Hello sir
We configure Remote access vpn using DVTI with virtual-templete. Whenever any client connect to server and after successfully negotiate its sa parameter, on server side automatically create a new interface called virtual-access interface.
my query is why this virtual-access interface is created if i have already virtual-templete interface and what is the use of virtual access interface.
Thank you
Good morning, I have a question about the overheads of VTI vs L2L IPSEC vs GRE
after watching Brian M's VTI video on the CCIE security advanced tecnologies class - I decided to test the same in my own lab, with L2L also. This is because I need to present a business case for ripping out our million L2L's and senior management were against GRE/IPsec because of overhead, and Ive started sneaking in VTI's where I can. Brian used a transit router representing the internet, and disabled fast switching cef etc so we can see transit packets, and compated gre to vti. I am interested in L2L vs VTI.
I captured this the same way on the router with debug ip packet detail, also getting the overhead sizes for policy based VPN's. Ignore GRE over IPsec (as obviously its an extra 24 - and this matches up perfectly) - What I was suprised at was that the VTI on router vs L2L on an ASA was the same size. I tested again doing VTI vs L2L, both on routers this time and got the same result. I then captured the packets in wireshark to take a look.
Im getting my encapsulated 100 byte ping at 166 bytes for L2L, and 166 bytes for VTI.
20 IP
14 Ethernet
32 ESP
=66 overhead for both VTI and L2L, either on ASA or a router
I thought the VTi would at least be 8 bytes larger, to store the extra source and destination address of the tunnel interfaces, which obviously are not present on the L2L tunnel ?
INE's CCIE R&Sv5 Expanded Blueprint is meant to be used as a checklist that you can use as you go through your preparation.
So this may be just me missing something due to lack of sleep or oversight, but I see an IP address in the intial configs for the switch vlan 47, and for R4 int fa0/0 on vlan 47. Any reason we can't just bring up a simple ospf adjacency? I did and it worked but when I read we can't "add an ip address" I was thinking I missed something. Then in the answer guide it showed a tunnel. Any reason for this? Is this something that was corrected after the fact?
Dears,
I was looking in forums and each one answers differently on the below question:
which of the below takes precedence over the other in the NAT configuration on ASA pre-8.3:
- static policy nat (static access-list)
- static nat (static)
- static identity nat
Please advise.
If I wanted to intercept config to any loopback interface I could use this:
event cli pattern "^interface.* loop.*" sync yes
however, this doesn't work for "int l<n>"
I've tried event cli pattern "^int.* l.*" sync yes, but that doesn't work.
anyone any ideas?
thanks
Hello All,
I have my lab date booked for begining of August, but would like to bring it forward if I can. If anyone has a date booked in Bangalore for May/June but feel they need an extra couple of months please let me know.
Good Day,
I am working on DHCP Snooping.
For example I have 3 x switches.
Do you enable the following commands on all switches or only the switch connected to the DHCP Server:
SW1
Config t
Ip dhcp snooping
Ip dhcp snooping vlan 8-15
Ip dhcp snooping database flash:/snooping.txt
!
Int gig 0/1
Description *** PORT to DHCP SERVER ***
Ip dhcp snooping trust
!
Int gig 0/24
Description *** TRUNK to SW2 ***
Ip dhcp snooping trust
!
Int gig 0/23
Description *** TRUNK to SW3 ***
Ip dhcp snooping trust
SW2
Config t
Ip dhcp snooping
Ip dhcp snooping vlan 8-15
Ip dhcp snooping database flash:/snooping.txt
!
Int gig 0/24
Description *** TRUNK to SW1 ***
Ip dhcp snooping trust
SW3
Config t
Ip dhcp snooping
Ip dhcp snooping vlan 8-15
Ip dhcp snooping database flash:/snooping.txt
!
Int gig 0/24
Description *** TRUNK to SW1 ***
Ip dhcp snooping trust
I am looking for a best practise solution
On what trunk ports do you enable : ip dhcp snooping trust in your design?
Thanks
Hi,
after 2 nights which I spent on troubleshooting I decided to ask you for help. I have s-2-s VPN (ASA and IOS) with PSK and this one is working fine, no issues. I wanted to change the authentication method on PKI and this one doesn't work. I changed many parameters but any of the configuration is not working.
I will be grateful for any comments!
[loop0] - R1----------ASA--------R2
the VPN is between R1 and ASA, the tunnel should bring up on any traffic between R1 loop0 and R2.
There is a problem with ASA 8.4 and scep and in my case I'm using 'terminal' enrollment
Thanks
Hubert
-----
!
hostname asa1
domain-name test.com
!
crypto key generate rsa general-keys modulus 1024
!
interface GigabitEthernet0
nameif outside
security-level 0
ip address 10.0.0.2 255.255.255.0
no sh
!
interface GigabitEthernet1
nameif inside
security-level 100
ip address 20.0.0.2 255.255.255.0
no sh
!
dns server-group DefaultDNS
domain-name test.com
!
access-list VPN extended permit ip host 20.0.0.1 host 11.11.11.11
!
route outside 11.11.11.11 255.255.255.255 10.0.0.1 1
!
crypto ipsec ikev2 ipsec-proposal IPSEC-PROPOSAL
protocol esp encryption 3des
protocol esp integrity md5
!
crypto map MAPA 10 match address VPN
crypto map MAPA 10 set peer 10.0.0.1
crypto map MAPA 10 set ikev2 ipsec-proposal IPSEC-PROPOSAL
crypto map MAPA 10 set trustpoint PKI-TRUSTPOINT
crypto map MAPA interface outside
!
crypto ca trustpoint PKI-TRUSTPOINT
fqdn asa1.test.com
enrollment terminal
subject-name CN=asa1.test.com,OU=IT
crl configure
!
crypto ikev2 policy 10
encryption 3des
integrity md5
group 5
prf md5
lifetime seconds 86400
!
crypto ikev2 enable outside
ntp server 10.0.0.100
!
!group-policy GROUP-POLICY-IKEV2 internal
!group-policy GROUP-POLICY-IKEV2 attributes
! vpn-tunnel-protocol ikev2
!
tunnel-group 10.0.0.1 type ipsec-l2l
!tunnel-group 10.0.0.1 general-attributes
! default-group-policy GROUP-POLICY-IKEV2
!
tunnel-group 10.0.0.1 ipsec-attributes
peer-id-validate nocheck
ikev2 remote-authentication certificate
ikev2 local-authentication certificate PKI-TRUSTPOINT
!
----------------
!
hostname r1
!
ip domain name test.com
!
crypto key generate rsa general-keys modulus 1024
!
crypto pki trustpoint PKI-TRUSTPOINT
fqdn r1.test.com
enrollment terminal
subject-name CN=r1.test.com,OU=IT
revocation-check crl
!
crypto ikev2 proposal IKEV2-PROPOSAL
encryption 3des
integrity md5
group 5
!
crypto ikev2 policy IKEV2-POLICY
match address local 10.0.0.1
proposal IKEV2-PROPOSAL
!
crypto ikev2 profile IKEV2-PROFILE
match identity remote fqdn asa1.test.com
identity local dn
authentication remote rsa-sig
authentication local rsa-sig
pki trustpoint PKI-TRUSTPOINT
!
no crypto ikev2 http-url cert
!crypto isakmp identity dn <-- I tested both
!crypto isakmp identity hostname <-- I tested both
!
crypto ipsec transform-set TS esp-3des esp-md5-hmac
mode tunnel
!
crypto map MAPA 10 ipsec-isakmp
set peer 10.0.0.2
set transform-set TS
set ikev2-profile IKEV2-PROFILE
match address 101
!
interface Loopback0
ip address 11.11.11.11 255.255.255.255
!
interface GigabitEthernet0/0
ip address 10.0.0.1 255.255.255.0
crypto map MAPA
no sh
!
ip route 0.0.0.0 0.0.0.0 10.0.0.2
!
access-list 101 permit ip host 11.11.11.11 host 20.0.0.1
!
ntp server 10.0.0.100
------------------------------------------------------
r1#sh crypto pki certificates
Certificate
Status: Available
Certificate Serial Number (hex): 05
Certificate Usage: General Purpose
Issuer:
cn=R3.test.com
ou=IT
Subject:
Name: r1.test.com
hostname=r1.test.com
cn=r1.test.com
ou=IT
Validity Date:
start date: 06:59:10 UTC May 6 2014
end date: 06:59:10 UTC May 6 2015
Associated Trustpoints: PKI-TRUSTPOINT
Storage: nvram:R3testcom#5.cer
CA Certificate
Status: Available
Certificate Serial Number (hex): 01
Certificate Usage: Signature
Issuer:
cn=R3.test.com
ou=IT
Subject:
cn=R3.test.com
ou=IT
Validity Date:
start date: 23:55:50 UTC May 5 2014
end date: 23:55:50 UTC May 4 2017
Associated Trustpoints: PKI-TRUSTPOINT
Storage: nvram:R3testcom#1CA.cer
r1#
------------------------------------------------------
asa1# sh crypto ca certificates
Certificate
Status: Available
Certificate Serial Number: 04
Certificate Usage: General Purpose
Public Key Type: RSA (1024 bits)
Signature Algorithm: MD5 with RSA Encryption
Issuer Name:
cn=R3.test.com
ou=IT
Subject Name:
hostname=asa1.test.com
cn=asa1.test.com
ou=IT
Validity Date:
start date: 06:52:23 UTC May 6 2014
end date: 06:52:23 UTC May 6 2015
Associated Trustpoints: PKI-TRUSTPOINT
CA Certificate
Status: Available
Certificate Serial Number: 01
Certificate Usage: Signature
Public Key Type: RSA (1024 bits)
Signature Algorithm: MD5 with RSA Encryption
Issuer Name:
cn=R3.test.com
ou=IT
Subject Name:
cn=R3.test.com
ou=IT
Validity Date:
start date: 23:55:50 UTC May 5 2014
end date: 23:55:50 UTC May 4 2017
Associated Trustpoints: PKI-TRUSTPOINT
asa1#
------------------------------------------------------
DEBUG OUTPUTS:
------------------------------------------------------
ASA debug:
------------------------------------------------------
asa1# debug crypto ikev2 protocol 127
asa1# IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: IDLE Event: EV_INIT_SA
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GET_IKE_POLICY
IKEv2-PROTO-3: (33): Getting configured policies
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_SET_POLICY
IKEv2-PROTO-3: (33): Setting configured policies
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_CHK_AUTH4PKI
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_PKI_SESH_OPEN
IKEv2-PROTO-3: (33): Opening a PKI session
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GEN_DH_KEY
IKEv2-PROTO-3: (33): Computing DH public key
IKEv2-PROTO-3: (33):
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_NO_EVENT
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP
IKEv2-PROTO-5: (33): Action: Action_Null
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GET_CONFIG_MODE
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_BLD_MSG
IKEv2-PROTO-2: (33): Sending initial message
IKEv2-PROTO-3: IKE Proposal: 1, SPI size: 0 (initial negotiation),
Num. transforms: 4
3DES MD5 MD596 DH_GROUP_1536_MODP/Group 5
IKEv2-PROTO-5: Construct Vendor Specific Payload: DELETE-REASONIKEv2-PROTO-5: Construct Vendor Specific Payload: (CUSTOM)IKEv2-PROTO-5: Construct Notify Payload: NAT_DETECTION_SOURCE_IPIKEv2-PROTO-5: Construct Notify Payload: NAT_DETECTION_DESTINATION_IPIKEv2-PROTO-5: Construct Vendor Specific Payload: FRAGMENTATIONIKEv2-PROTO-3: (33): Checking if request will fit in peer window
IKEv2-PROTO-3: Tx [L 10.0.0.2:500/R 10.0.0.1:500/VRF i0:f0] m_id: 0x0
IKEv2-PROTO-3: HDR[i:6FDE0F13D9B90926 - r: 0000000000000000]
IKEv2-PROTO-4: IKEV2 HDR ispi: 6FDE0F13D9B90926 - rspi: 0000000000000000
IKEv2-PROTO-4: Next payload: SA, version: 2.0
IKEv2-PROTO-4: Exchange type: IKE_SA_INIT, flags: INITIATOR
IKEv2-PROTO-4: Message id: 0x0, length: 454
SA Next payload: KE, reserved: 0x0, length: 44
IKEv2-PROTO-4: last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
IKEv2-PROTO-4: last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
KE Next payload: N, reserved: 0x0, length: 200
DH group: 5, Reserved: 0x0
4f 3b af c3 32 61 5d cf 2e a3 7d fe 4e 4e 6b 53
ac 26 a9 5a bc 9b 25 ff a2 2c 52 28 5b 6b 47 f8
cc 59 9a 47 9c 20 69 1a 49 fc 38 53 0b 9b 1f d9
99 f9 19 03 1f 35 28 9a d8 4a 4a 44 93 da a1 2f
23 74 e7 19 e6 59 55 12 af 07 dc 09 0b d9 13 69
63 11 9b e0 fb dd 85 b6 26 41 8f bf 78 59 43 8c
9b 5e 9b d8 89 99 c9 41 2d f1 97 9f 04 1b 19 67
d9 95 df f3 84 8c 35 9c ff f3 f9 90 87 8f 6c d0
2d 95 5c 5b 36 1c ff 20 38 cd 8d ac 3d c7 93 c0
70 8f c2 0b c8 e8 44 79 72 dc 6c 07 da fd d0 2b
97 d4 28 74 0e 9a ab 6b 42 21 d6 9d 10 24 be 5f
15 03 2e 80 14 ee 1f e1 1e 43 2b 87 d6 71 03 7a
N Next payload: VID, reserved: 0x0, length: 24
3f 00 26 cf 12 3b 45 f2 f7 a5 4f ba 76 62 e1 1b
86 ca 0f 01
VID Next payload: VID, reserved: 0x0, length: 23
43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
53 4f 4e
VID Next payload: NOTIFY, reserved: 0x0, length: 59
43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
73 2c 20 49 6e 63 2e
NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
3d ec 83 93 8b 8b 8e 7f 8b c9 8b 4e 32 d7 66 4f
85 13 11 95
NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: VID, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
09 db b6 8b 2e 8f 0e a7 e0 ea 17 71 c4 61 b3 12
95 f8 56 5c
VID Next payload: NONE, reserved: 0x0, length: 20
40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_INSERT_SA
IKEv2-PROTO-3: (33): Insert SA
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_NO_EVENT
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_RE_XMT
IKEv2-PROTO-2: (33): Retransmitting packet
IKEv2-PROTO-3: Tx [L 10.0.0.2:500/R 10.0.0.1:500/VRF i0:f0] m_id: 0x0
IKEv2-PROTO-3: HDR[i:6FDE0F13D9B90926 - r: 0000000000000000]
IKEv2-PROTO-4: IKEV2 HDR ispi: 6FDE0F13D9B90926 - rspi: 0000000000000000
IKEv2-PROTO-4: Next payload: SA, version: 2.0
IKEv2-PROTO-4: Exchange type: IKE_SA_INIT, flags: INITIATOR
IKEv2-PROTO-4: Message id: 0x0, length: 454
SA Next payload: KE, reserved: 0x0, length: 44
IKEv2-PROTO-4: last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
IKEv2-PROTO-4: last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
KE Next payload: N, reserved: 0x0, length: 200
DH group: 5, Reserved: 0x0
4f 3b af c3 32 61 5d cf 2e a3 7d fe 4e 4e 6b 53
ac 26 a9 5a bc 9b 25 ff a2 2c 52 28 5b 6b 47 f8
cc 59 9a 47 9c 20 69 1a 49 fc 38 53 0b 9b 1f d9
99 f9 19 03 1f 35 28 9a d8 4a 4a 44 93 da a1 2f
23 74 e7 19 e6 59 55 12 af 07 dc 09 0b d9 13 69
63 11 9b e0 fb dd 85 b6 26 41 8f bf 78 59 43 8c
9b 5e 9b d8 89 99 c9 41 2d f1 97 9f 04 1b 19 67
d9 95 df f3 84 8c 35 9c ff f3 f9 90 87 8f 6c d0
2d 95 5c 5b 36 1c ff 20 38 cd 8d ac 3d c7 93 c0
70 8f c2 0b c8 e8 44 79 72 dc 6c 07 da fd d0 2b
97 d4 28 74 0e 9a ab 6b 42 21 d6 9d 10 24 be 5f
15 03 2e 80 14 ee 1f e1 1e 43 2b 87 d6 71 03 7a
N Next payload: VID, reserved: 0x0, length: 24
3f 00 26 cf 12 3b 45 f2 f7 a5 4f ba 76 62 e1 1b
86 ca 0f 01
VID Next payload: VID, reserved: 0x0, length: 23
