4014a00 57304730 - 7dd0f8dd 1d98ad6f} / 00000000, nego = -1
Oct 14 09:39:05 ike_decode_payload_sa: Start
Oct 14 09:39:05 ike_decode_payload_t: Start, # trans = 1
Oct 14 09:39:05 ike_decode_payload_t: Start, # trans = 1
Oct 14 09:39:05 ike_st_i_vid: VID[0..16] = afcad713 68a1f1c9 ...
Oct 14 09:39:05 ike_st_i_vid: VID[0..16] = 27bab5dc 01ea0760 ...
Oct 14 09:39:05 ike_st_i_vid: VID[0..16] = 6105c422 e76847e4 ...
Oct 14 09:39:05 ike_st_i_vid: VID[0..16] = 4485152d 18b6bbcd ...
Oct 14 09:39:05 ike_st_i_vid: VID[0..16] = cd604643 35df21f8 ...
Oct 14 09:39:05 ike_st_i_vid: VID[0..16] = 90cb8091 3ebb696e ...
Oct 14 09:39:05 ike_st_i_vid: VID[0..16] = 7d9419a6 5310ca6f ...
Oct 14 09:39:05 ike_st_i_vid: VID[0..16] = 4a131c81 07035845 ...
Oct 14 09:39:05 ike_st_i_vid: VID[0..28] = 69936922 8741c6d4 ...
Oct 14 09:39:05 ike_st_i_id: Start
Oct 14 09:39:05 ike_st_i_sa_proposal: Start
Oct 14 09:39:05 ike_free_id_payload: Start, id type = 3
Oct 14 09:39:05 ike_isakmp_sa_reply: Start
Oct 14 09:39:05 ike_state_restart_packet: Start, restart packet SA = { d4014a00 57304730 - 7dd0f8dd 1d98ad6f}, nego = -1
Oct 14 09:39:05 ike_st_i_sa_proposal: Start
Oct 14 09:39:05 ike_st_i_nonce: Start, nonce[0..16] = 1b1dcc27 0190c802 ...
Oct 14 09:39:05 ike_st_i_cert: Start
Oct 14 09:39:05 ike_st_i_hash_key: Start, no key_hash
Oct 14 09:39:05 ike_st_i_ke: Ke[0..128] = 84d54559 0cfbd22b ...
Oct 14 09:39:05 ike_st_i_cr: Start
Oct 14 09:39:05 ike_st_i_private: Start
Oct 14 09:39:05 ike_st_o_sa_values: Start
Oct 14 09:39:05 ike_st_o_ke: Start
Oct 14 09:39:05 ike_st_o_nonce: Start
Oct 14 09:39:05 ike_policy_reply_isakmp_nonce_data_len: Start
Oct 14 09:39:05 ike_st_o_id: Start
Oct 14 09:39:05 ike_policy_reply_isakmp_id: Start
Oct 14 09:39:05 ike_state_restart_packet: Start, restart packet SA = { d4014a00 57304730 - 7dd0f8dd 1d98ad6f}, nego = -1
Oct 14 09:39:05 ike_st_o_id: Start
Oct 14 09:39:05 ike_st_o_certs_base: Start
Oct 14 09:39:05 ike_st_o_sig_or_hash: Start, auth_method = 4
Oct 14 09:39:05 ike_st_o_hash: Start
Oct 14 09:39:05 ike_find_pre_shared_key: Find pre shared key key for <<SRX220-ADDRESS>>:500, id = ipv4(any:0,[0..3]=<<SRX220-ADDRESS>>) -> <<SRX110-ADDRESS>>:500, id = usr@fqdn(any:0,[0..14]=vpn@client.nl)
Oct 14 09:39:05 ike_policy_reply_find_pre_shared_key: Start
Oct 14 09:39:05 ike_state_restart_packet: Start, restart packet SA = { d4014a00 57304730 - 7dd0f8dd 1d98ad6f}, nego = -1