43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
53 4f 4e
VID Next payload: NOTIFY, reserved: 0x0, length: 59
43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
73 2c 20 49 6e 63 2e
NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
3d ec 83 93 8b 8b 8e 7f 8b c9 8b 4e 32 d7 66 4f
85 13 11 95
NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: VID, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
09 db b6 8b 2e 8f 0e a7 e0 ea 17 71 c4 61 b3 12
95 f8 56 5c
VID Next payload: NONE, reserved: 0x0, length: 20
40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_NO_EVENT
IKEv2-PROTO-3: Rx [L 10.0.0.2:500/R 10.0.0.1:500/VRF i0:f0] m_id: 0x0
IKEv2-PROTO-3: HDR[i:6FDE0F13D9B90926 - r: 0CD6D10B2405B8AB]
IKEv2-PROTO-4: IKEV2 HDR ispi: 6FDE0F13D9B90926 - rspi: 0CD6D10B2405B8AB
IKEv2-PROTO-4: Next payload: SA, version: 2.0
IKEv2-PROTO-4: Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE
IKEv2-PROTO-4: Message id: 0x0, length: 480
SA Next payload: KE, reserved: 0x0, length: 44
IKEv2-PROTO-4: last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
IKEv2-PROTO-4: last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
KE Next payload: N, reserved: 0x0, length: 200
DH group: 5, Reserved: 0x0
bb 46 de 39 4b 24 6f 95 f0 30 1c 28 f5 45 8b 88
a0 d0 fc c5 a7 86 d8 0d f5 7b 13 21 54 5a f4 73
5e 81 04 d3 88 7c ce df b5 93 5d c8 f9 17 f1 ae
ea 9f 17 73 dd 06 e3 5f 40 7b f1 cf a4 86 25 ab
77 f9 3f 62 26 95 00 d2 dd 36 1e c2 30 5c 87 91
49 9e 3a 45 62 01 6e 97 59 67 7d c0 2d a5 9b 9d
2a 70 92 3e b3 de 0b b3 51 69 4e 64 a2 41 6e 17
b5 40 ff 0d d2 e7 4c 23 a1 e4 ea c7 ac da 8b 23
62 6e 39 12 aa bb fa af f4 7d c1 7a 73 a0 08 00
cb 3f 07 0d a0 1f d7 2f 52 89 e6 fd 45 1f 1b ed
13 7f 99 eb 4c 40 75 ee 83 31 01 d1 ec 3e e3 ca
1d b8 d0 b0 b8 e4 d2 6d 65 bd 68 90 c7 bd 0b e8
N Next payload: VID, reserved: 0x0, length: 24
9f 4a bb 9b ab 54 30 9c 28 bf 08 de 71 01 58 98
41 9a ac fe
IKEv2-PROTO-5: Parse Vendor Specific Payload: CISCO-DELETE-REASON VID Next payload: VID, reserved: 0x0, length: 23
43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
53 4f 4e
IKEv2-PROTO-5: Parse Vendor Specific Payload: (CUSTOM) VID Next payload: VID, reserved: 0x0, length: 59
43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
73 2c 20 49 6e 63 2e
IKEv2-PROTO-5: Parse Vendor Specific Payload: (CUSTOM) VID Next payload: NOTIFY, reserved: 0x0, length: 21
46 4c 45 58 56 50 4e 2d 53 55 50 50 4f 52 54 45
44
IKEv2-PROTO-5: Parse Notify Payload: NAT_DETECTION_SOURCE_IP NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
8c d5 b9 07 f1 8f 1c 8f 34 e9 9d b4 ac 68 59 71
b6 61 92 d9
IKEv2-PROTO-5: Parse Notify Payload: NAT_DETECTION_DESTINATION_IP NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: CERTREQ, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
d4 54 bf 31 85 b9 10 3b ef 8e 96 0c 41 32 f1 ec
b3 a5 05 26
CERTREQ Next payload: NONE, reserved: 0x0, length: 25
Cert encoding X.509 Certificate - signature
CertReq data: 20 bytes
Decrypted packet:Data: 480 bytes
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0CD6D10B2405B8AB (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_RECV_INIT
IKEv2-PROTO-5: (33): Processing initial message
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0CD6D10B2405B8AB (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK4_NOTIFY
IKEv2-PROTO-2: (33): Processing initial message
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0CD6D10B2405B8AB (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_VERIFY_MSG
IKEv2-PROTO-3: (33): Verify SA init message
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0CD6D10B2405B8AB (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_PROC_MSG
IKEv2-PROTO-2: (33): Processing initial message
IKEv2-PROTO-3: (33): Matching certificate found
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0CD6D10B2405B8AB (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_DETECT_NAT
IKEv2-PROTO-3: (33): Process NAT discovery notify
IKEv2-PROTO-5: (33): Processing nat detect src notify
IKEv2-PROTO-5: (33): Remote address matched
IKEv2-PROTO-5: (33): Processing nat detect dst notify
IKEv2-PROTO-5: (33): Local address matched
IKEv2-PROTO-5: (33): No NAT found
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0CD6D10B2405B8AB (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK_NAT_T
IKEv2-PROTO-3: (33): Check NAT discovery
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0CD6D10B2405B8AB (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK_CONFIG_MODE
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0CD6D10B2405B8AB (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_GEN_DH_SECRET
IKEv2-PROTO-3: (33): Computing DH secret key
IKEv2-PROTO-3: (33):
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0CD6D10B2405B8AB (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_NO_EVENT
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0CD6D10B2405B8AB (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_OK_RECD_DH_SECRET_RESP
IKEv2-PROTO-5: (33): Action: Action_Null
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0CD6D10B2405B8AB (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_GEN_SKEYID
IKEv2-PROTO-3: (33): Generate skeyid
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0CD6D10B2405B8AB (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_DONE
IKEv2-PROTO-3: (33): Cisco DeleteReason Notify is enabled
IKEv2-PROTO-3: (33): Complete SA init exchange
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0CD6D10B2405B8AB (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_CHK4_ROLE
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0CD6D10B2405B8AB (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_GET_CONFIG_MODE
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0CD6D10B2405B8AB (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_CHK_EAP
IKEv2-PROTO-3: (33): Check for EAP exchange
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0CD6D10B2405B8AB (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_GEN_AUTH
IKEv2-PROTO-3: (33): Generate my authentication data
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0CD6D10B2405B8AB (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_CHK_AUTH_TYPE
IKEv2-PROTO-3: (33): Get my authentication method
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0CD6D10B2405B8AB (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_SIGN
IKEv2-PROTO-3: (33): Sign auth data
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0CD6D10B2405B8AB (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_OK_AUTH_GEN
IKEv2-PROTO-3: (33): Check for EAP exchange
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0CD6D10B2405B8AB (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_SEND_AUTH
IKEv2-PROTO-2: (33): Sending auth message
IKEv2-PROTO-5: Construct Vendor Specific Payload: CISCO-GRANITEIKEv2-PROTO-3: ESP Proposal: 1, SPI size: 4 (IPSec negotiation),
Num. transforms: 3
3DES MD596
IKEv2-PROTO-5: Construct Notify Payload: INITIAL_CONTACTIKEv2-PROTO-5: Construct Notify Payload: ESP_TFC_NO_SUPPORTIKEv2-PROTO-5: Construct Notify Payload: NON_FIRST_FRAGSIKEv2-PROTO-3: (33): Building packet for encryption; contents are:
VID Next payload: IDi, reserved: 0x0, length: 20
6d de 0e 13 ca 8e fa 61 26 b7 8a 95 4d d6 0d 33
IDi Next payload: CERT, reserved: 0x0, length: 21
Id type: FQDN, Reserved: 0x0 0x0
61 73 61 31 2e 74 65 73 74 2e 63 6f 6d
CERT Next payload: CERTREQ, reserved: 0x0, length: 593
Cert encoding X.509 Certificate - signature
Cert data: 588 bytes
CERTREQ Next payload: AUTH, reserved: 0x0, length: 25
Cert encoding X.509 Certificate - signature
CertReq data: 20 bytes
AUTH Next payload: SA, reserved: 0x0, length: 136
Auth method RSA, reserved: 0x0, reserved 0x0
Auth data: 128 bytes
SA Next payload: TSi, reserved: 0x0, length: 40
IKEv2-PROTO-4: last proposal: 0x0, reserved: 0x0, length: 36
Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 3
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
IKEv2-PROTO-4: last transform: 0x0, reserved: 0x0: length: 8
type: 5, reserved: 0x0, id:
TSi Next payload: TSr, reserved: 0x0, length: 24
Num of TSs: 1, reserved 0x0, reserved 0x0
TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
start port: 0, end port: 65535
start addr: 20.0.0.1, end addr: 20.0.0.1
TSr Next payload: NOTIFY, reserved: 0x0, length: 24
Num of TSs: 1, reserved 0x0, reserved 0x0
TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
start port: 0, end port: 65535
start addr: 11.11.11.11, end addr: 11.11.11.11
NOTIFY(INITIAL_CONTACT) Next payload: NOTIFY, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: INITIAL_CONTACT
NOTIFY(ESP_TFC_NO_SUPPORT) Next payload: NOTIFY, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: ESP_TFC_NO_SUPPORT
NOTIFY(NON_FIRST_FRAGS) Next payload: NONE, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: NON_FIRST_FRAGS
IKEv2-PROTO-3: (33): Checking if request will fit in peer window
IKEv2-PROTO-3: Tx [L 10.0.0.2:500/R 10.0.0.1:500/VRF i0:f0] m_id: 0x1
IKEv2-PROTO-3: HDR[i:6FDE0F13D9B90926 - r: 0CD6D10B2405B8AB]
IKEv2-PROTO-4: IKEV2 HDR ispi: 6FDE0F13D9B90926 - rspi: 0CD6D10B2405B8AB
IKEv2-PROTO-4: Next payload: ENCR, version: 2.0
IKEv2-PROTO-4: Exchange type: IKE_AUTH, flags: INITIATOR
IKEv2-PROTO-4: Message id: 0x1, length: 964
ENCR Next payload: VID, reserved: 0x0, length: 936
Encrypted data: 932 bytes
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0CD6D10B2405B8AB (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_NO_EVENT
IKEv2-PROTO-3: Rx [L 10.0.0.2:500/R 10.0.0.1:500/VRF i0:f0] m_id: 0x1
IKEv2-PROTO-3: HDR[i:6FDE0F13D9B90926 - r: 0CD6D10B2405B8AB]
IKEv2-PROTO-4: IKEV2 HDR ispi: 6FDE0F13D9B90926 - rspi: 0CD6D10B2405B8AB
IKEv2-PROTO-4: Next payload: ENCR, version: 2.0
IKEv2-PROTO-4: Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE
IKEv2-PROTO-4: Message id: 0x1, length: 68
REAL Decrypted packet:Data: 8 bytes
IKEv2-PROTO-5: Parse Notify Payload: AUTHENTICATION_FAILED NOTIFY(AUTHENTICATION_FAILED) Next payload: NONE, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: AUTHENTICATION_FAILED
Decrypted packet:Data: 68 bytes
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0CD6D10B2405B8AB (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_RECV_AUTH
IKEv2-PROTO-5: (33): Action: Action_Null
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0CD6D10B2405B8AB (I) MsgID = 00000001 CurState: I_PROC_AUTH Event: EV_CHK4_NOTIFY
IKEv2-PROTO-2: (33): Process auth response notify
IKEv2-PROTO-1: (33):
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0CD6D10B2405B8AB (I) MsgID = 00000001 CurState: AUTH_DONE Event: EV_FAIL
IKEv2-PROTO-3: (33): Auth exchange failed
IKEv2-PROTO-1: (33): Auth exchange failed
IKEv2-PROTO-1: (33): Auth exchange failed
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0CD6D10B2405B8AB (I) MsgID = 00000001 CurState: EXIT Event: EV_ABORT
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0CD6D10B2405B8AB (I) MsgID = 00000001 CurState: EXIT Event: EV_CHK_PENDING_ABORT
IKEv2-PROTO-5: (33): SM Trace-> SA: I_SPI=6FDE0F13D9B90926 R_SPI=0CD6D10B2405B8AB (I) MsgID = 00000001 CurState: EXIT Event: EV_UPDATE_CAC_STATS
IKEv2-PROTO-3: (33): Abort exchange
IKEv2-PROTO-2: (33): Deleting SA
IKEv2-PROTO-5: Process delete IPSec API
IKEv2-PROTO-5: ipsec delete
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: IDLE Event: EV_INIT_SA
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GET_IKE_POLICY
IKEv2-PROTO-3: (34): Getting configured policies
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_SET_POLICY
IKEv2-PROTO-3: (34): Setting configured policies
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_CHK_AUTH4PKI
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_PKI_SESH_OPEN
IKEv2-PROTO-3: (34): Opening a PKI session
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GEN_DH_KEY
IKEv2-PROTO-3: (34): Computing DH public key
IKEv2-PROTO-3: (34):
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_NO_EVENT
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP
IKEv2-PROTO-5: (34): Action: Action_Null
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GET_CONFIG_MODE
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_BLD_MSG
IKEv2-PROTO-2: (34): Sending initial message
IKEv2-PROTO-3: IKE Proposal: 1, SPI size: 0 (initial negotiation),
Num. transforms: 4
3DES MD5 MD596 DH_GROUP_1536_MODP/Group 5
IKEv2-PROTO-5: Construct Vendor Specific Payload: DELETE-REASONIKEv2-PROTO-5: Construct Vendor Specific Payload: (CUSTOM)IKEv2-PROTO-5: Construct Notify Payload: NAT_DETECTION_SOURCE_IPIKEv2-PROTO-5: Construct Notify Payload: NAT_DETECTION_DESTINATION_IPIKEv2-PROTO-5: Construct Vendor Specific Payload: FRAGMENTATIONIKEv2-PROTO-3: (34): Checking if request will fit in peer window
IKEv2-PROTO-3: Tx [L 10.0.0.2:500/R 10.0.0.1:500/VRF i0:f0] m_id: 0x0
IKEv2-PROTO-3: HDR[i:CA83FBC890AC54CD - r: 0000000000000000]
IKEv2-PROTO-4: IKEV2 HDR ispi: CA83FBC890AC54CD - rspi: 0000000000000000
IKEv2-PROTO-4: Next payload: SA, version: 2.0
IKEv2-PROTO-4: Exchange type: IKE_SA_INIT, flags: INITIATOR
IKEv2-PROTO-4: Message id: 0x0, length: 454
SA Next payload: KE, reserved: 0x0, length: 44
IKEv2-PROTO-4: last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
IKEv2-PROTO-4: last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
KE Next payload: N, reserved: 0x0, length: 200
DH group: 5, Reserved: 0x0
47 de 40 6a a1 1f 19 26 c6 44 5b e2 dc 31 f2 e2
ee 0b b6 17 da 02 c6 c3 b3 4e 4d f0 e3 80 7e 40
0f 9e 17 8f 75 3e d7 8b 63 56 26 e4 13 f5 77 1a
73 6a b4 62 db fd 24 24 2b 1a 3e d7 8f d4 97 67
0f 58 27 57 68 69 7c f1 3e fb fc d1 68 7b 85 ea
5c eb c4 0c 60 76 4d 40 c0 af cb fe 69 96 20 ea
9a e1 68 d3 69 b0 bd 51 1a a2 a5 67 09 b9 81 ac
b3 e0 0f 13 02 08 bd 9a d5 47 52 8f a4 c9 be 3a
9b db 1c 58 82 49 cb 5a d9 d2 50 1c 45 e2 c8 15
82 53 c4 05 60 2f d0 86 78 94 52 10 1c 38 4c 25
7e a6 5d c8 cc 07 83 01 57 9f bd 47 48 1b be 78
b8 49 5d 30 9a 0a e0 e4 cf 89 42 a1 c0 79 76 fb
N Next payload: VID, reserved: 0x0, length: 24
cb bb d6 17 c7 62 d5 63 a0 f2 77 1b 3b 21 e9 7b
00 50 ba f7
VID Next payload: VID, reserved: 0x0, length: 23
43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