Oct 14 09:39:05 ike_st_o_sig_or_hash: Start, auth_method = 4
Oct 14 09:39:05 ike_st_o_hash: Start
Oct 14 09:39:05 ike_find_pre_shared_key: Find pre shared key key for <<SRX220-ADDRESS>>:500, id = ipv4(any:0,[0..3]=<<SRX220-ADDRESS>>) -> <<SRX110-ADDRESS>>:500, id = usr@fqdn(any:0,[0..14]=vpn@client.nl)
Oct 14 09:39:05 ike_calc_mac: Start, initiator = false, local = true
Oct 14 09:39:05 ike_policy_reply_isakmp_vendor_ids: Start
Oct 14 09:39:05 ike_st_o_status_n: Start
Oct 14 09:39:05 ike_st_o_private: Start
Oct 14 09:39:05 ike_policy_reply_private_payload_out: Start
Oct 14 09:39:05 ike_policy_reply_private_payload_out: Start
Oct 14 09:39:05 ike_policy_reply_private_payload_out: Start
Oct 14 09:39:05 ike_st_o_calc_skeyid: Calculating skeyid
Oct 14 09:39:05 ike_encode_packet: Start, SA = { 0xd4014a00 57304730 - 7dd0f8dd 1d98ad6f } / 00000000, nego = -1
Oct 14 09:39:05 ike_send_packet: Start, send SA = { d4014a00 57304730 - 7dd0f8dd 1d98ad6f}, nego = -1, dst = <<SRX110-ADDRESS>>:500, routing table id = 0
Oct 14 09:39:05 ikev2_packet_allocate: Allocated packet a52000 from freelist
Oct 14 09:39:05 ikev2_packet_allocate: Allocated packet a3f000 from freelist
Oct 14 09:39:05 ike_sa_find: Found SA = { d4014a00 57304730 - 7dd0f8dd 1d98ad6f }
Oct 14 09:39:05 ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library
Oct 14 09:39:05 ike_get_sa: Start, SA = { d4014a00 57304730 - 7dd0f8dd 1d98ad6f } / f90e8bd9, remote = <<SRX110-ADDRESS>>:500
Oct 14 09:39:05 ike_sa_find: Found SA = { d4014a00 57304730 - 7dd0f8dd 1d98ad6f }
Oct 14 09:39:05 unknown (unknown) <-> unknown { unknown [unknown] / unknown } unknown; Cannot start new phase 2 negotiation, because phase 1 still in progress
Oct 14 09:39:05 ike_sa_find: Found SA = { d4014a00 57304730 - 7dd0f8dd 1d98ad6f }
Oct 14 09:39:05 ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library
Oct 14 09:39:05 ike_get_sa: Start, SA = { d4014a00 57304730 - 7dd0f8dd 1d98ad6f } / 00000000, remote = <<SRX110-ADDRESS>>:500
Oct 14 09:39:05 ike_sa_find: Found SA = { d4014a00 57304730 - 7dd0f8dd 1d98ad6f }
Oct 14 09:39:05 ike_decode_packet: Start
Oct 14 09:39:05 ike_decode_packet: Start, SA = { d4014a00 57304730 - 7dd0f8dd 1d98ad6f} / 00000000, nego = -1
Oct 14 09:39:05 ike_st_i_hash: Start, hash[0..20] = 8f12be4f 080d0ba0 ...