53 4f 4e
VID Next payload: NOTIFY, reserved: 0x0, length: 59
43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
73 2c 20 49 6e 63 2e
NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
03 db 25 69 dd 5e 4c 78 4f 94 32 36 4b da fd a7
ee 25 ec 87
NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: VID, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
47 ea 28 ab 0b 92 ea 0a c2 e2 27 59 f3 65 d7 85
f0 36 27 f9
VID Next payload: NONE, reserved: 0x0, length: 20
40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_INSERT_SA
IKEv2-PROTO-3: (34): Insert SA
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_NO_EVENT
IKEv2-PROTO-3: Rx [L 10.0.0.2:500/R 10.0.0.1:500/VRF i0:f0] m_id: 0x0
IKEv2-PROTO-3: HDR[i:CA83FBC890AC54CD - r: 5BA73C4BB30D138F]
IKEv2-PROTO-4: IKEV2 HDR ispi: CA83FBC890AC54CD - rspi: 5BA73C4BB30D138F
IKEv2-PROTO-4: Next payload: SA, version: 2.0
IKEv2-PROTO-4: Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE
IKEv2-PROTO-4: Message id: 0x0, length: 480
SA Next payload: KE, reserved: 0x0, length: 44
IKEv2-PROTO-4: last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
IKEv2-PROTO-4: last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
KE Next payload: N, reserved: 0x0, length: 200
DH group: 5, Reserved: 0x0
bb 46 de 39 4b 24 6f 95 f0 30 1c 28 f5 45 8b 88
a0 d0 fc c5 a7 86 d8 0d f5 7b 13 21 54 5a f4 73
5e 81 04 d3 88 7c ce df b5 93 5d c8 f9 17 f1 ae
ea 9f 17 73 dd 06 e3 5f 40 7b f1 cf a4 86 25 ab
77 f9 3f 62 26 95 00 d2 dd 36 1e c2 30 5c 87 91
49 9e 3a 45 62 01 6e 97 59 67 7d c0 2d a5 9b 9d
2a 70 92 3e b3 de 0b b3 51 69 4e 64 a2 41 6e 17
b5 40 ff 0d d2 e7 4c 23 a1 e4 ea c7 ac da 8b 23
62 6e 39 12 aa bb fa af f4 7d c1 7a 73 a0 08 00
cb 3f 07 0d a0 1f d7 2f 52 89 e6 fd 45 1f 1b ed
13 7f 99 eb 4c 40 75 ee 83 31 01 d1 ec 3e e3 ca
1d b8 d0 b0 b8 e4 d2 6d 65 bd 68 90 c7 bd 0b e8
N Next payload: VID, reserved: 0x0, length: 24
72 f7 c7 a0 af 0c a6 4e 63 1f fa 5c 89 51 d5 94
04 19 ec fd
IKEv2-PROTO-5: Parse Vendor Specific Payload: CISCO-DELETE-REASON VID Next payload: VID, reserved: 0x0, length: 23
43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
53 4f 4e
IKEv2-PROTO-5: Parse Vendor Specific Payload: (CUSTOM) VID Next payload: VID, reserved: 0x0, length: 59
43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
73 2c 20 49 6e 63 2e
IKEv2-PROTO-5: Parse Vendor Specific Payload: (CUSTOM) VID Next payload: NOTIFY, reserved: 0x0, length: 21
46 4c 45 58 56 50 4e 2d 53 55 50 50 4f 52 54 45
44
IKEv2-PROTO-5: Parse Notify Payload: NAT_DETECTION_SOURCE_IP NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
4e 7c 95 23 67 2b 43 71 72 0e 46 b6 14 fe dd 4c
7b f4 fd 50
IKEv2-PROTO-5: Parse Notify Payload: NAT_DETECTION_DESTINATION_IP NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: CERTREQ, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
9a 77 a5 5c 68 f0 18 67 c4 9a 5b d1 bc c7 96 2e
11 61 e1 d3
CERTREQ Next payload: NONE, reserved: 0x0, length: 25
Cert encoding X.509 Certificate - signature
CertReq data: 20 bytes
Decrypted packet:Data: 480 bytes
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=5BA73C4BB30D138F (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_RECV_INIT
IKEv2-PROTO-5: (34): Processing initial message
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=5BA73C4BB30D138F (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK4_NOTIFY
IKEv2-PROTO-2: (34): Processing initial message
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=5BA73C4BB30D138F (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_VERIFY_MSG
IKEv2-PROTO-3: (34): Verify SA init message
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=5BA73C4BB30D138F (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_PROC_MSG
IKEv2-PROTO-2: (34): Processing initial message
IKEv2-PROTO-3: (34): Matching certificate found
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=5BA73C4BB30D138F (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_DETECT_NAT
IKEv2-PROTO-3: (34): Process NAT discovery notify
IKEv2-PROTO-5: (34): Processing nat detect src notify
IKEv2-PROTO-5: (34): Remote address matched
IKEv2-PROTO-5: (34): Processing nat detect dst notify
IKEv2-PROTO-5: (34): Local address matched
IKEv2-PROTO-5: (34): No NAT found
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=5BA73C4BB30D138F (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK_NAT_T
IKEv2-PROTO-3: (34): Check NAT discovery
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=5BA73C4BB30D138F (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK_CONFIG_MODE
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=5BA73C4BB30D138F (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_GEN_DH_SECRET
IKEv2-PROTO-3: (34): Computing DH secret key
IKEv2-PROTO-3: (34):
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=5BA73C4BB30D138F (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_NO_EVENT
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=5BA73C4BB30D138F (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_OK_RECD_DH_SECRET_RESP
IKEv2-PROTO-5: (34): Action: Action_Null
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=5BA73C4BB30D138F (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_GEN_SKEYID
IKEv2-PROTO-3: (34): Generate skeyid
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=5BA73C4BB30D138F (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_DONE
IKEv2-PROTO-3: (34): Cisco DeleteReason Notify is enabled
IKEv2-PROTO-3: (34): Complete SA init exchange
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=5BA73C4BB30D138F (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_CHK4_ROLE
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=5BA73C4BB30D138F (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_GET_CONFIG_MODE
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=5BA73C4BB30D138F (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_CHK_EAP
IKEv2-PROTO-3: (34): Check for EAP exchange
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=5BA73C4BB30D138F (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_GEN_AUTH
IKEv2-PROTO-3: (34): Generate my authentication data
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=5BA73C4BB30D138F (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_CHK_AUTH_TYPE
IKEv2-PROTO-3: (34): Get my authentication method
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=5BA73C4BB30D138F (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_SIGN
IKEv2-PROTO-3: (34): Sign auth data
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=5BA73C4BB30D138F (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_OK_AUTH_GEN
IKEv2-PROTO-3: (34): Check for EAP exchange
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=5BA73C4BB30D138F (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_SEND_AUTH
IKEv2-PROTO-2: (34): Sending auth message
IKEv2-PROTO-5: Construct Vendor Specific Payload: CISCO-GRANITEIKEv2-PROTO-3: ESP Proposal: 1, SPI size: 4 (IPSec negotiation),
Num. transforms: 3
3DES MD596
IKEv2-PROTO-5: Construct Notify Payload: INITIAL_CONTACTIKEv2-PROTO-5: Construct Notify Payload: ESP_TFC_NO_SUPPORTIKEv2-PROTO-5: Construct Notify Payload: NON_FIRST_FRAGSIKEv2-PROTO-3: (34): Building packet for encryption; contents are:
VID Next payload: IDi, reserved: 0x0, length: 20
c8 83 fa c8 83 9b a7 8a 14 a8 27 2d 96 b2 09 f0
IDi Next payload: CERT, reserved: 0x0, length: 21
Id type: FQDN, Reserved: 0x0 0x0
61 73 61 31 2e 74 65 73 74 2e 63 6f 6d
CERT Next payload: CERTREQ, reserved: 0x0, length: 593
Cert encoding X.509 Certificate - signature
Cert data: 588 bytes
CERTREQ Next payload: AUTH, reserved: 0x0, length: 25
Cert encoding X.509 Certificate - signature
CertReq data: 20 bytes
AUTH Next payload: SA, reserved: 0x0, length: 136
Auth method RSA, reserved: 0x0, reserved 0x0
Auth data: 128 bytes
SA Next payload: TSi, reserved: 0x0, length: 40
IKEv2-PROTO-4: last proposal: 0x0, reserved: 0x0, length: 36
Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 3
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
IKEv2-PROTO-4: last transform: 0x0, reserved: 0x0: length: 8
type: 5, reserved: 0x0, id:
TSi Next payload: TSr, reserved: 0x0, length: 24
Num of TSs: 1, reserved 0x0, reserved 0x0
TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
start port: 0, end port: 65535
start addr: 20.0.0.1, end addr: 20.0.0.1
TSr Next payload: NOTIFY, reserved: 0x0, length: 24
Num of TSs: 1, reserved 0x0, reserved 0x0
TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
start port: 0, end port: 65535
start addr: 11.11.11.11, end addr: 11.11.11.11
NOTIFY(INITIAL_CONTACT) Next payload: NOTIFY, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: INITIAL_CONTACT
NOTIFY(ESP_TFC_NO_SUPPORT) Next payload: NOTIFY, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: ESP_TFC_NO_SUPPORT
NOTIFY(NON_FIRST_FRAGS) Next payload: NONE, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: NON_FIRST_FRAGS
IKEv2-PROTO-3: (34): Checking if request will fit in peer window
IKEv2-PROTO-3: Tx [L 10.0.0.2:500/R 10.0.0.1:500/VRF i0:f0] m_id: 0x1
IKEv2-PROTO-3: HDR[i:CA83FBC890AC54CD - r: 5BA73C4BB30D138F]
IKEv2-PROTO-4: IKEV2 HDR ispi: CA83FBC890AC54CD - rspi: 5BA73C4BB30D138F
IKEv2-PROTO-4: Next payload: ENCR, version: 2.0
IKEv2-PROTO-4: Exchange type: IKE_AUTH, flags: INITIATOR
IKEv2-PROTO-4: Message id: 0x1, length: 964
ENCR Next payload: VID, reserved: 0x0, length: 936
Encrypted data: 932 bytes
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=5BA73C4BB30D138F (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_NO_EVENT
IKEv2-PROTO-3: Rx [L 10.0.0.2:500/R 10.0.0.1:500/VRF i0:f0] m_id: 0x1
IKEv2-PROTO-3: HDR[i:CA83FBC890AC54CD - r: 5BA73C4BB30D138F]
IKEv2-PROTO-4: IKEV2 HDR ispi: CA83FBC890AC54CD - rspi: 5BA73C4BB30D138F
IKEv2-PROTO-4: Next payload: ENCR, version: 2.0
IKEv2-PROTO-4: Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE
IKEv2-PROTO-4: Message id: 0x1, length: 68
REAL Decrypted packet:Data: 8 bytes
IKEv2-PROTO-5: Parse Notify Payload: AUTHENTICATION_FAILED NOTIFY(AUTHENTICATION_FAILED) Next payload: NONE, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: AUTHENTICATION_FAILED
Decrypted packet:Data: 68 bytes
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=5BA73C4BB30D138F (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_RECV_AUTH
IKEv2-PROTO-5: (34): Action: Action_Null
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=5BA73C4BB30D138F (I) MsgID = 00000001 CurState: I_PROC_AUTH Event: EV_CHK4_NOTIFY
IKEv2-PROTO-2: (34): Process auth response notify
IKEv2-PROTO-1: (34):
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=5BA73C4BB30D138F (I) MsgID = 00000001 CurState: AUTH_DONE Event: EV_FAIL
IKEv2-PROTO-3: (34): Auth exchange failed
IKEv2-PROTO-1: (34): Auth exchange failed
IKEv2-PROTO-1: (34): Auth exchange failed
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=5BA73C4BB30D138F (I) MsgID = 00000001 CurState: EXIT Event: EV_ABORT
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=5BA73C4BB30D138F (I) MsgID = 00000001 CurState: EXIT Event: EV_CHK_PENDING_ABORT
IKEv2-PROTO-5: (34): SM Trace-> SA: I_SPI=CA83FBC890AC54CD R_SPI=5BA73C4BB30D138F (I) MsgID = 00000001 CurState: EXIT Event: EV_UPDATE_CAC_STATS
IKEv2-PROTO-3: (34): Abort exchange
IKEv2-PROTO-2: (34): Deleting SA
IKEv2-PROTO-5: Process delete IPSec API
IKEv2-PROTO-5: ipsec delete
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: IDLE Event: EV_INIT_SA
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GET_IKE_POLICY
IKEv2-PROTO-3: (35): Getting configured policies
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_SET_POLICY
IKEv2-PROTO-3: (35): Setting configured policies
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_CHK_AUTH4PKI
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_PKI_SESH_OPEN
IKEv2-PROTO-3: (35): Opening a PKI session
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GEN_DH_KEY
IKEv2-PROTO-3: (35): Computing DH public key
IKEv2-PROTO-3: (35):
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_NO_EVENT
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP
IKEv2-PROTO-5: (35): Action: Action_Null
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GET_CONFIG_MODE
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_BLD_MSG
IKEv2-PROTO-2: (35): Sending initial message
IKEv2-PROTO-3: IKE Proposal: 1, SPI size: 0 (initial negotiation),
Num. transforms: 4
3DES MD5 MD596 DH_GROUP_1536_MODP/Group 5
IKEv2-PROTO-5: Construct Vendor Specific Payload: DELETE-REASONIKEv2-PROTO-5: Construct Vendor Specific Payload: (CUSTOM)IKEv2-PROTO-5: Construct Notify Payload: NAT_DETECTION_SOURCE_IPIKEv2-PROTO-5: Construct Notify Payload: NAT_DETECTION_DESTINATION_IPIKEv2-PROTO-5: Construct Vendor Specific Payload: FRAGMENTATIONIKEv2-PROTO-3: (35): Checking if request will fit in peer window
IKEv2-PROTO-3: Tx [L 10.0.0.2:500/R 10.0.0.1:500/VRF i0:f0] m_id: 0x0
IKEv2-PROTO-3: HDR[i:74D1756A6F61ACFF - r: 0000000000000000]
IKEv2-PROTO-4: IKEV2 HDR ispi: 74D1756A6F61ACFF - rspi: 0000000000000000
IKEv2-PROTO-4: Next payload: SA, version: 2.0
IKEv2-PROTO-4: Exchange type: IKE_SA_INIT, flags: INITIATOR
IKEv2-PROTO-4: Message id: 0x0, length: 454
SA Next payload: KE, reserved: 0x0, length: 44
IKEv2-PROTO-4: last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
IKEv2-PROTO-4: last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
KE Next payload: N, reserved: 0x0, length: 200
DH group: 5, Reserved: 0x0
ac 2d 02 b9 f7 d6 f7 e7 0b 68 6c 36 68 93 66 97
78 d4 22 3f 77 00 47 2e 8e 21 bb 69 b0 51 af 6a
a9 77 ef aa 50 0b 27 0f 1b fc a5 aa 4b b7 20 30
4f 83 c8 6f 50 85 66 ef 62 f1 b9 cd 42 55 11 5e
74 86 b5 83 c2 78 27 b6 17 45 97 f9 47 ad f5 9d
be ff 9d c4 1b 63 ee 16 1e 3d db 32 55 32 5d f6
0e 1c ff 71 6b 0e 0e a2 fa 50 f6 e9 65 e8 68 35
c5 36 30 23 42 1c b9 40 1c 2c b2 c5 a3 fa c4 79
5f b0 c9 ae 98 f3 5e 78 27 ff 91 06 f4 a2 fa 93
4b 63 c2 5e 2a b9 7f f5 f1 58 b8 1e 42 cf d8 f5
7b fb 73 8a b1 d8 aa 4d 44 6a 32 8f b8 70 05 13
c1 86 2a 1f 60 ac 6f f2 6c 20 f3 4e 8b 7a e1 be
N Next payload: VID, reserved: 0x0, length: 24
63 d0 5e 8c 4c b6 60 36 a6 03 18 f4 ba 14 96 d9
ab a9 e2 12
VID Next payload: VID, reserved: 0x0, length: 23
43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
53 4f 4e
VID Next payload: NOTIFY, reserved: 0x0, length: 59
43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
73 2c 20 49 6e 63 2e
NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
4a 38 c6 47 22 c4 09 b0 1a cb 14 41 10 56 4b 86
19 f7 05 2b
NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: VID, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
bb 15 4d 7a 9e 64 aa 41 25 51 13 ca 6f a5 7f 17
41 49 7c 5d
VID Next payload: NONE, reserved: 0x0, length: 20
40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_INSERT_SA
IKEv2-PROTO-3: (35): Insert SA
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_NO_EVENT
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_RE_XMT
IKEv2-PROTO-2: (35): Retransmitting packet
IKEv2-PROTO-3: Tx [L 10.0.0.2:500/R 10.0.0.1:500/VRF i0:f0] m_id: 0x0
IKEv2-PROTO-3: HDR[i:74D1756A6F61ACFF - r: 0000000000000000]
IKEv2-PROTO-4: IKEV2 HDR ispi: 74D1756A6F61ACFF - rspi: 0000000000000000
IKEv2-PROTO-4: Next payload: SA, version: 2.0
IKEv2-PROTO-4: Exchange type: IKE_SA_INIT, flags: INITIATOR
IKEv2-PROTO-4: Message id: 0x0, length: 454
SA Next payload: KE, reserved: 0x0, length: 44
IKEv2-PROTO-4: last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
IKEv2-PROTO-4: last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
KE Next payload: N, reserved: 0x0, length: 200
DH group: 5, Reserved: 0x0
ac 2d 02 b9 f7 d6 f7 e7 0b 68 6c 36 68 93 66 97
78 d4 22 3f 77 00 47 2e 8e 21 bb 69 b0 51 af 6a
a9 77 ef aa 50 0b 27 0f 1b fc a5 aa 4b b7 20 30
4f 83 c8 6f 50 85 66 ef 62 f1 b9 cd 42 55 11 5e
74 86 b5 83 c2 78 27 b6 17 45 97 f9 47 ad f5 9d
be ff 9d c4 1b 63 ee 16 1e 3d db 32 55 32 5d f6
0e 1c ff 71 6b 0e 0e a2 fa 50 f6 e9 65 e8 68 35
c5 36 30 23 42 1c b9 40 1c 2c b2 c5 a3 fa c4 79
5f b0 c9 ae 98 f3 5e 78 27 ff 91 06 f4 a2 fa 93
4b 63 c2 5e 2a b9 7f f5 f1 58 b8 1e 42 cf d8 f5
7b fb 73 8a b1 d8 aa 4d 44 6a 32 8f b8 70 05 13
c1 86 2a 1f 60 ac 6f f2 6c 20 f3 4e 8b 7a e1 be
N Next payload: VID, reserved: 0x0, length: 24
63 d0 5e 8c 4c b6 60 36 a6 03 18 f4 ba 14 96 d9
ab a9 e2 12
VID Next payload: VID, reserved: 0x0, length: 23
43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
53 4f 4e
VID Next payload: NOTIFY, reserved: 0x0, length: 59
43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
73 2c 20 49 6e 63 2e
NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
4a 38 c6 47 22 c4 09 b0 1a cb 14 41 10 56 4b 86
19 f7 05 2b
NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: VID, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
bb 15 4d 7a 9e 64 aa 41 25 51 13 ca 6f a5 7f 17
41 49 7c 5d
VID Next payload: NONE, reserved: 0x0, length: 20
40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_NO_EVENT
IKEv2-PROTO-3: Rx [L 10.0.0.2:500/R 10.0.0.1:500/VRF i0:f0] m_id: 0x0
IKEv2-PROTO-3: HDR[i:74D1756A6F61ACFF - r: BEC1F566787C4FFA]
IKEv2-PROTO-4: IKEV2 HDR ispi: 74D1756A6F61ACFF - rspi: BEC1F566787C4FFA
IKEv2-PROTO-4: Next payload: SA, version: 2.0
IKEv2-PROTO-4: Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE
IKEv2-PROTO-4: Message id: 0x0, length: 480
SA Next payload: KE, reserved: 0x0, length: 44
IKEv2-PROTO-4: last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
IKEv2-PROTO-4: last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
KE Next payload: N, reserved: 0x0, length: 200
DH group: 5, Reserved: 0x0
bb 46 de 39 4b 24 6f 95 f0 30 1c 28 f5 45 8b 88
a0 d0 fc c5 a7 86 d8 0d f5 7b 13 21 54 5a f4 73
5e 81 04 d3 88 7c ce df b5 93 5d c8 f9 17 f1 ae
ea 9f 17 73 dd 06 e3 5f 40 7b f1 cf a4 86 25 ab
77 f9 3f 62 26 95 00 d2 dd 36 1e c2 30 5c 87 91
49 9e 3a 45 62 01 6e 97 59 67 7d c0 2d a5 9b 9d
2a 70 92 3e b3 de 0b b3 51 69 4e 64 a2 41 6e 17
b5 40 ff 0d d2 e7 4c 23 a1 e4 ea c7 ac da 8b 23
62 6e 39 12 aa bb fa af f4 7d c1 7a 73 a0 08 00
cb 3f 07 0d a0 1f d7 2f 52 89 e6 fd 45 1f 1b ed
13 7f 99 eb 4c 40 75 ee 83 31 01 d1 ec 3e e3 ca
1d b8 d0 b0 b8 e4 d2 6d 65 bd 68 90 c7 bd 0b e8
N Next payload: VID, reserved: 0x0, length: 24
47 88 61 6c 1c 1c c5 46 1d 50 48 c2 c1 28 e8 41
c3 15 4b 24
IKEv2-PROTO-5: Parse Vendor Specific Payload: CISCO-DELETE-REASON VID Next payload: VID, reserved: 0x0, length: 23
43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
53 4f 4e
IKEv2-PROTO-5: Parse Vendor Specific Payload: (CUSTOM) VID Next payload: VID, reserved: 0x0, length: 59
43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
73 2c 20 49 6e 63 2e
IKEv2-PROTO-5: Parse Vendor Specific Payload: (CUSTOM) VID Next payload: NOTIFY, reserved: 0x0, length: 21
46 4c 45 58 56 50 4e 2d 53 55 50 50 4f 52 54 45
44
IKEv2-PROTO-5: Parse Notify Payload: NAT_DETECTION_SOURCE_IP NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
54 1c 8d f1 c1 aa 5b ee f2 2e 42 83 cf 8d f0 fb
a4 c5 a6 c6
IKEv2-PROTO-5: Parse Notify Payload: NAT_DETECTION_DESTINATION_IP NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: CERTREQ, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
4f b9 01 c3 38 05 02 f2 6a f0 fd 44 12 2b bf 16
90 a6 46 c9
CERTREQ Next payload: NONE, reserved: 0x0, length: 25
Cert encoding X.509 Certificate - signature
CertReq data: 20 bytes
Decrypted packet:Data: 480 bytes
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=BEC1F566787C4FFA (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_RECV_INIT
IKEv2-PROTO-5: (35): Processing initial message
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=BEC1F566787C4FFA (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK4_NOTIFY
IKEv2-PROTO-2: (35): Processing initial message
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=BEC1F566787C4FFA (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_VERIFY_MSG
IKEv2-PROTO-3: (35): Verify SA init message
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=BEC1F566787C4FFA (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_PROC_MSG
IKEv2-PROTO-2: (35): Processing initial message
IKEv2-PROTO-3: (35): Matching certificate found
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=BEC1F566787C4FFA (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_DETECT_NAT
IKEv2-PROTO-3: (35): Process NAT discovery notify
IKEv2-PROTO-5: (35): Processing nat detect src notify
IKEv2-PROTO-5: (35): Remote address matched
IKEv2-PROTO-5: (35): Processing nat detect dst notify
IKEv2-PROTO-5: (35): Local address matched
IKEv2-PROTO-5: (35): No NAT found
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=BEC1F566787C4FFA (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK_NAT_T
IKEv2-PROTO-3: (35): Check NAT discovery
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=BEC1F566787C4FFA (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK_CONFIG_MODE
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=BEC1F566787C4FFA (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_GEN_DH_SECRET
IKEv2-PROTO-3: (35): Computing DH secret key
IKEv2-PROTO-3: (35):
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=BEC1F566787C4FFA (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_NO_EVENT
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=BEC1F566787C4FFA (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_OK_RECD_DH_SECRET_RESP
IKEv2-PROTO-5: (35): Action: Action_Null
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=BEC1F566787C4FFA (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_GEN_SKEYID
IKEv2-PROTO-3: (35): Generate skeyid
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=BEC1F566787C4FFA (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_DONE
IKEv2-PROTO-3: (35): Cisco DeleteReason Notify is enabled
IKEv2-PROTO-3: (35): Complete SA init exchange
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=BEC1F566787C4FFA (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_CHK4_ROLE
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=BEC1F566787C4FFA (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_GET_CONFIG_MODE
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=BEC1F566787C4FFA (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_CHK_EAP
IKEv2-PROTO-3: (35): Check for EAP exchange
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=BEC1F566787C4FFA (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_GEN_AUTH
IKEv2-PROTO-3: (35): Generate my authentication data
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=BEC1F566787C4FFA (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_CHK_AUTH_TYPE
IKEv2-PROTO-3: (35): Get my authentication method
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=BEC1F566787C4FFA (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_SIGN
IKEv2-PROTO-3: (35): Sign auth data
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=BEC1F566787C4FFA (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_OK_AUTH_GEN
IKEv2-PROTO-3: (35): Check for EAP exchange
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=BEC1F566787C4FFA (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_SEND_AUTH
IKEv2-PROTO-2: (35): Sending auth message
IKEv2-PROTO-5: Construct Vendor Specific Payload: CISCO-GRANITEIKEv2-PROTO-3: ESP Proposal: 1, SPI size: 4 (IPSec negotiation),
Num. transforms: 3
3DES MD596
IKEv2-PROTO-5: Construct Notify Payload: INITIAL_CONTACTIKEv2-PROTO-5: Construct Notify Payload: ESP_TFC_NO_SUPPORTIKEv2-PROTO-5: Construct Notify Payload: NON_FIRST_FRAGSIKEv2-PROTO-3: (35): Building packet for encryption; contents are:
VID Next payload: IDi, reserved: 0x0, length: 20
76 d1 74 6a 7c 56 5f b8 e2 a4 44 a4 33 75 2e 40
IDi Next payload: CERT, reserved: 0x0, length: 21
Id type: FQDN, Reserved: 0x0 0x0
61 73 61 31 2e 74 65 73 74 2e 63 6f 6d
CERT Next payload: CERTREQ, reserved: 0x0, length: 593
Cert encoding X.509 Certificate - signature
Cert data: 588 bytes
CERTREQ Next payload: AUTH, reserved: 0x0, length: 25
Cert encoding X.509 Certificate - signature
CertReq data: 20 bytes
AUTH Next payload: SA, reserved: 0x0, length: 136
Auth method RSA, reserved: 0x0, reserved 0x0
Auth data: 128 bytes
SA Next payload: TSi, reserved: 0x0, length: 40
IKEv2-PROTO-4: last proposal: 0x0, reserved: 0x0, length: 36
Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 3
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
IKEv2-PROTO-4: last transform: 0x0, reserved: 0x0: length: 8
type: 5, reserved: 0x0, id:
TSi Next payload: TSr, reserved: 0x0, length: 24
Num of TSs: 1, reserved 0x0, reserved 0x0
TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
start port: 0, end port: 65535
start addr: 20.0.0.1, end addr: 20.0.0.1
TSr Next payload: NOTIFY, reserved: 0x0, length: 24
Num of TSs: 1, reserved 0x0, reserved 0x0
TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
start port: 0, end port: 65535
start addr: 11.11.11.11, end addr: 11.11.11.11
NOTIFY(INITIAL_CONTACT) Next payload: NOTIFY, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: INITIAL_CONTACT
NOTIFY(ESP_TFC_NO_SUPPORT) Next payload: NOTIFY, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: ESP_TFC_NO_SUPPORT
NOTIFY(NON_FIRST_FRAGS) Next payload: NONE, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: NON_FIRST_FRAGS
IKEv2-PROTO-3: (35): Checking if request will fit in peer window
IKEv2-PROTO-3: Tx [L 10.0.0.2:500/R 10.0.0.1:500/VRF i0:f0] m_id: 0x1
IKEv2-PROTO-3: HDR[i:74D1756A6F61ACFF - r: BEC1F566787C4FFA]
IKEv2-PROTO-4: IKEV2 HDR ispi: 74D1756A6F61ACFF - rspi: BEC1F566787C4FFA
IKEv2-PROTO-4: Next payload: ENCR, version: 2.0
IKEv2-PROTO-4: Exchange type: IKE_AUTH, flags: INITIATOR
IKEv2-PROTO-4: Message id: 0x1, length: 964
ENCR Next payload: VID, reserved: 0x0, length: 936
Encrypted data: 932 bytes
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=BEC1F566787C4FFA (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_NO_EVENT
IKEv2-PROTO-3: Rx [L 10.0.0.2:500/R 10.0.0.1:500/VRF i0:f0] m_id: 0x1
IKEv2-PROTO-3: HDR[i:74D1756A6F61ACFF - r: BEC1F566787C4FFA]
IKEv2-PROTO-4: IKEV2 HDR ispi: 74D1756A6F61ACFF - rspi: BEC1F566787C4FFA
IKEv2-PROTO-4: Next payload: ENCR, version: 2.0
IKEv2-PROTO-4: Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE
IKEv2-PROTO-4: Message id: 0x1, length: 68
REAL Decrypted packet:Data: 8 bytes
IKEv2-PROTO-5: Parse Notify Payload: AUTHENTICATION_FAILED NOTIFY(AUTHENTICATION_FAILED) Next payload: NONE, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: AUTHENTICATION_FAILED
Decrypted packet:Data: 68 bytes
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=BEC1F566787C4FFA (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_RECV_AUTH
IKEv2-PROTO-5: (35): Action: Action_Null
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=BEC1F566787C4FFA (I) MsgID = 00000001 CurState: I_PROC_AUTH Event: EV_CHK4_NOTIFY
IKEv2-PROTO-2: (35): Process auth response notify
IKEv2-PROTO-1: (35):
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=BEC1F566787C4FFA (I) MsgID = 00000001 CurState: AUTH_DONE Event: EV_FAIL
IKEv2-PROTO-3: (35): Auth exchange failed
IKEv2-PROTO-1: (35): Auth exchange failed
IKEv2-PROTO-1: (35): Auth exchange failed
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=BEC1F566787C4FFA (I) MsgID = 00000001 CurState: EXIT Event: EV_ABORT
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=BEC1F566787C4FFA (I) MsgID = 00000001 CurState: EXIT Event: EV_CHK_PENDING_ABORT
IKEv2-PROTO-5: (35): SM Trace-> SA: I_SPI=74D1756A6F61ACFF R_SPI=BEC1F566787C4FFA (I) MsgID = 00000001 CurState: EXIT Event: EV_UPDATE_CAC_STATS
IKEv2-PROTO-3: (35): Abort exchange
IKEv2-PROTO-2: (35): Deleting SA
IKEv2-PROTO-5: Process delete IPSec API
IKEv2-PROTO-5: ipsec delete
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: IDLE Event: EV_INIT_SA
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GET_IKE_POLICY
IKEv2-PROTO-3: (36): Getting configured policies
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_SET_POLICY
IKEv2-PROTO-3: (36): Setting configured policies
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_CHK_AUTH4PKI
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_PKI_SESH_OPEN
IKEv2-PROTO-3: (36): Opening a PKI session
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GEN_DH_KEY
IKEv2-PROTO-3: (36): Computing DH public key
IKEv2-PROTO-3: (36):
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_NO_EVENT