Oct 14 09:39:05 ike_calc_mac: Start, initiator = false, local = false
Oct 14 09:39:05 ike_st_i_cert: Start
Oct 14 09:39:05 ike_st_i_private: Start
Oct 14 09:39:05 ike_st_o_wait_done: Marking for waiting for done
Oct 14 09:39:05 ike_st_o_all_done: MESSAGE: Phase 1 { 0xd4014a00 57304730 - 0x7dd0f8dd 1d98ad6f } / 00000000, version = 1.0, xchg = Aggressive, auth_method = Pre shared keys, Responder, cipher = 3des-cbc, hash = sha1, prf = hmac-sha1, life = 0 kB / 28800 sec, key len = 0
Oct 14 09:39:05 <<SRX220-ADDRESS>>:500 (Responder) <-> <<SRX110-ADDRESS>>:500 { d4014a00 57304730 - 7dd0f8dd 1d98ad6f [-1] / 0x00000000 } Aggr; MESSAGE: Phase 1 version = 1.0, auth_method = Pre shared keys, cipher = 3des-cbc, hash = sha1, prf = hmac-sha1, life = 0 kB / 28800 sec,
Oct 14 09:39:05 ike_send_notify: Connected, SA = { d4014a00 57304730 - 7dd0f8dd 1d98ad6f}, nego = -1
Oct 14 09:39:05 iked_pm_ike_sa_done: local:<<SRX220-ADDRESS>>, remote:<<SRX110-ADDRESS>> IKEv1
Oct 14 09:39:05 IKE negotiation done for local:<<SRX220-ADDRESS>>, remote:<<SRX110-ADDRESS>> IKEv1 with status: Error ok
Oct 14 09:39:05 iked_fetch_or_create_peer_entry: Gateways gw_CLIENT2 and gw_CLIENT for local <<SRX220-ADDRESS>>:1f4 and remote <<SRX110-ADDRESS>>:1f4. peer_entry creation failed
Oct 14 09:39:05 Failed to create peer_entry for local:<<SRX220-ADDRESS>>:500, remote:<<SRX110-ADDRESS>>:500 in ike sa done
Oct 14 09:39:05 P1 SA 7916729 timer expiry. ref cnt 1, timer reason Defer delete timer expired (3), flags 0x330.
Oct 14 09:39:05 iked_pm_ike_sa_delete_notify_done_cb: For p1 sa index 7916729, ref cnt 1, status: Error ok
Oct 14 09:39:05 ike_expire_callback: Start, expire SA = { d4014a00 57304730 - 7dd0f8dd 1d98ad6f}, nego = -1
Oct 14 09:39:05 ike_alloc_negotiation: Start, SA = { d4014a00 57304730 - 7dd0f8dd 1d98ad6f}
Oct 14 09:39:05 ike_encode_packet: Start, SA = { 0xd4014a00 57304730 - 7dd0f8dd 1d98ad6f } / ae5e6e58, nego = 0
Oct 14 09:39:05 ike_send_packet: Start, send SA = { d4014a00 57304730 - 7dd0f8dd 1d98ad6f}, nego = 0, dst = <<SRX110-ADDRESS>>:500, routing table id = 0
Oct 14 09:39:05 ike_delete_negotiation: Start, SA = { d4014a00 57304730 - 7dd0f8dd 1d98ad6f}, nego = 0
Oct 14 09:39:05 ike_free_negotiation_info: Start, nego = 0
Oct 14 09:39:05 ike_free_negotiation: Start, nego = 0
Oct 14 09:39:05 ike_remove_callback: Start, delete SA = { d4014a00 57304730 - 7dd0f8dd 1d98ad6f}, nego = -1
Oct 14 09:39:05 ike_delete_negotiation: Start, SA = { d4014a00 57304730 - 7dd0f8dd 1d98ad6f}, nego = -1
Oct 14 09:39:05 ssh_ike_tunnel_table_entry_delete: Deleting tunnel_id: 0 from IKE tunnel table
Oct 14 09:39:05 ssh_ike_tunnel_table_entry_delete: The tunnel id: 0 doesn't exist in IKE tunnel table
Oct 14 09:39:05 ike_sa_delete: Start, SA = { d4014a00 57304730 - 7dd0f8dd 1d98ad6f }
Oct 14 09:39:05 ike_free_negotiation_isakmp: Start, nego = -1
Oct 14 09:39:05 ike_free_negotiation: Start, nego = -1
Oct 14 09:39:05 IKE SA delete called for p1 sa 7916729 (ref cnt 1) local:<<SRX220-ADDRESS>>, remote:<<SRX110-ADDRESS>>, IKEv1
Oct 14 09:39:05 iked_pm_p1_sa_destroy: p1 sa 7916729 (ref cnt 0), waiting_for_del 0x0