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP
IKEv2-PROTO-5: (36): Action: Action_Null
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_GET_CONFIG_MODE
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_BLD_MSG
IKEv2-PROTO-2: (36): Sending initial message
IKEv2-PROTO-3: IKE Proposal: 1, SPI size: 0 (initial negotiation),
Num. transforms: 4
3DES MD5 MD596 DH_GROUP_1536_MODP/Group 5
IKEv2-PROTO-5: Construct Vendor Specific Payload: DELETE-REASONIKEv2-PROTO-5: Construct Vendor Specific Payload: (CUSTOM)IKEv2-PROTO-5: Construct Notify Payload: NAT_DETECTION_SOURCE_IPIKEv2-PROTO-5: Construct Notify Payload: NAT_DETECTION_DESTINATION_IPIKEv2-PROTO-5: Construct Vendor Specific Payload: FRAGMENTATIONIKEv2-PROTO-3: (36): Checking if request will fit in peer window
IKEv2-PROTO-3: Tx [L 10.0.0.2:500/R 10.0.0.1:500/VRF i0:f0] m_id: 0x0
IKEv2-PROTO-3: HDR[i:EED43FE10557C923 - r: 0000000000000000]
IKEv2-PROTO-4: IKEV2 HDR ispi: EED43FE10557C923 - rspi: 0000000000000000
IKEv2-PROTO-4: Next payload: SA, version: 2.0
IKEv2-PROTO-4: Exchange type: IKE_SA_INIT, flags: INITIATOR
IKEv2-PROTO-4: Message id: 0x0, length: 454
SA Next payload: KE, reserved: 0x0, length: 44
IKEv2-PROTO-4: last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
IKEv2-PROTO-4: last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
KE Next payload: N, reserved: 0x0, length: 200
DH group: 5, Reserved: 0x0
c5 4f dd 35 2f 9a f2 df d9 ec ac 94 97 0f 24 c1
c0 d8 06 06 d4 de 24 64 e4 ab 09 ab 28 ef 6f bf
01 56 da 38 ad e8 9c 8e 93 ba bc d8 fe 78 fb 44
72 59 b9 69 21 38 a5 31 c8 b9 2a 78 b1 b9 e8 3a
ff 58 68 c3 e7 ae b5 b7 9f 27 3e fa 48 c9 64 45
bd 3f 11 ed 12 0f 3a b1 0a 9b 19 aa 47 23 5d cd
1b fd a3 4d 97 93 7f 41 e0 f6 dc 11 8f ed fb 9c
0e e0 c4 9a c7 30 86 a2 41 30 1e 35 85 77 92 06
2f b6 69 c9 ec 52 f9 f9 06 f4 8b 54 c9 4a a1 7d
68 cc 9e f0 12 e7 f4 c8 76 3f 59 30 97 20 7e df
10 0e ff 45 99 97 96 26 e8 ab ce 6f 76 46 a0 d2
14 43 fe 04 3a a4 02 96 af 1b 6e 79 cb f8 c8 32
N Next payload: VID, reserved: 0x0, length: 24
cb d4 54 1e 49 3d de c5 b6 6f 86 f1 14 f1 d3 ad
67 42 e7 bb
VID Next payload: VID, reserved: 0x0, length: 23
43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
53 4f 4e
VID Next payload: NOTIFY, reserved: 0x0, length: 59
43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
73 2c 20 49 6e 63 2e
NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
66 0e 31 9c ec 4e ae 12 cb 20 a1 bf 88 29 d3 46
51 7d 3b b9
NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: VID, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
80 d9 0b 86 e6 d1 5d db 73 5c e3 5b c9 68 16 09
3b 0b 89 09
VID Next payload: NONE, reserved: 0x0, length: 20
40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_BLD_INIT Event: EV_INSERT_SA
IKEv2-PROTO-3: (36): Insert SA
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=0000000000000000 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_NO_EVENT
IKEv2-PROTO-3: Rx [L 10.0.0.2:500/R 10.0.0.1:500/VRF i0:f0] m_id: 0x0
IKEv2-PROTO-3: HDR[i:EED43FE10557C923 - r: 2406379883111336]
IKEv2-PROTO-4: IKEV2 HDR ispi: EED43FE10557C923 - rspi: 2406379883111336
IKEv2-PROTO-4: Next payload: SA, version: 2.0
IKEv2-PROTO-4: Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE
IKEv2-PROTO-4: Message id: 0x0, length: 480
SA Next payload: KE, reserved: 0x0, length: 44
IKEv2-PROTO-4: last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
IKEv2-PROTO-4: last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
KE Next payload: N, reserved: 0x0, length: 200
DH group: 5, Reserved: 0x0
bb 46 de 39 4b 24 6f 95 f0 30 1c 28 f5 45 8b 88
a0 d0 fc c5 a7 86 d8 0d f5 7b 13 21 54 5a f4 73
5e 81 04 d3 88 7c ce df b5 93 5d c8 f9 17 f1 ae
ea 9f 17 73 dd 06 e3 5f 40 7b f1 cf a4 86 25 ab
77 f9 3f 62 26 95 00 d2 dd 36 1e c2 30 5c 87 91
49 9e 3a 45 62 01 6e 97 59 67 7d c0 2d a5 9b 9d
2a 70 92 3e b3 de 0b b3 51 69 4e 64 a2 41 6e 17
b5 40 ff 0d d2 e7 4c 23 a1 e4 ea c7 ac da 8b 23
62 6e 39 12 aa bb fa af f4 7d c1 7a 73 a0 08 00
cb 3f 07 0d a0 1f d7 2f 52 89 e6 fd 45 1f 1b ed
13 7f 99 eb 4c 40 75 ee 83 31 01 d1 ec 3e e3 ca
1d b8 d0 b0 b8 e4 d2 6d 65 bd 68 90 c7 bd 0b e8
N Next payload: VID, reserved: 0x0, length: 24
66 1a 32 18 c0 d4 23 95 98 1b 90 76 03 ef d7 85
0b 78 17 8a
IKEv2-PROTO-5: Parse Vendor Specific Payload: CISCO-DELETE-REASON VID Next payload: VID, reserved: 0x0, length: 23
43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
53 4f 4e
IKEv2-PROTO-5: Parse Vendor Specific Payload: (CUSTOM) VID Next payload: VID, reserved: 0x0, length: 59
43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
73 2c 20 49 6e 63 2e
IKEv2-PROTO-5: Parse Vendor Specific Payload: (CUSTOM) VID Next payload: NOTIFY, reserved: 0x0, length: 21
46 4c 45 58 56 50 4e 2d 53 55 50 50 4f 52 54 45
44
IKEv2-PROTO-5: Parse Notify Payload: NAT_DETECTION_SOURCE_IP NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
3b 52 91 14 54 77 f3 2b 41 c1 18 9c 51 90 88 d8
0a f3 34 38
IKEv2-PROTO-5: Parse Notify Payload: NAT_DETECTION_DESTINATION_IP NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: CERTREQ, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
d4 98 d4 b8 eb 1f 57 9e ee df 66 1f 65 75 1a d6
22 f0 7e ba
CERTREQ Next payload: NONE, reserved: 0x0, length: 25
Cert encoding X.509 Certificate - signature
CertReq data: 20 bytes
Decrypted packet:Data: 480 bytes
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=2406379883111336 (I) MsgID = 00000000 CurState: I_WAIT_INIT Event: EV_RECV_INIT
IKEv2-PROTO-5: (36): Processing initial message
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=2406379883111336 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK4_NOTIFY
IKEv2-PROTO-2: (36): Processing initial message
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=2406379883111336 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_VERIFY_MSG
IKEv2-PROTO-3: (36): Verify SA init message
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=2406379883111336 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_PROC_MSG
IKEv2-PROTO-2: (36): Processing initial message
IKEv2-PROTO-3: (36): Matching certificate found
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=2406379883111336 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_DETECT_NAT
IKEv2-PROTO-3: (36): Process NAT discovery notify
IKEv2-PROTO-5: (36): Processing nat detect src notify
IKEv2-PROTO-5: (36): Remote address matched
IKEv2-PROTO-5: (36): Processing nat detect dst notify
IKEv2-PROTO-5: (36): Local address matched
IKEv2-PROTO-5: (36): No NAT found
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=2406379883111336 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK_NAT_T
IKEv2-PROTO-3: (36): Check NAT discovery
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=2406379883111336 (I) MsgID = 00000000 CurState: I_PROC_INIT Event: EV_CHK_CONFIG_MODE
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=2406379883111336 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_GEN_DH_SECRET
IKEv2-PROTO-3: (36): Computing DH secret key
IKEv2-PROTO-3: (36):
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=2406379883111336 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_NO_EVENT
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=2406379883111336 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_OK_RECD_DH_SECRET_RESP
IKEv2-PROTO-5: (36): Action: Action_Null
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=2406379883111336 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_GEN_SKEYID
IKEv2-PROTO-3: (36): Generate skeyid
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=2406379883111336 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_DONE
IKEv2-PROTO-3: (36): Cisco DeleteReason Notify is enabled
IKEv2-PROTO-3: (36): Complete SA init exchange
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=2406379883111336 (I) MsgID = 00000000 CurState: INIT_DONE Event: EV_CHK4_ROLE
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=2406379883111336 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_GET_CONFIG_MODE
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=2406379883111336 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_CHK_EAP
IKEv2-PROTO-3: (36): Check for EAP exchange
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=2406379883111336 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_GEN_AUTH
IKEv2-PROTO-3: (36): Generate my authentication data
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=2406379883111336 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_CHK_AUTH_TYPE
IKEv2-PROTO-3: (36): Get my authentication method
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=2406379883111336 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_SIGN
IKEv2-PROTO-3: (36): Sign auth data
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=2406379883111336 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_OK_AUTH_GEN
IKEv2-PROTO-3: (36): Check for EAP exchange
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=2406379883111336 (I) MsgID = 00000000 CurState: I_BLD_AUTH Event: EV_SEND_AUTH
IKEv2-PROTO-2: (36): Sending auth message
IKEv2-PROTO-5: Construct Vendor Specific Payload: CISCO-GRANITEIKEv2-PROTO-3: ESP Proposal: 1, SPI size: 4 (IPSec negotiation),
Num. transforms: 3
3DES MD596
IKEv2-PROTO-5: Construct Notify Payload: INITIAL_CONTACTIKEv2-PROTO-5: Construct Notify Payload: ESP_TFC_NO_SUPPORTIKEv2-PROTO-5: Construct Notify Payload: NON_FIRST_FRAGSIKEv2-PROTO-3: (36): Building packet for encryption; contents are:
VID Next payload: IDi, reserved: 0x0, length: 20
ec d4 3e e1 16 60 3a 64 91 50 98 65 09 48 8a 8c
IDi Next payload: CERT, reserved: 0x0, length: 21
Id type: FQDN, Reserved: 0x0 0x0
61 73 61 31 2e 74 65 73 74 2e 63 6f 6d
CERT Next payload: CERTREQ, reserved: 0x0, length: 593
Cert encoding X.509 Certificate - signature
Cert data: 588 bytes
CERTREQ Next payload: AUTH, reserved: 0x0, length: 25
Cert encoding X.509 Certificate - signature
CertReq data: 20 bytes
AUTH Next payload: SA, reserved: 0x0, length: 136
Auth method RSA, reserved: 0x0, reserved 0x0
Auth data: 128 bytes
SA Next payload: TSi, reserved: 0x0, length: 40
IKEv2-PROTO-4: last proposal: 0x0, reserved: 0x0, length: 36
Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 3
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
IKEv2-PROTO-4: last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
IKEv2-PROTO-4: last transform: 0x0, reserved: 0x0: length: 8
type: 5, reserved: 0x0, id:
TSi Next payload: TSr, reserved: 0x0, length: 24
Num of TSs: 1, reserved 0x0, reserved 0x0
TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
start port: 0, end port: 65535
start addr: 20.0.0.1, end addr: 20.0.0.1
TSr Next payload: NOTIFY, reserved: 0x0, length: 24
Num of TSs: 1, reserved 0x0, reserved 0x0
TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
start port: 0, end port: 65535
start addr: 11.11.11.11, end addr: 11.11.11.11
NOTIFY(INITIAL_CONTACT) Next payload: NOTIFY, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: INITIAL_CONTACT
NOTIFY(ESP_TFC_NO_SUPPORT) Next payload: NOTIFY, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: ESP_TFC_NO_SUPPORT
NOTIFY(NON_FIRST_FRAGS) Next payload: NONE, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: NON_FIRST_FRAGS
IKEv2-PROTO-3: (36): Checking if request will fit in peer window
IKEv2-PROTO-3: Tx [L 10.0.0.2:500/R 10.0.0.1:500/VRF i0:f0] m_id: 0x1
IKEv2-PROTO-3: HDR[i:EED43FE10557C923 - r: 2406379883111336]
IKEv2-PROTO-4: IKEV2 HDR ispi: EED43FE10557C923 - rspi: 2406379883111336
IKEv2-PROTO-4: Next payload: ENCR, version: 2.0
IKEv2-PROTO-4: Exchange type: IKE_AUTH, flags: INITIATOR
IKEv2-PROTO-4: Message id: 0x1, length: 964
ENCR Next payload: VID, reserved: 0x0, length: 936
Encrypted data: 932 bytes
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=2406379883111336 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_NO_EVENT
IKEv2-PROTO-3: Rx [L 10.0.0.2:500/R 10.0.0.1:500/VRF i0:f0] m_id: 0x1
IKEv2-PROTO-3: HDR[i:EED43FE10557C923 - r: 2406379883111336]
IKEv2-PROTO-4: IKEV2 HDR ispi: EED43FE10557C923 - rspi: 2406379883111336
IKEv2-PROTO-4: Next payload: ENCR, version: 2.0
IKEv2-PROTO-4: Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE
IKEv2-PROTO-4: Message id: 0x1, length: 68
REAL Decrypted packet:Data: 8 bytes
IKEv2-PROTO-5: Parse Notify Payload: AUTHENTICATION_FAILED NOTIFY(AUTHENTICATION_FAILED) Next payload: NONE, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: AUTHENTICATION_FAILED
Decrypted packet:Data: 68 bytes
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=2406379883111336 (I) MsgID = 00000001 CurState: I_WAIT_AUTH Event: EV_RECV_AUTH
IKEv2-PROTO-5: (36): Action: Action_Null
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=2406379883111336 (I) MsgID = 00000001 CurState: I_PROC_AUTH Event: EV_CHK4_NOTIFY
IKEv2-PROTO-2: (36): Process auth response notify
IKEv2-PROTO-1: (36):
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=2406379883111336 (I) MsgID = 00000001 CurState: AUTH_DONE Event: EV_FAIL
IKEv2-PROTO-3: (36): Auth exchange failed
IKEv2-PROTO-1: (36): Auth exchange failed
IKEv2-PROTO-1: (36): Auth exchange failed
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=2406379883111336 (I) MsgID = 00000001 CurState: EXIT Event: EV_ABORT
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=2406379883111336 (I) MsgID = 00000001 CurState: EXIT Event: EV_CHK_PENDING_ABORT
IKEv2-PROTO-5: (36): SM Trace-> SA: I_SPI=EED43FE10557C923 R_SPI=2406379883111336 (I) MsgID = 00000001 CurState: EXIT Event: EV_UPDATE_CAC_STATS
IKEv2-PROTO-3: (36): Abort exchange
IKEv2-PROTO-2: (36): Deleting SA
IKEv2-PROTO-5: Process delete IPSec API
IKEv2-PROTO-5: ipsec delete
------------------------------------------------------
R1 debug
------------------------------------------------------
IKEv2 internal debugging is on
r1#
May 6 07:07:42.071: IKEv2:Got a packet from dispatcher
May 6 07:07:42.083: IKEv2:Processing an item off the pak queue
May 6 07:07:42.091: IKEv2:New ikev2 sa request admitted
May 6 07:07:42.095: IKEv2:Incrementing incoming negotiating sa count by one