Oct 14 09:39:05 ike_free_id_payload: Start, id type = 1
Oct 14 09:39:05 ike_free_id_payload: Start, id type = 3
Oct 14 09:39:05 ike_free_sa: Start
Oct 14 09:39:13 DPD -> TTL decrement 1 (no-response) for remote peer <<UNIMPORTANT-ADDRESS-1>>
Oct 14 09:39:13 ssh_ike_connect_notify: Start, remote_name = :500, flags = 00010000
Oct 14 09:39:13 ike_sa_find_ip_port: Remote = all:500, Found SA = { 34344b02 c8b86d37 - 959df49d 4ae49a3b}
Oct 14 09:39:13 ike_alloc_negotiation: Start, SA = { 34344b02 c8b86d37 - 959df49d 4ae49a3b}
Oct 14 09:39:13 ssh_ike_connect_notify: SA = { 34344b02 c8b86d37 - 959df49d 4ae49a3b}, nego = 0
Oct 14 09:39:13 ike_encode_packet: Start, SA = { 0x34344b02 c8b86d37 - 959df49d 4ae49a3b } / 1a6fd09e, nego = 0
Oct 14 09:39:13 ike_send_packet: Start, send SA = { 34344b02 c8b86d37 - 959df49d 4ae49a3b}, nego = 0, dst = <<UNIMPORTANT-ADDRESS-1>>:500, routing table id = 0
Oct 14 09:39:13 ike_delete_negotiation: Start, SA = { 34344b02 c8b86d37 - 959df49d 4ae49a3b}, nego = 0
Oct 14 09:39:13 ike_free_negotiation_info: Start, nego = 0
Oct 14 09:39:13 ike_free_negotiation: Start, nego = 0
Oct 14 09:39:20 Deleted (spi=0xbde070a2, protocol=ESP dst=<<SRX220-ADDRESS>>) entry from the peer hash table. Reason: vpn monitoring
Oct 14 09:39:20 ssh_ike_connect_delete: Start, remote_name = :500, flags = 00010000
Oct 14 09:39:20 ssh_ike_create_delete_internal: Start, remote_name = :500, flags = 00010000
Oct 14 09:39:20 ike_sa_find_ip_port: Remote = all:500, Found SA = { 34344b02 c8b86d37 - 959df49d 4ae49a3b}
Oct 14 09:39:20 ike_alloc_negotiation: Start, SA = { 34344b02 c8b86d37 - 959df49d 4ae49a3b}
Oct 14 09:39:20 ssh_ike_create_delete_internal: SA = { 34344b02 c8b86d37 - 959df49d 4ae49a3b}, nego = 0
Oct 14 09:39:20 ike_encode_packet: Start, SA = { 0x34344b02 c8b86d37 - 959df49d 4ae49a3b } / 98d215f3, nego = 0
Oct 14 09:39:20 ike_send_packet: Start, send SA = { 34344b02 c8b86d37 - 959df49d 4ae49a3b}, nego = 0, dst = <<UNIMPORTANT-ADDRESS-1>>:500, routing table id = 0
Oct 14 09:39:20 ike_delete_negotiation: Start, SA = { 34344b02 c8b86d37 - 959df49d 4ae49a3b}, nego = 0
Oct 14 09:39:20 ike_free_negotiation_info: Start, nego = 0
Oct 14 09:39:20 ike_free_negotiation: Start, nego = 0
Oct 14 09:39:20 NHTB entry not found. Not deleting NHTB entry
Oct 14 09:39:20 In iked_ipsec_sa_pair_delete Deleting GENCFG msg with key; Tunnel = 131074;SPI-In = 0xbde070a2
Oct 14 09:39:20 Deleted SA pair for tunnel = 131074 with SPI-In = 0xbde070a2 to kernel
Oct 14 09:39:20 Deleted (spi=0xbde070a2, protocol=ESP) entry from the inbound sa spi hash table
Oct 14 09:39:20 Deleted (spi=0x7c8e344e, protocol=ESP dst=<<UNIMPORTANT-ADDRESS-1>>) entry from the peer hash table. Reason: vpn monitoring
Oct 14 09:39:20 Deleted (spi=0xea0cbc1e, protocol=ESP dst=<<SRX220-ADDRESS>>) entry from the peer hash table. Reason: vpn monitoring
Oct 14 09:39:20 ssh_ike_connect_delete: Start, remote_name = :500, flags = 00010000
Oct 14 09:39:20 ssh_ike_create_delete_internal: Start, remote_name = :500, flags = 00010000