May 6 07:07:42.099: IKEv2:Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: INITIATOR Message id: 0, length: 454
Payload contents:
SA Next payload: KE, reserved: 0x0, length: 44
last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
KE Next payload: N, reserved: 0x0, length: 200
r1# DH group: 5, Reserved: 0x0
N Next payload: VID, reserved: 0x0, length: 24
May 6 07:07:42.111: IKEv2:Parse Vendor Specific Payload: CISCO-DELETE-REASON VID Next payload: VID, reserved: 0x0, length: 23
May 6 07:07:42.111: IKEv2:Parse Vendor Specific Payload: (CUSTOM) VID Next payload: NOTIFY, reserved: 0x0, length: 59
May 6 07:07:42.111: IKEv2:Parse Notify Payload: NAT_DETECTION_SOURCE_IP NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
May 6 07:07:42.111: IKEv2:Parse Notify Payload: NAT_DETECTION_DESTINATION_IP NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: VID, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
May 6 07:07:42.111: IKEv2:Parse Vendor Specific Payload: FRAGMENTATION VID Next payload: NONE, reserved: 0x0, length: 20
May 6 07:07:42.111: IKEv2:(1): Received custom vendor id :
r1#CISCO(COPYRIGHT)
May 6 07:07:42.111: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000000 CurState: IDLE Event: EV_RECV_INIT
May 6 07:07:42.111: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000000 CurState: R_INIT Event: EV_VERIFY_MSG
May 6 07:07:42.111: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000000 CurState: R_INIT Event: EV_INSERT_SA
May 6 07:07:42.111: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000000 CurState: R_INIT Event: EV_GET_IKE_POLICY
May 6 07:07:42.111: IKEv2:Adding Proposal IKEV2-PROPOSAL to toolkit policy
May 6 07:07:42.115: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000000 CurState: R_INIT Event: EV_PROC_MSG
May 6 07:07:42.119: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R)
r1#MsgID = 00000000 CurState: R_INIT Event: EV_DETECT_NAT
May 6 07:07:42.119: IKEv2:(SA ID = 1):Process NAT discovery notify
May 6 07:07:42.119: IKEv2:(SA ID = 1):Processing nat detect src notify
May 6 07:07:42.119: IKEv2:(SA ID = 1):Remote address matched
May 6 07:07:42.119: IKEv2:(SA ID = 1):Processing nat detect dst notify
May 6 07:07:42.119: IKEv2:(SA ID = 1):Local address matched
May 6 07:07:42.119: IKEv2:(SA ID = 1):No NAT found
May 6 07:07:42.119: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000000 CurState: R_INIT Event: EV_CHK_CONFIG_MODE
May 6 07:07:42.119: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_SET_POLICY
May 6 07:07:42.119: IKEv2:(SA ID = 1):Setting configured policies
May 6 07:07:42.119: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_C
r1#HK_AUTH4PKI
May 6 07:07:42.123: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_PKI_SESH_OPEN
May 6 07:07:42.123: IKEv2:(SA ID = 1):Opening a PKI session
May 6 07:07:42.123: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_KEY
May 6 07:07:42.123: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT
May 6 07:07:42.127: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP
May 6 07:07:42.127: IKEv2:(SA ID = 1):Action: Action_Null
May 6 07:07:42.127: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_SECRET
May 6 07:07:42.231: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_S
r1#PI=93E6DCFEC83ECA7E (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT
May 6 07:07:42.231: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_SECRET_RESP
May 6 07:07:42.235: IKEv2:(SA ID = 1):Action: Action_Null
May 6 07:07:42.235: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_SKEYID
May 6 07:07:42.235: IKEv2:(SA ID = 1):Generate skeyid
May 6 07:07:42.235: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GET_CONFIG_MODE
May 6 07:07:42.235: IKEv2:IKEv2 responder - no config data to send in IKE_SA_INIT exch
May 6 07:07:42.235: IKEv2:No config data to send to toolkit:
May 6 07:07:42.235: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_BLD_MSG
May 6 07:07:42.239: IKEv2:Construct Vendor Specific Payload: DELETE-REASON
May 6 07:07:42.239: IK
r1#Ev2:(1): Sending custom vendor id : CISCO(COPYRIGHT)
May 6 07:07:42.239: IKEv2:Construct Vendor Specific Payload: (CUSTOM)
May 6 07:07:42.239: IKEv2:Construct Vendor Specific Payload: (CUSTOM)
May 6 07:07:42.239: IKEv2:Construct Notify Payload: NAT_DETECTION_SOURCE_IP
May 6 07:07:42.239: IKEv2:Construct Notify Payload: NAT_DETECTION_DESTINATION_IP
May 6 07:07:42.239: IKEv2:(SA ID = 1):Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE Message id: 0, length: 480
Payload contents:
SA Next payload: KE, reserved: 0x0, length: 44
last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
KE Next payload: N, reserved: 0x0, length: 200
DH group: 5, Reserved: 0x0
N Next payload: VID, reserved: 0x0, length: 24
VID Next payload: VID, reserved: 0x0, length: 23
VID Next payload: VID, reserved: 0x0, length: 59
VID Next payload: NOTIFY, reserved: 0x0, length: 21
NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: CERTREQ, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
CERTREQ Next payload: NONE, reserved: 0x0, length: 25
Cert encoding X.509 Certificate - signature
May 6 07:07:42.251: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_DONE
May 6
r1# 07:07:42.259: IKEv2:(SA ID = 1):Cisco DeleteReason Notify is enabled
May 6 07:07:42.267: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_CHK4_ROLE
May 6 07:07:42.267: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_START_TMR
May 6 07:07:42.267: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000000 CurState: R_WAIT_AUTH Event: EV_NO_EVENT
May 6 07:07:42.483: IKEv2:Got a packet from dispatcher
May 6 07:07:42.491: IKEv2:Processing an item off the pak queue
May 6 07:07:42.499: IKEv2:(SA ID = 1):Request has mess_id 1; expected 1 through 1
May 6 07:07:42.507: IKEv2:(SA ID = 1):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: INITIATOR Message id: 1, length: 964
Payload contents:
May 6 07:07:42.511: IKEv2:Parse Vendor Specific Payload: (CUSTOM) VID Next payload: IDi, reserved: 0x0, length: 20
IDi Next payload: CERT, reserved: 0x0, length: 21
Id type: FQDN, Reserved: 0x0 0x0
CERT Next payload: CERTREQ, reserved: 0x0, length: 593
Cert encoding X.509 Certificate - signature
CERTREQ Next payl
r1#oad: AUTH, reserved: 0x0, length: 25
Cert encoding X.509 Certificate - signature
AUTH Next payload: SA, reserved: 0x0, length: 136
Auth method RSA, reserved: 0x0, reserved 0x0
SA Next payload: TSi, reserved: 0x0, length: 40
last proposal: 0x0, reserved: 0x0, length: 36
Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 3 last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
last transform: 0x0, reserved: 0x0: length: 8
type: 5, reserved: 0x0, id: Don't use ESN
TSi Next payload: TSr, reserved: 0x0, length: 24
Num of TSs: 1, reserved 0x0, reserved 0x0
TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
start port: 0, end port: 65535
start addr: 20.0.0.1, end addr: 20.0.0.1
TSr Next payload: NOTIFY, reserved: 0x0, length: 24
Num of TSs: 1, reserved 0x0, reserved 0x0
TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
start port: 0, end port: 65535
start addr: 11.11.11.11, end addr: 11.11.11.11
May 6 07:07:42.515: IKEv2:Parse Notify Payload: INITIAL_CONTACT NOTIFY(INITIAL_CONTACT) Next payload: NOTIFY, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: INITIAL_CONTACT
May 6 07:07:42.515: IKEv2:Parse Notify Payload: ESP_TFC_NO_SUPPORT NOTIFY(ESP_TFC_NO_SUPPORT) Next payload: NOTIFY, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: ESP_TFC_NO_SUPPORT
May 6 07:07:42.515: IKEv2:Parse Notify Payload: NON_FIRST_FRAGS NOTIFY(NON_FIRST_FRAGS) Next payload: NONE, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: NON_FIRST_FRAGS
May 6 07:07:42.515: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_RECV_AUTH
May 6 07:07:42.515: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000
r1#001 CurState: R_WAIT_AUTH Event: EV_CHK_NAT_T
May 6 07:07:42.515: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_PROC_ID
May 6 07:07:42.515: IKEv2:(SA ID = 1):Received valid parameteres in process id
May 6 07:07:42.519: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_IF_PEER_CERT_NEEDS_TO_BE_FETCHED_FOR_PROF_SEL
May 6 07:07:42.519: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_GET_POLICY_BY_PEERID
May 6 07:07:42.519: IKEv2:%Profile could not be found by peer certificate.
May 6 07:07:42.519: IKEv2:(1): Choosing IKE profile IKEV2-PROFILE
May 6 07:07:42.519: IKEv2:Adding Proposal IKEV2-PROPOSAL to toolkit policy
May 6 07:07:42.519: IKEv2:(SA ID = 1):Using IKEv2 profile 'IKEV2-PROFILE'
May 6 07:07:42.519: IKEv2:(SA I
r1#D = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_SET_POLICY
May 6 07:07:42.519: IKEv2:(SA ID = 1):Setting configured policies
May 6 07:07:42.523: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_VERIFY_POLICY_BY_PEERID
May 6 07:07:42.531: IKEv2:Sending certificates as X509 certificates
May 6 07:07:42.535: IKEv2:(SA ID = 1):Matching certificate found
May 6 07:07:42.535: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_AUTH4EAP
May 6 07:07:42.539: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_POLREQEAP
May 6 07:07:42.539: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Eve
r1#nt: EV_CHK_AUTH_TYPE
May 6 07:07:42.539: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_CHK_CERT_ENC
May 6 07:07:42.539: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_VERIFY_X509_CERTS
May 6 07:07:42.539: IKEv2:Peer has sent X509 certificates
May 6 07:07:42.599: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_NO_EVENT
May 6 07:07:42.627: IKEv2:(SA ID = 1):Failed to verify certificate.
May 6 07:07:42.631: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_FAIL_RECD_VERIFY_CERT
May 6 07:07:42.635: IKEv2:(SA ID = 1):Action: Action_Null
May 6 07:07:42.635: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (
r1#R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_CERT_FAIL
May 6 07:07:42.635: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_AUTH_FAIL
May 6 07:07:42.635: IKEv2:Construct Notify Payload: AUTHENTICATION_FAILED
Payload contents:
NOTIFY(AUTHENTICATION_FAILED) Next payload: NONE, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: AUTHENTICATION_FAILED
May 6 07:07:42.643: IKEv2:(SA ID = 1):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE Message id: 1, length: 68
Payload contents:
ENCR Next payload: NOTIFY, reserved: 0x0, length: 40
May 6 07:07:42.651: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_FAIL
May 6 07:07:42.651: IKEv2:(SA ID = 1):Auth exchange failed
May 6 07:07:42.655: IKEv2:(SA ID = 1):Auth exchange failed
May
r1# 6 07:07:42.655: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000001 CurState: EXIT Event: EV_ABORT
May 6 07:07:42.655: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000001 CurState: EXIT Event: EV_CHK_PENDING_ABORT
May 6 07:07:42.655: IKEv2:Negotiating SA request deleted
May 6 07:07:42.655: IKEv2:Decrement count for incoming negotiating
May 6 07:07:42.659: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=6FFE51DF1E36E1F5 R_SPI=93E6DCFEC83ECA7E (R) MsgID = 00000001 CurState: EXIT Event: EV_UPDATE_CAC_STATS
May 6 07:07:44.083: IKEv2:Got a packet from dispatcher
May 6 07:07:44.095: IKEv2:Processing an item off the pak queue
May 6 07:07:44.103: IKEv2:New ikev2 sa request admitted
May 6 07:07:44.103: IKEv2:Incrementing incoming negotiating sa count by one
May 6 07:07:44.115: IKEv2:Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: Ir1#IATOR Message id: 0, length: 454
Payload contents:
SA Next payload: KE, reserved: 0x0, length: 44
last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
KE Next payload: N, reserved: 0x0, length: 200
DH group: 5, Reserved: 0x0
N Next payload: VID, reserved: 0x0, length: 24
May 6 07:07:44.123: IKEv2:Parse Vendor Specific Payload: CISCO-DELETE-REASON VID Next payload: VID, reserved: 0x0, length: 23
May 6 07:07:44.123: IKEv2:Parse Vendor Specific Payload: (CUSTOM) VID Next payload: NOTIFY, reserved: 0x0, length: 59
May 6 07:07:44.123: IKEv2:Parse Notify Payload: NAT_DETE
r1#CTION_SOURCE_IP NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
May 6 07:07:44.123: IKEv2:Parse Notify Payload: NAT_DETECTION_DESTINATION_IP NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: VID, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
May 6 07:07:44.123: IKEv2:Parse Vendor Specific Payload: FRAGMENTATION VID Next payload: NONE, reserved: 0x0, length: 20
May 6 07:07:44.123: IKEv2:(1): Received custom vendor id : CISCO(COPYRIGHT)
May 6 07:07:44.123: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000000 CurState: IDLE Event: EV_RECV_INIT
May 6 07:07:44.123: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000000 CurState: R_INIT Event: EV_VERIFY_MSG
May 6 07:07:44.123: IKEv2:(SA ID = 1):SM Trace-> SA: I_S
r1#PI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000000 CurState: R_INIT Event: EV_INSERT_SA
May 6 07:07:44.123: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000000 CurState: R_INIT Event: EV_GET_IKE_POLICY
May 6 07:07:44.127: IKEv2:Adding Proposal IKEV2-PROPOSAL to toolkit policy
May 6 07:07:44.127: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000000 CurState: R_INIT Event: EV_PROC_MSG
May 6 07:07:44.127: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000000 CurState: R_INIT Event: EV_DETECT_NAT
May 6 07:07:44.127: IKEv2:(SA ID = 1):Process NAT discovery notify
May 6 07:07:44.127: IKEv2:(SA ID = 1):Processing nat detect src notify
May 6 07:07:44.127: IKEv2:(SA ID = 1):Remote address matched
May 6 07:07:44.127: IKEv2:(SA ID = 1):Processing nat detect dst notify
May 6 07:07:44.127: IKEv2:(SA ID = 1):Local address matched
r1#
May 6 07:07:44.127: IKEv2:(SA ID = 1):No NAT found
May 6 07:07:44.127: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000000 CurState: R_INIT Event: EV_CHK_CONFIG_MODE
May 6 07:07:44.127: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_SET_POLICY
May 6 07:07:44.127: IKEv2:(SA ID = 1):Setting configured policies
May 6 07:07:44.127: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_CHK_AUTH4PKI
May 6 07:07:44.131: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_PKI_SESH_OPEN
May 6 07:07:44.131: IKEv2:(SA ID = 1):Opening a PKI session
May 6 07:07:44.131: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_
r1#GEN_DH_KEY
May 6 07:07:44.131: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT
May 6 07:07:44.131: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP
May 6 07:07:44.131: IKEv2:(SA ID = 1):Action: Action_Null
May 6 07:07:44.131: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_SECRET
May 6 07:07:44.267: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT
May 6 07:07:44.271: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_SECRET_RESP
May 6 07:07:44.271: IKEv2:(SA ID = 1):Action: Action_Null
May 6 07:07:44.271: IKE
r1#v2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_SKEYID
May 6 07:07:44.271: IKEv2:(SA ID = 1):Generate skeyid
May 6 07:07:44.275: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GET_CONFIG_MODE
May 6 07:07:44.275: IKEv2:IKEv2 responder - no config data to send in IKE_SA_INIT exch
May 6 07:07:44.275: IKEv2:No config data to send to toolkit:
May 6 07:07:44.275: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_BLD_MSG
May 6 07:07:44.275: IKEv2:Construct Vendor Specific Payload: DELETE-REASON
May 6 07:07:44.275: IKEv2:(1): Sending custom vendor id : CISCO(COPYRIGHT)
May 6 07:07:44.275: IKEv2:Construct Vendor Specific Payload: (CUSTOM)
May 6 07:07:44.275: IKEv2:Construct Vendor Specific Payload: (CUSTOM)
May 6 07:07:44.279:
r1#IKEv2:Construct Notify Payload: NAT_DETECTION_SOURCE_IP
May 6 07:07:44.279: IKEv2:Construct Notify Payload: NAT_DETECTION_DESTINATION_IP
May 6 07:07:44.279: IKEv2:(SA ID = 1):Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE Message id: 0, length: 480
Payload contents:
SA Next payload: KE, reserved: 0x0, length: 44
last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
KE Next payload: N, reserved: 0x0, length: 200
DH group: 5, Reserved: 0x0
N Next payload: VID, reserved: 0x0, length: 24
VID Next payload
r1#: VID, reserved: 0x0, length: 23
VID Next payload: VID, reserved: 0x0, length: 59
VID Next payload: NOTIFY, reserved: 0x0, length: 21
NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: CERTREQ, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
CERTREQ Next payload: NONE, reserved: 0x0, length: 25
Cert encoding X.509 Certificate - signature
May 6 07:07:44.299: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_DONE
May 6 07:07:44.299: IKEv2:(SA ID = 1):Cisco DeleteReason Notify is enabled
May 6 07:07:44.299: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_CHK4_ROLE
May 6 07:07:44.299: IKEv2:
r1#(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_START_TMR
May 6 07:07:44.299: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000000 CurState: R_WAIT_AUTH Event: EV_NO_EVENT
May 6 07:07:44.511: IKEv2:Got a packet from dispatcher
May 6 07:07:44.519: IKEv2:Processing an item off the pak queue
May 6 07:07:44.527: IKEv2:(SA ID = 1):Request has mess_id 1; expected 1 through 1
May 6 07:07:44.535: IKEv2:(SA ID = 1):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: INITIATOR Message id: 1, length: 964
Payload contents:
May 6 07:07:44.539: IKEv2:Parse Vendor Specific Payload: (CUSTOM) VID Next payload: IDi, reserved: 0x0, length: 20
IDi Next payload: CERT, reserved: 0x0, length: 21
Id type: FQDN, Reserved: 0x0 0x0
CERT Next payload: CERTREQ, reserved: 0x0, length: 593
Cert encoding X.509 Certificate - signature
CERTRE
r1#Q Next payload: AUTH, reserved: 0x0, length: 25
Cert encoding X.509 Certificate - signature
AUTH Next payload: SA, reserved: 0x0, length: 136
Auth method RSA, reserved: 0x0, reserved 0x0
SA Next payload: TSi, reserved: 0x0, length: 40
last proposal: 0x0, reserved: 0x0, length: 36
Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 3 last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
last transform: 0x0, reserved: 0x0: length: 8
type: 5, reserved: 0x0, id: Don't use ESN
TSi Next payload: TSr, reserved: 0x0, length: 24
Num of TSs: 1, reserved 0x0, reserved 0x0
TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
start port: 0, end port: 65535
start addr: 20.0.0.1, end addr: 20.0.0.1
TSr Next payload: NOTIFY, reserved: 0x0, length: 24
Num of TSs: 1, reserved 0x0, reserved 0x0
TS type: TS_IPV4_ADD
r1#R_RANGE, proto id: 0, length: 16
start port: 0, end port: 65535
start addr: 11.11.11.11, end addr: 11.11.11.11
May 6 07:07:44.547: IKEv2:Parse Notify Payload: INITIAL_CONTACT NOTIFY(INITIAL_CONTACT) Next payload: NOTIFY, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: INITIAL_CONTACT
May 6 07:07:44.551: IKEv2:Parse Notify Payload: ESP_TFC_NO_SUPPORT NOTIFY(ESP_TFC_NO_SUPPORT) Next payload: NOTIFY, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: ESP_TFC_NO_SUPPORT
May 6 07:07:44.555: IKEv2:Parse Notify Payload: NON_FIRST_FRAGS NOTIFY(NON_FIRST_FRAGS) Next payload: NONE, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: NON_FIRST_FRAGS
May 6 07:07:44.555: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_RECV_AUTH
May 6 07:07:44.555: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=
r1#C38011EE2A359A0C (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_NAT_T
May 6 07:07:44.555: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_PROC_ID
May 6 07:07:44.555: IKEv2:(SA ID = 1):Received valid parameteres in process id
May 6 07:07:44.559: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_IF_PEER_CERT_NEEDS_TO_BE_FETCHED_FOR_PROF_SEL
May 6 07:07:44.559: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_GET_POLICY_BY_PEERID
May 6 07:07:44.559: IKEv2:%Profile could not be found by peer certificate.
May 6 07:07:44.559: IKEv2:(1): Choosing IKE profile IKEV2-PROFILE
May 6 07:07:44.563: IKEv2:Adding Proposal IKEV2-PROPOSAL to toolkit policy
May 6 07:07:44.563: IKEv2:(SA ID = 1):Using IKEv2 profile 'IKEV2-PROFILE'
r1#
May 6 07:07:44.563: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_SET_POLICY
May 6 07:07:44.563: IKEv2:(SA ID = 1):Setting configured policies
May 6 07:07:44.563: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_VERIFY_POLICY_BY_PEERID
May 6 07:07:44.575: IKEv2:Sending certificates as X509 certificates
May 6 07:07:44.575: IKEv2:(SA ID = 1):Matching certificate found
May 6 07:07:44.575: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_AUTH4EAP
May 6 07:07:44.575: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_POLREQEAP
May 6 07:07:44.575: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00
r1#000001 CurState: R_VERIFY_AUTH Event: EV_CHK_AUTH_TYPE
May 6 07:07:44.579: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_CHK_CERT_ENC
May 6 07:07:44.579: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_VERIFY_X509_CERTS
May 6 07:07:44.579: IKEv2:Peer has sent X509 certificates
May 6 07:07:44.623: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_NO_EVENT
May 6 07:07:44.647: IKEv2:(SA ID = 1):Failed to verify certificate.
May 6 07:07:44.647: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_FAIL_RECD_VERIFY_CERT
May 6 07:07:44.647: IKEv2:(SA ID = 1):Action: Action_Null
May 6 07:07:44.647: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F
r1#6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_CERT_FAIL
May 6 07:07:44.647: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_AUTH_FAIL
May 6 07:07:44.651: IKEv2:Construct Notify Payload: AUTHENTICATION_FAILED
Payload contents:
NOTIFY(AUTHENTICATION_FAILED) Next payload: NONE, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, type: AUTHENTICATION_FAILED
May 6 07:07:44.659: IKEv2:(SA ID = 1):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE Message id: 1, length: 68
Payload contents:
ENCR Next payload: NOTIFY, reserved: 0x0, length: 40
May 6 07:07:44.671: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_FAIL
May 6 07:07:44.671: IKEv2:(SA ID = 1):Auth exchange failed
May 6 07:07:44.671: IKEv2:(SA
r1#ID = 1):Auth exchange failed
May 6 07:07:44.683: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000001 CurState: EXIT Event: EV_ABORT
May 6 07:07:44.687: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000001 CurState: EXIT Event: EV_CHK_PENDING_ABORT
May 6 07:07:44.687: IKEv2:Negotiating SA request deleted
May 6 07:07:44.687: IKEv2:Decrement count for incoming negotiating
May 6 07:07:44.687: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=411109F6A0647C2B R_SPI=C38011EE2A359A0C (R) MsgID = 00000001 CurState: EXIT Event: EV_UPDATE_CAC_STATS
May 6 07:07:46.071: IKEv2:Got a packet from dispatcher
May 6 07:07:46.083: IKEv2:Processing an item off the pak queue
May 6 07:07:46.087: IKEv2:New ikev2 sa request admitted
May 6 07:07:46.091: IKEv2:Incrementing incoming negotiating sa count by one
May 6 07:07:46.099: IKEv2:Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: INIT
r1#IATOR Message id: 0, length: 454
Payload contents:
SA Next payload: KE, reserved: 0x0, length: 44
last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
KE Next payload: N, reserved: 0x0, length: 200
DH group: 5, Reserved: 0x0
N Next payload: VID, reserved: 0x0, length: 24
May 6 07:07:46.107: IKEv2:Parse Vendor Specific Payload: CISCO-DELETE-REASON VID Next payload: VID, reserved: 0x0, length: 23
May 6 07:07:46.107: IKEv2:Parse Vendor Specific Payload: (CUSTOM) VID Next payload: NOTIFY, reserved: 0x0, length: 59
May 6 07:07:46.107: IKE
r1#v2:Parse Notify Payload: NAT_DETECTION_SOURCE_IP NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
May 6 07:07:46.107: IKEv2:Parse Notify Payload: NAT_DETECTION_DESTINATION_IP NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: VID, reserved: 0x0, length: 28
Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
May 6 07:07:46.107: IKEv2:Parse Vendor Specific Payload: FRAGMENTATION VID Next payload: NONE, reserved: 0x0, length: 20
May 6 07:07:46.107: IKEv2:(1): Received custom vendor id : CISCO(COPYRIGHT)
May 6 07:07:46.111: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=212872094C17F04F R_SPI=993CFA0128142583 (R) MsgID = 00000000 CurState: IDLE Event: EV_RECV_INIT
May 6 07:07:46.111: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=212872094C17F04F R_SPI=993CFA0128142583 (R) MsgID = 00000000 CurState: R_INIT Event: EV_VERIFY_MSG
May 6 07:07:46.111: IKE
r1#v2:(SA ID = 1):SM Trace-> SA: I_SPI=212872094C17F04F R_SPI=993CFA0128142583 (R) MsgID = 00000000 CurState: R_INIT Event: EV_INSERT_SA
May 6 07:07:46.111: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=212872094C17F04F R_SPI=993CFA0128142583 (R) MsgID = 00000000 CurState: R_INIT Event: EV_GET_IKE_POLICY
May 6 07:07:46.111: IKEv2:Adding Proposal IKEV2-PROPOSAL to toolkit policy
May 6 07:07:46.111: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=212872094C17F04F R_SPI=993CFA0128142583 (R) MsgID = 00000000 CurState: R_INIT Event: EV_PROC_MSG
May 6 07:07:46.115: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=212872094C17F04F R_SPI=993CFA0128142583 (R) MsgID = 00000000 CurState: R_INIT Event: EV_DETECT_NAT
May 6 07:07:46.115: IKEv2:(SA ID = 1):Process NAT discovery notify
May 6 07:07:46.115: IKEv2:(SA ID = 1):Processing nat detect src notify
May 6 07:07:46.115: IKEv2:(SA ID = 1):Remote address matched
May 6 07:07:46.115: IKEv2:(SA ID = 1):Processing nat detect dst notify
May 6 07:07:46.115: IKEv2:
r1#(SA ID = 1):SM Trace-> SA: I_SPI=212872094C17F04F R_SPI=993CFA0128142583 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_START_TMR
May 6 07:07:46.287: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=212872094C17F04F R_SPI=993CFA0128142583 (R) MsgID = 00000000 CurState: R_WAIT_AUTH Event: EV_NO_EVENT
May 6 07:07:46.499: IKEv2:Got a packet from dispatcher
May 6 07:07:46.507: IKEv2:Processing an item off the pak queue
May 6 07:07:46.515: IKEv2:(SA ID = 1):Request has mess_id 1; expected 1 through 1
May 6 07:07:46.523: IKEv2:(SA ID = 1):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: INITIATOR Message id: 1, length: 964
Payload contents:
May 6 07:07:46.535: IKEv2:SM Trace-> SA: I_SPI=212872094C17F04F R_SPI=993CFA0128142583 (R) MsgID = 00000001 CurState: EXIT Event: EV_CHK_PENDING_ABORT
May 6 07:07:46.699: IKEv2:Negotiating SA request deleted
May 6 07:07:46.699: IKEv2:Decrement count for incoming negotiating
May 6 07:07:46.703: IKEv2:(SA ID = 1):SM
r1#Trace-> SA: I_SPI=212872094C17F04F R_SPI=993CFA0128142583 (R) MsgID = 00000001 CurState: EXIT Event: EV_UPDATE_CAC_STATS
May 6 07:07:48.083: IKEv2:Got a packet from dispatcher
May 6 07:07:48.095: IKEv2:Processing an item off the pak queue
May 6 07:07:48.099: IKEv2:New ikev2 sa request admitted
May 6 07:07:48.103: IKEv2:Incrementing incoming negotiating sa count by one
May 6 07:07:48.111: IKEv2:Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: INITIATOR Message id: 0, length: 454
Payload contents:
SA Next payload: KE, reserved: 0x0, length: 44
last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
last transform: 0x0, reserved: 0x0: le
r1#ngth: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
KE Next payload: N, reserved: 0x0, length: 200
DH group: 5, Reserved: 0x0
N Next payload: VID, reserved: 0x0, length: 24
May 6 07:07:48.115: IKEv2:Parse Vendor Specific Payload: CISCO-DELETE-REASON VID Next payload: VID, reserved: 0x0, length: 23
May 6 07:07:48.115: IKEv2:Parse Vendor Specific Payload: (CUSTOM) VID Next payload: NOTIFY, reserved: 0x0, length: 59
SM Trace-> SA: I_SPI=437C795C66276FB5 R_SPI=D42EF9E24AF9B8D5 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_START_TMR
May 6 07:07:48.295: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=437C795C66276FB5 R_SPI=D42EF9E24AF9B8D5 (R) MsgID = 00000000 CurState: R_WAIT_AUTH Event: EV_NO_EVENT
May 6 07:07:48.523: IKEv2:Got a packet from dispatcher
May 6 07:07:48.527: IKEv2:Processing an item off the pak queue
May 6 07:07:48.531: IKEv2:(SA ID = 1):Request has mess_id 1; expected 1 through 1
May 6 07:07:48.535: IKEv2:(SA ID = 1):Next p
r1#ayload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: INITIATOR Message id: 1, length: 964
Payload contents:
May 6 07:07:48.539: IKEv2:
May 6 07:07:48.579: IKEv2:Peer has sent X509 certificates
May 6 07:07:48.639: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=437C795C66276FB5 R_SPI=D42EF9E24AF9B8D5 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_NO_EVENT
May 6 07:07:48.659: IKEv2:(SA ID = 1):Failed to verify certificate.