Oct 14 09:39:20 ike_sa_find_ip_port: Remote = all:500, Found SA = { 34344b02 c8b86d37 - 959df49d 4ae49a3b}
Oct 14 09:39:20 ike_alloc_negotiation: Start, SA = { 34344b02 c8b86d37 - 959df49d 4ae49a3b}
Oct 14 09:39:20 ssh_ike_create_delete_internal: SA = { 34344b02 c8b86d37 - 959df49d 4ae49a3b}, nego = 0
Oct 14 09:39:20 ike_encode_packet: Start, SA = { 0x34344b02 c8b86d37 - 959df49d 4ae49a3b } / fa2d52fb, nego = 0
Oct 14 09:39:20 ike_send_packet: Start, send SA = { 34344b02 c8b86d37 - 959df49d 4ae49a3b}, nego = 0, dst = <<UNIMPORTANT-ADDRESS-1>>:500, routing table id = 0
Oct 14 09:39:20 ike_delete_negotiation: Start, SA = { 34344b02 c8b86d37 - 959df49d 4ae49a3b}, nego = 0
Oct 14 09:39:20 ike_free_negotiation_info: Start, nego = 0
Oct 14 09:39:20 ike_free_negotiation: Start, nego = 0
Oct 14 09:39:20 NHTB entry not found. Not deleting NHTB entry
Oct 14 09:39:20 In iked_ipsec_sa_pair_delete Deleting GENCFG msg with key; Tunnel = 131074;SPI-In = 0xea0cbc1e
Oct 14 09:39:20 Deleted SA pair for tunnel = 131074 with SPI-In = 0xea0cbc1e to kernel
Oct 14 09:39:20 Deleted (spi=0xea0cbc1e, protocol=ESP) entry from the inbound sa spi hash table
Oct 14 09:39:20 Deleted (spi=0x5071791, protocol=ESP dst=<<UNIMPORTANT-ADDRESS-1>>) entry from the peer hash table. Reason: vpn monitoring
Oct 14 09:39:28 ssh_ike_connect_notify: Start, remote_name = :500, flags = 00010000
Oct 14 09:39:28 ike_sa_find_ip_port: Remote = all:500, Found SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa}
Oct 14 09:39:28 ike_alloc_negotiation: Start, SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa}
Oct 14 09:39:28 ssh_ike_connect_notify: SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa}, nego = 0
Oct 14 09:39:28 ike_encode_packet: Start, SA = { 0xcefce836 dcac4187 - 2dcdb441 0754f0fa } / 1936bc5a, nego = 0
Oct 14 09:39:28 ike_send_packet: Start, send SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa}, nego = 0, dst = <<UNIMPORTANT-ADDRESS-2>>:500, routing table id = 0
Oct 14 09:39:28 ike_delete_negotiation: Start, SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa}, nego = 0
Oct 14 09:39:28 ike_free_negotiation_info: Start, nego = 0
Oct 14 09:39:28 ike_free_negotiation: Start, nego = 0
Oct 14 09:39:28 ikev2_packet_allocate: Allocated packet a3b000 from freelist
Oct 14 09:39:28 ike_sa_find: Found SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa }
Oct 14 09:39:28 ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library
Oct 14 09:39:28 ike_get_sa: Start, SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa } / 293a999c, remote = <<UNIMPORTANT-ADDRESS-2>>:500
Oct 14 09:39:28 ike_sa_find: Found SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa }
Oct 14 09:39:28 ike_alloc_negotiation: Start, SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa}
Oct 14 09:39:28 ike_decode_packet: Start
Oct 14 09:39:28 ike_decode_packet: Start, SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa} / 293a999c, nego = 0
Oct 14 09:39:28 ike_st_i_encrypt: Check that packet was encrypted succeeded
Oct 14 09:39:28 ike_st_i_gen_hash: Start, hash[0..20] = 6a0ee59c 6dae8dc0 ...
Oct 14 09:39:28 ike_st_i_n: Start, doi = 1, protocol = 1, code = DPD I Am Here (36137), spi[0..16] = cefce836 dcac4187 ..., data[0..4] = df63cfc8 00000000 ...
Oct 14 09:39:28 Received authenticated notification payload unknown from local:<<SRX220-ADDRESS>> remote:<<UNIMPORTANT-ADDRESS-2>> IKEv1 for P1 SA 7916722
Oct 14 09:39:28 iked_pm_process_dpd_ack: Received IKE DPD R_U_THERE_ACK from IKE local:<<SRX220-ADDRESS>> peer:<<UNIMPORTANT-ADDRESS-2>> index 7916722 sequence number 3747860424
Oct 14 09:39:28 ike_st_i_private: Start
Oct 14 09:39:28 ike_send_notify: Connected, SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa}, nego = 0
Oct 14 09:39:28 ike_delete_negotiation: Start, SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa}, nego = 0
Oct 14 09:39:28 ike_free_negotiation_info: Start, nego = 0
Oct 14 09:39:28 ike_free_negotiation: Start, nego = 0
Oct 14 09:39:30 Added (spi=0xf7791105, protocol=0) entry to the spi table
Oct 14 09:39:30 Added (spi=0x8c1f46f6, protocol=0) entry to the spi table
Oct 14 09:39:30 ssh_ike_connect_ipsec: Start, remote_name = :500, flags = 00010000
Oct 14 09:39:30 ike_sa_find_ip_port: Remote = all:500, Found SA = { 34344b02 c8b86d37 - 959df49d 4ae49a3b}
Oct 14 09:39:30 ike_alloc_negotiation: Start, SA = { 34344b02 c8b86d37 - 959df49d 4ae49a3b}
Oct 14 09:39:30 ssh_ike_connect_ipsec: SA = { 34344b02 c8b86d37 - 959df49d 4ae49a3b}, nego = 0
Oct 14 09:39:30 ike_init_qm_negotiation: Start, initiator = 1, message_id = 2b9a99b2
Oct 14 09:39:30 ike_st_o_qm_hash_1: Start
Oct 14 09:39:30 ike_st_o_qm_sa_proposals: Start
Oct 14 09:39:30 ike_st_o_qm_nonce: Start
Oct 14 09:39:30 ike_policy_reply_qm_nonce_data_len: Start
Oct 14 09:39:30 ike_st_o_qm_optional_ke: Start
Oct 14 09:39:30 ike_st_o_qm_optional_ids: Start
Oct 14 09:39:30 ike_st_qm_optional_id: Start
Oct 14 09:39:30 ike_st_qm_optional_id: Start
Oct 14 09:39:30 ike_st_o_private: Start
Oct 14 09:39:30 Construction NHTB payload for local:<<SRX220-ADDRESS>>, remote:<<UNIMPORTANT-ADDRESS-1>> IKEv1 P1 SA index 7916648 sa-cfg <<CLIENT-2>>
Oct 14 09:39:30 ike_policy_reply_private_payload_out: Start
Oct 14 09:39:30 ike_policy_reply_private_payload_out: Start
Oct 14 09:39:30 ike_st_o_encrypt: Marking encryption for packet
Oct 14 09:39:30 ike_encode_packet: Start, SA = { 0x34344b02 c8b86d37 - 959df49d 4ae49a3b } / 2b9a99b2, nego = 0
Oct 14 09:39:30 ike_finalize_qm_hash_1: Hash[0..20] = 9fcde136 2c4f67b9 ...