May 6 07:07:48.663: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=437C795C66276FB5 R_SPI=D42EF9E24AF9B8D5 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_FAIL_RECD_VERIFY_CERT
May 6 07:07:48.663: IKEv2:(SA ID = 1):Action: Action_Null
May 6 07:07:48.663: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=437C795C66276FB5 R_SPI=D42EF9E24AF9B8D5 (R) MsgID = 00000001 CurState: EXIT Event: EV_CHK_PENDING_ABORT
May 6 07:07:48.707: IKEv2:Negotiating SA request deleted
May 6 07:07:48.707: IKEv2:Decrement count for incoming negotiating
May 6 07:07:48.707: IKE
r1#v2:(SA ID = 1):SM Trace-> SA: I_SPI=437C795C66276FB5 R_SPI=D42EF9E24AF9B8D5 (R) MsgID = 00000001 CurState: EXIT Event: EV_UPDATE_CAC_STATS
May 6 07:07:50.103: IKEv2:Got a packet from dispatcher
May 6 07:07:50.111: IKEv2:Processing an item off the pak queue
May 6 07:07:50.111: IKEv2:New ikev2 sa request admitted
May 6 07:07:50.115: IKEv2:Incrementing incoming negotiating sa count by one
May 6 07:07:50.115: IKEv2:Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: INITIATOR Message id: 0, length: 454
Payload contents:
SA Next payload: KE, reserved: 0x0, length: 44
last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 8
type: 1, reserved: 0x0, id: 3DES
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: MD5
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: MD596
last transform: 0x0,
r1# reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_1536_MODP/Group 5
KE Next payload: N, reserved: 0x0, length: 200
DH group: 5, Reserved: 0x0
N Next payload: VID, reserved: 0x0, length: 24
May 6 07:07:50.119: IKEv2:Parse Vendor Specific Payload: CISCO-DELETE-REASON VID Next payload: VID, reserved: 0x0, length: 23
May 6 07:07:50.119: IKEv2:Parse Vendor Specific Payload: (CUSTOM) VID Next payload: NOTIFY, reserved: 0x0, length: 59
SM Trace-> SA: I_SPI=7115CB17329971FF R_SPI=C48B3E8D272390EF (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP
May 6 07:07:50.143: IKEv2:(SA ID = 1):Action: Action_Null
May 6 07:07:50.143: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=7115CB17329971FF R_SPI=C48B3E8D272390EF (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_SECRET
May 6 07:07:50.271: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=7115CB17329971FF R_SPI=C48B3E8D272390EF (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT
r1#May 6 07:07:50.271: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=7115CB17329971FF R_SPI=C48B3E8D272390EF (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_START_TMR
May 6 07:07:50.311: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=7115CB17329971FF R_SPI=C48B3E8D272390EF (R) MsgID = 00000000 CurState: R_WAIT_AUTH Event: EV_NO_EVENT
May 6 07:07:50.539: IKEv2:Got a packet from dispatcher
May 6 07:07:50.543: IKEv2:Processing an item off the pak queue
May 6 07:07:50.547: IKEv2:(SA ID = 1):Request has mess_id 1; expected 1 through 1
May 6 07:07:50.555: IKEv2:(SA ID = 1):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: INITIATOR Message id: 1, length: 964
Payload contents:
May 6 07:07:50.563: IKEv2:SM Trace-> SA: I_SPI=7115CB17329971FF R_SPI=C48B3E8D272390EF (R) MsgID = 00000001 CurState: EXIT Event: EV_CHK_PENDING_ABORT
May 6 07:07:50.691: IKEv2:Negotiating SA request deleted
May 6 07:07:50.691: IKEv2:Decrement count for incoming negotiating
May 6 07:07:50
r1#.691: IKEv2:(SA ID = 1):SM Trace-> SA: I_SPI=7115CB17329971FF R_SPI=C48B3E8D272390EF (R) MsgID = 00000001 CurState: EXIT Event: EV_UPDATE_CAC_STATS
May 6 07:07:52.379: IKEv2:Got a packet from dispatcher
May 6 07:07:52.387: IKEv2:Processing an item off the pak queue
May 6 07:07:52.415: IKEv2:Couldn't find matching SA
May 6 07:07:52.419: IKEv2:Detected an invalid IKE SPI
May 6 07:07:52.419: IKEv2:Couldn't find matching SA
May 6 07:07:52.419: IKEv2:(SA ID = 0):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: INITIATOR Message id: 1, length: 964
May 6 07:07:52.423: IKEv2:A supplied parameter is incorrect
May 6 07:07:52.423: IKEv2:
May 6 07:07:56.307: IKEv2:Got a packet from dispatcher
May 6 07:07:56.315: IKEv2:Processing an item off the pak queue
May 6 07:07:56.343: IKEv2:Couldn't find matching SA
May 6 07:07:56.347: IKEv2:Detected an invalid IKE SPI
May 6 07:07:56.347: IKEv2:Couldn't find matching SA
May 6 07:07:56.347: IKEv2:(SA
r1#ID = 0):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: INITIATOR Message id: 1, length: 964
May 6 07:07:56.347: IKEv2:A supplied parameter is incorrect
May 6 07:07:56.347: IKEv2:
May 6 07:08:04.302: IKEv2:Got a packet from dispatcher
May 6 07:08:04.314: IKEv2:Processing an item off the pak queue
May 6 07:08:04.330: IKEv2:Couldn't find matching SA
May 6 07:08:04.330: IKEv2:Detected an invalid IKE SPI
May 6 07:08:04.330: IKEv2:Couldn't find matching SA
May 6 07:08:04.334: IKEv2:(SA ID = 0):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: INITIATOR Message id: 1, length: 964
May 6 07:08:04.334: IKEv2:A supplied parameter is incorrect
May 6 07:08:04.334: IKEv2:
May 6 07:08:19.210: IKEv2:Got a packet from dispatcher
May 6 07:08:19.222: IKEv2:Processing an item off the pak queue
May 6 07:08:19.254: IKEv2:Couldn't find matching SA
May 6 07:08:19.258: IKEv2:Detected an invalid IKE SPI
May 6 07:08:19.258: IKEv2:Cou
r1#ldn't find matching SA
May 6 07:08:19.262: IKEv2:(SA ID = 0):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: INITIATOR Message id: 1, length: 964
May 6 07:08:19.262: IKEv2:A supplied parameter is incorrect
May 6 07:08:19.262: IKEv2:
r1#
------------------------------------------------------
How much has changed from the 640-863 to the 640-864 ? I have access to the Design Exam video's but wonder if all are still relevant as the title references the 640-863 or has something else added.
Thanks
Chris
Hi ALL,
INE has started rack rentals for practicing v5 workbooks/labs. I have not tried it yet but its a bit cheaper than for v4 :)
3 Tokens/Hour
I initially thought it would be more cheaper due to virtualization in v5.
Thanks
Hello to all.
Are there certain versions of IOS that does / does not need the clearing of the OSPF process for the hard coded RID to take effect? I have not yet tested this on real gear and I'm using GNS3 at the moment. I had a discussion about this in another forum but we have not concluded anything yet.
Below are my outputs from GNS3.
R1(config-router)#do sh ip prot
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 192.168.1.1
R1(config-router)#router-id 1.1.1.1
Reload or use "clear ip ospf process" command, for this to take effect
R1(config-router)#do sh ip prot
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 192.168.1.1
R1(config-router)#do sh ver | i IOS
Cisco IOS Software, 2600 Software (C2691-ADVENTERPRISEK9-M), Version 12.4(15)T7, RELEASE SOFTWARE (fc3)
The following are the results tested by another member I was having the discussion with. He was using real gear.
router#sh ip proto
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 11.11.11.11
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
0.0.0.0 255.255.255.255 area 0
Reference bandwidth unit is 100 mbps
Routing Information Sources:
Gateway Distance Last Update
Distance: (default is 110)
router(config-router)#router-id 5.5.5.5
router(config-router)#do sh ip proto
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 5.5.5.5
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
0.0.0.0 255.255.255.255 area 0
Reference bandwidth unit is 100 mbps
Routing Information Sources:
Gateway Distance Last Update
Distance: (default is 110)
router(config-router)#do sh ver | in IOS
Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(24)T, RELEASE SOFTWARE (fc1)
I'm currently searching for official documentation about not needing to clear the process upon hard coding the RID but couldn't find one. Thanks in advance.
I am about to set up a ccna lab. I bought a 2611xm router. Yet i will buy 1841 and 3550. I would like to know a laptop model to buy so that i can see the cisco ios. I am complete novice in this so i need help.
When does BGP decide to route via Oldest Path VS Lowest Router ID? Here I have a case where BGP selects oldest path and another lowest router ID:
R3(config-if)#!right now, 1.2.3.4/32 is learned via 155.1.13.1
R3(config-if)#!but is it because of its lower router ID
R3(config-if)#!when compared with SW3's?
R3(config-if)#do sh ip bgp 1.2.3.4
BGP routing table entry for 1.2.3.4/32, version 91
Paths: (3 available, best #2, table default)
Advertised to update-groups:
1 2 3
Refresh Epoch 1
300
155.1.37.7 from 155.1.37.7 (150.1.7.7)
Origin IGP, localpref 100, valid, external
Refresh Epoch 1
100
155.1.13.1 from 155.1.13.1 (150.1.1.1)
Origin IGP, localpref 100, valid, external, best
Refresh Epoch 26
100
155.1.45.4 (metric 27309056) from 155.1.0.5 (150.1.5.5)
Origin IGP, metric 0, localpref 100, valid, internal
R3(config-if)#!let's shut down the interface that connects me to R1
R3(config-if)#int s1/2
R3(config-if)#shut
R3(config-if)#
*Apr 16 05:11:20.979: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 155.1.13.1 (Serial1/2) is down: interface down
*Apr 16 05:11:20.980: %BGP-5-ADJCHANGE: neighbor 155.1.13.1 Down Interface flap
*Apr 16 05:11:20.980: %BGP_SESSION-5-ADJCHANGE: neighbor 155.1.13.1 IPv4 Unicast topology base removed from session Interface flap
R3(config-if)#
*Apr 16 05:11:22.976: %LINK-5-CHANGED: Interface Serial1/2, changed state to administratively down
*Apr 16 05:11:23.981: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/2, changed state to down
R3(config-if)#!Now we route through SW3 via 155.1.37.7
R3(config-if)#do sh ip bgp 1.2.3.4
BGP routing table entry for 1.2.3.4/32, version 111
Paths: (2 available, best #1, table default)
Advertised to update-groups:
1 3
Refresh Epoch 1
300
155.1.37.7 from 155.1.37.7 (150.1.7.7)
Origin IGP, localpref 100, valid, external, best
Refresh Epoch 26
100
155.1.45.4 (metric 27309056) from 155.1.0.5 (150.1.5.5)
Origin IGP, metric 0, localpref 100, valid, internal
R3(config-if)#!let's bring the interface to R1 back up
R3(config-if)#no shut
R3(config-if)#
*Apr 16 05:12:08.280: %LINK-3-UPDOWN: Interface Serial1/2, changed state to up
*Apr 16 05:12:09.280: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/2, changed state to up
R3(config-if)#!L
*Apr 16 05:12:15.860: %DUAL-5-NBRCHANGE: EIGRP-IPv4 1: Neighbor 155.1.13.1 (Serial1/2) is up: new adjacency
R3(config-if)#!Let'
*Apr 16 05:12:17.177: %BGP-5-ADJCHANGE: neighbor 155.1.13.1 Up
R3(config-if)#!Let's see now who we route through to get to 1.2.3.4/32
R3(config-if)#do sh ip bgp 1.2.3.4
BGP routing table entry for 1.2.3.4/32, version 111
Paths: (3 available, best #1, table default)
Advertised to update-groups:
1 2 3
Refresh Epoch 1
300
155.1.37.7 from 155.1.37.7 (150.1.7.7)
Origin IGP, localpref 100, valid, external, best
Refresh Epoch 1
100
155.1.13.1 from 155.1.13.1 (150.1.1.1)
Origin IGP, localpref 100, valid, external
Refresh Epoch 26
100
155.1.45.4 (metric 27309056) from 155.1.0.5 (150.1.5.5)
Origin IGP, metric 0, localpref 100, valid, internal
R3(config-if)#!We still route through SW3 even though it has a
R3(config-if)#!higher router ID. This confirms BGP is using
R3(config-if)#!oldest route criteria to select best path
R1(config-route-map)#!R1 currently routes through R4 to reach 114.0.0.0/8
R1(config-route-map)#!but is this due to its lower router ID when
R1(config-route-map)#!compared to R6's?
R1(config-route-map)#do sh ip bgp 114.0.0.0
BGP routing table entry for 114.0.0.0/8, version 63
Paths: (2 available, best #1, table default)
Advertised to update-groups:
1 9
Refresh Epoch 24
54, (Received from a RR-client)
204.12.1.254 (metric 2560025856) from 155.1.146.4 (150.1.4.4)
Origin IGP, metric 0, localpref 100, valid, internal, best
Refresh Epoch 21
54, (Received from a RR-client)
54.1.1.254 (metric 2560025856) from 155.1.146.6 (150.1.6.6)
Origin IGP, metric 0, localpref 100, valid, internal
R1(config-route-map)#!since both MED and IGP metric are the same
R1(config-route-map)#!via both paths, the next criteria to look
R1(config-route-map)#!at would be oldest route or lower router ID
R1(config-route-map)#!but which one is it using to select the
R1(config-route-map)#!best path? Let's find out by shutting
R1(config-route-map)#!down R4 as a BGP neighbor
R1(config-route-map)#router bgp 100
R1(config-router)#neigh 155.1.146.4 shut
R1(config-router)#
*Apr 16 05:22:40.716: %BGP-5-ADJCHANGE: neighbor 155.1.146.4 Down Admin. shutdown
*Apr 16 05:22:40.716: %BGP_SESSION-5-ADJCHANGE: neighbor 155.1.146.4 IPv4 Unicast topology base removed from session Admin. shutdown
R1(config-router)#!Now we route via R6 to 114.0.0.0/8
R1(config-router)#do sh ip bgp 114.0.0.0
BGP routing table entry for 114.0.0.0/8, version 85
Paths: (1 available, best #1, table default)
Advertised to update-groups:
9
Refresh Epoch 21
54, (Received from a RR-client)
54.1.1.254 (metric 2560025856) from 155.1.146.6 (150.1.6.6)
Origin IGP, metric 0, localpref 100, valid, internal, best
R1(config-router)#!let's bring R4 back up and see how we route
R1(config-router)#!to 114.0.0.0/8
R1(config-router)#no neigh 155.1.146.4 shut
R1(config-router)#
*Apr 16 05:24:11.501: %BGP-5-ADJCHANGE: neighbor 155.1.146.4 Up
R1(config-router)#do sh ip bgp 114.0.0.0
BGP routing table entry for 114.0.0.0/8, version 100
Paths: (2 available, best #1, table default)
Advertised to update-groups:
1 9
Refresh Epoch 1
54, (Received from a RR-client)
204.12.1.254 (metric 2560025856) from 155.1.146.4 (150.1.4.4)
Origin IGP, metric 0, localpref 100, valid, internal, best
Refresh Epoch 21
54, (Received from a RR-client)
54.1.1.254 (metric 2560025856) from 155.1.146.6 (150.1.6.6)
Origin IGP, metric 0, localpref 100, valid, internal
R1(config-router)#!we are routing back through R4 despite being
R1(config-router)#!the newest route. This proves BGP is using
R1(config-router)#!lowest router ID to select best path
I encountered twice UCS hardware failures during yesterday and today. I can not access UCS from rack's server. It seemed that is no any ucs at the rack. I even can not reply INE's email, each time I got a failure reply email. Connaction by email is so inefficient.
Could INE use any IM software? such as skype, google talk.
What is the 'proper' configuration for MDS interfaces facing the UCS? The INE guide instructs us on how to enable VSAN trunking on an FI, which results in the following config change:
UCS-Lab-A(nxos)# sh run int fc1/31
interface fc1/31
switchport mode NP
switchport trunk mode on
no shutdown
I am just wondering...what is the default tunneling mode in MPLS VPN or do we have to manually configure each mode?
nt
Hi,
I doing this lab, and I dont have anyting on any of my devices when doing a "show ip pim rp map".
I been through the configuration a couple of times, and cant see that I miss anything.
I found a thread that says the scope should be 3 and not 2, but even if I set it to 10 I dont get anything.
How do I troubleshoot on this?
I have tried to clear rp mappings and mroute table with no luck.
I do have entires in "show ip mroute"
In full scale lab 1 section 1.10 OTV.
why they are using ip igmp version 3 in N3k and N4k on the interface e1/10 and interface port-channel 10 respectively.
we already have configured ip igmp version 3 on Join interfaces in N1K and N2K on the OTV edge device.