Oct 14 09:39:30 ike_send_packet: Start, send SA = { 34344b02 c8b86d37 - 959df49d 4ae49a3b}, nego = 0, dst = <<UNIMPORTANT-ADDRESS-1>>:500, routing table id = 0
Oct 14 09:39:35 ike_retransmit_callback: Start, retransmit SA = { 34344b02 c8b86d37 - 959df49d 4ae49a3b}, nego = 0
Oct 14 09:39:35 ike_send_packet: Start, retransmit previous packet SA = { 34344b02 c8b86d37 - 959df49d 4ae49a3b}, nego = 0, dst = <<UNIMPORTANT-ADDRESS-1>>:500 routing table id = 0
Oct 14 09:39:38 ssh_ike_connect_notify: Start, remote_name = :500, flags = 00010000
Oct 14 09:39:38 ike_sa_find_ip_port: Remote = all:500, Found SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa}
Oct 14 09:39:38 ike_alloc_negotiation: Start, SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa}
Oct 14 09:39:38 ssh_ike_connect_notify: SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa}, nego = 0
Oct 14 09:39:38 ike_encode_packet: Start, SA = { 0xcefce836 dcac4187 - 2dcdb441 0754f0fa } / 78ea93bf, nego = 0
Oct 14 09:39:38 ike_send_packet: Start, send SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa}, nego = 0, dst = <<UNIMPORTANT-ADDRESS-2>>:500, routing table id = 0
Oct 14 09:39:38 ike_delete_negotiation: Start, SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa}, nego = 0
Oct 14 09:39:38 ike_free_negotiation_info: Start, nego = 0
Oct 14 09:39:38 ike_free_negotiation: Start, nego = 0
Oct 14 09:39:38 ikev2_packet_allocate: Allocated packet a3cc00 from freelist
Oct 14 09:39:38 ike_sa_find: Found SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa }
Oct 14 09:39:38 ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library
Oct 14 09:39:38 ike_get_sa: Start, SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa } / 4d193055, remote = <<UNIMPORTANT-ADDRESS-2>>:500
Oct 14 09:39:38 ike_sa_find: Found SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa }
Oct 14 09:39:38 ike_alloc_negotiation: Start, SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa}
Oct 14 09:39:38 ike_decode_packet: Start
Oct 14 09:39:38 ike_decode_packet: Start, SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa} / 4d193055, nego = 0
Oct 14 09:39:38 ike_st_i_encrypt: Check that packet was encrypted succeeded
Oct 14 09:39:38 ike_st_i_gen_hash: Start, hash[0..20] = eaeef317 8eccf742 ...
Oct 14 09:39:38 ike_st_i_n: Start, doi = 1, protocol = 1, code = DPD I Am Here (36137), spi[0..16] = cefce836 dcac4187 ..., data[0..4] = df63cfc9 00000000 ...
Oct 14 09:39:38 Received authenticated notification payload unknown from local:<<SRX220-ADDRESS>> remote:<<UNIMPORTANT-ADDRESS-2>> IKEv1 for P1 SA 7916722
Oct 14 09:39:38 iked_pm_process_dpd_ack: Received IKE DPD R_U_THERE_ACK from IKE local:<<SRX220-ADDRESS>> peer:<<UNIMPORTANT-ADDRESS-2>> index 7916722 sequence number 3747860425
Oct 14 09:39:38 ike_st_i_private: Start
Oct 14 09:39:38 ike_send_notify: Connected, SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa}, nego = 0
Oct 14 09:39:38 ike_delete_negotiation: Start, SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa}, nego = 0
Oct 14 09:39:38 ike_free_negotiation_info: Start, nego = 0
Oct 14 09:39:38 ike_free_negotiation: Start, nego = 0
Oct 14 09:39:45 ike_retransmit_callback: Start, retransmit SA = { 34344b02 c8b86d37 - 959df49d 4ae49a3b}, nego = 0
Oct 14 09:39:45 ike_send_packet: Start, retransmit previous packet SA = { 34344b02 c8b86d37 - 959df49d 4ae49a3b}, nego = 0, dst = <<UNIMPORTANT-ADDRESS-1>>:500 routing table id = 0
Oct 14 09:39:48 ssh_ike_connect_notify: Start, remote_name = :500, flags = 00010000
Oct 14 09:39:48 ike_sa_find_ip_port: Remote = all:500, Found SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa}
Oct 14 09:39:48 ike_alloc_negotiation: Start, SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa}
Oct 14 09:39:48 ssh_ike_connect_notify: SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa}, nego = 0
Oct 14 09:39:48 ike_encode_packet: Start, SA = { 0xcefce836 dcac4187 - 2dcdb441 0754f0fa } / c5f2c21b, nego = 0
Oct 14 09:39:48 ike_send_packet: Start, send SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa}, nego = 0, dst = <<UNIMPORTANT-ADDRESS-2>>:500, routing table id = 0
Oct 14 09:39:48 ike_delete_negotiation: Start, SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa}, nego = 0
Oct 14 09:39:48 ike_free_negotiation_info: Start, nego = 0
Oct 14 09:39:48 ike_free_negotiation: Start, nego = 0
Oct 14 09:39:48 ikev2_packet_allocate: Allocated packet a3b800 from freelist
Oct 14 09:39:48 ike_sa_find: Found SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa }
Oct 14 09:39:48 ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library
Oct 14 09:39:48 ike_get_sa: Start, SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa } / 8f27051a, remote = <<UNIMPORTANT-ADDRESS-2>>:500
Oct 14 09:39:48 ike_sa_find: Found SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa }
Oct 14 09:39:48 ike_alloc_negotiation: Start, SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa}
Oct 14 09:39:48 ike_decode_packet: Start
Oct 14 09:39:48 ike_decode_packet: Start, SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa} / 8f27051a, nego = 0
Oct 14 09:39:48 ike_st_i_encrypt: Check that packet was encrypted succeeded
Oct 14 09:39:48 ike_st_i_gen_hash: Start, hash[0..20] = fd0ba4d5 f1374c9d ...
Oct 14 09:39:48 ike_st_i_n: Start, doi = 1, protocol = 1, code = DPD I Am Here (36137), spi[0..16] = cefce836 dcac4187 ..., data[0..4] = df63cfca 00000000 ...
Oct 14 09:39:48 Received authenticated notification payload unknown from local:<<SRX220-ADDRESS>> remote:<<UNIMPORTANT-ADDRESS-2>> IKEv1 for P1 SA 7916722
Oct 14 09:39:48 iked_pm_process_dpd_ack: Received IKE DPD R_U_THERE_ACK from IKE local:<<SRX220-ADDRESS>> peer:<<UNIMPORTANT-ADDRESS-2>> index 7916722 sequence number 3747860426
Oct 14 09:39:48 ike_st_i_private: Start
Oct 14 09:39:48 ike_send_notify: Connected, SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa}, nego = 0
Oct 14 09:39:48 ike_delete_negotiation: Start, SA = { cefce836 dcac4187 - 2dcdb441 0754f0fa}, nego = 0
Oct 14 09:39:48 ike_free_negotiation_info: Start, nego = 0
Oct 14 09:39:48 ike_free_negotiation: Start, nego = 0
On the SRX110, I noticed:
Oct 14 09:29:08 <<SRX110-ADDRESS>>:500 (Initiator) <-> <<SRX220-ADDRESS>>:500 { 50676703 2418a55a - 00000000 00000000 [-1] / 0x00000000 } Aggr; Warning: Number of proposals != 1 in ISAKMP SA, this is against draft!
On the SRX220, I noticed:
Oct 14 09:39:05 unknown (unknown) <-> unknown { unknown [unknown] / unknown } unknown; Cannot start new phase 2 negotiation, because phase 1 still in progress
Oct 14 09:39:05 iked_fetch_or_create_peer_entry: Gateways gw_CLIENT2 and gw_CLIENT for local <<SRX220-ADDRESS>>:1f4 and remote <<SRX110-ADDRESS>>:1f4. peer_entry creation failed
However I don't know where to look or what to test anymore. Also, checking with "show security ike security-associations" returns nothing.
Can someone please help me 🙂
With kind regards
#user-at-hostname#ike#dynamicwan-ip#site-to-site#SRX110#SRX220#vpn#IPSec