IPX hast just released a post on their facebook page about INE. Interesting...

Has anyone heard the same thing that we're hearing? Supposedly INE / Internetwork Expert is getting partially acquired, and will no longer have their AAP or self-study materials. Supposedly, Mark Snow quit in December due to lack of payments to him, and now "the Brians" have fallen out, and they've supposedly given up on Collaboration, Security and SP ILT, and I assume CCDE too. I've heard a rumor that Brian McGahan is done teaching April 1st, and the entire CCIE community knows that Brian Dennis hasn't lifted a finger within the company in almost 2 years. Does anyone know about this, because if it's true - we will be offering an ABSOLUTELY AMAZING transition program from INE to . Gary Eimerman do you know anything about this? Very crazy news, I don't know what to think about it.

Dears,
I am configuring IKEv2 site to ste vpn between ASA and router. Sometimes the tunnel comes up and sometimes it does not. I am choosing random encryption/integrity protocols ans setting prf on ASA same as integrity algorithm.

Are there any limitations on some algorithms?

Here is an example for a non working config. Plz advise if i missed anything:
Tunnel IPs:
ASA: 192.168.1.11
Router: 192.168.2.1

interesting traffic:
ASA: 192.168.11.0/24
R1: 150.1.1.0/24

ASA config:
access-list 101 extended permit ip 192.168.11.0 255.255.255.0 150.1.1.0 255.255.255.0
crypto ipsec ikev2 ipsec-proposal ikeprop
 protocol esp encryption aes
 protocol esp integrity sha-1
crypto map mymap 10 match address 101
crypto map mymap 10 set peer 192.168.2.1
crypto map mymap 10 set ikev2 ipsec-proposal ikeprop
crypto map mymap interface outside
crypto ikev2 policy 10
 encryption aes
 integrity sha
 group 5
 prf sha
 lifetime seconds 86400
crypto ikev2 enable outside
tunnel-group 192.168.2.1 type ipsec-l2l
tunnel-group 192.168.2.1 ipsec-attributes
 ikev2 remote-authentication pre-shared-key cisco
 ikev2 local-authentication pre-shared-key cisco

Router config:
access-list 101 permit ip 150.1.1.0 0.0.0.255 192.168.11.0 0.0.0.255
crypto ikev2 proposal ikeprop
 encryption aes-cbc-128
 integrity sha1
 group 5
crypto ikev2 keyring ASA
 peer 192.168.1.11
  address 192.168.1.11
  pre-shared-key local cisco
  pre-shared-key remote cisco
 !
crypto ikev2 profile ikeprof
 match identity remote address 192.168.1.11 255.255.255.255
 authentication remote pre-share
 authentication local pre-share
 keyring local ASA
crypto ipsec transform-set myset esp-aes esp-sha-hmac
 mode tunnel
crypto map mymap 10 ipsec-isakmp
 set peer 192.168.1.11
 set transform-set myset
 set ikev2-profile ikeprof
 match address 101
int g0/0
 crypto map mymap

Hi,

I see I don't have any luck with the Identity Management section


I do 'MAB using ACS' and from SW1 I can't see R3 (rack #9):

SW1#sh int statu

Port      Name               Status       Vlan       Duplex  Speed Type
Fa1/0/1                      connected    19         a-full  a-100 10/100BaseTX
Fa1/0/2                      connected    29         a-full  a-100 10/100BaseTX
Fa1/0/3                      notconnect   37         a-full  a-100 10/100BaseTX


SW1#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
SW2.ine.com      Fas 1/0/20        159              S I   WS-C3750- Fas 1/0/20
SEP0003E363068E  Fas 1/0/5         160               H    IP Phone  Port 1
R1.ine.com       Fas 1/0/1         178             R S I  CISCO2911 Gig 0/0
R2.ine.com       Fas 1/0/2         159             R S I  CISCO2911 Gig 0/0
SW1#




R3#sh ip int b
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            136.1.37.3      YES manual up                    up     
FastEthernet0/1            unassigned      YES manual administratively down down   
Loopback0                  150.1.3.3       YES manual up                    up     
R3#sh cdp ne
R3#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
R3#


regards
Hubert

Hi guys!

it seems the OSPF story does not have any end! I have this topology in hand:

as you see, OSPF is activated on routers and we have 2 areas, area 0 and area 1. Area 1 is set to be an NSSA area, because I have two loopback interface on R6 that are redistributed into OSPF. also, you can see the routers R3 and R4 are inter-connected by 2 sub-interfaces in which Fa0/0.1234 on both of them are placed in area 0 and Fa0/0.3456 are put into area 1. 

now routing table on R5, as an internal router in NSSA area, have two "N2" routes:

R5(config-router)#do sh ip route  ospf

O N2    6.6.6.2 [110/20] via 100.1.56.6, 00:26:02, FastEthernet0/0

O N2    6.6.6.1 [110/20] via 100.1.56.6, 00:26:27, FastEthernet0/0

let's take a look at routing table on ABR routers, R3 and R4:

R3(config-router)#do sh ip route  ospf

O E2    6.6.6.2 [110/20] via 100.1.35.5, 00:26:53, FastEthernet0/1

O E2    6.6.6.1 [110/20] via 100.1.35.5, 00:27:17, FastEthernet0/1

----------------------------------------------------------------------

R4(config-if)#do sh ip route  ospf

O N2    6.6.6.2 [110/20] via 100.1.156.3, 00:13:20, FastEthernet0/0.3456

O N2    6.6.6.1 [110/20] via 100.1.156.3, 00:13:20, FastEthernet0/0.3456

As I know, Cisco routers prefer E2 over N2 routes, but in this case R3 and R4 receive both N2 and E2 routes. but why does R4 prefer N2 and R3 prefer E2? I test the DB and both of them have N2 routes inside their OSPF DB. besides, I test it on both IPv4 and IPv6 and the IOS that I'm using is C3725-ADVENTERPRISEK9-M), Version 12.4(15)T7. 

R3(config-router)#do sh ip ospf data 

                Type-7 AS External Link States (Area 1)

Link ID         ADV Router      Age         Seq#       Checksum Tag

6.6.6.1         6.6.6.1         1045        0x80000001 0x006567 0

6.6.6.2         6.6.6.1         1015        0x80000001 0x005B70 0

details of NSSA routes on R3 shows that "Routing Bit Set on this LSA" is missing on the NSSA route on R3. but why?!

R3(config-router)#do sh ip ospf data nssa 6.6.6.1

            OSPF Router with ID (3.3.3.1) (Process ID 1)

                Type-7 AS External Link States (Area 1)

  LS age: 455

  Options: (No TOS-capability, Type 7/5 translation, DC)

  LS Type: AS External Link

  Link State ID: 6.6.6.1 (External Network Number )

  Advertising Router: 6.6.6.1

  Network Mask: /32

        Metric Type: 2 (Larger than any link state path)

        Metric: 20 

        Forward Address: 100.1.56.6

R3(config-router)#do sh ip ospf data ex 6.6.6.1 

            OSPF Router with ID (3.3.3.1) (Process ID 1)

                Type-5 AS External Link States

  Routing Bit Set on this LSA

  LS age: 636

Hello guys,

I've been trying to figure this out for about an hour now. The configuration is exactly the same as in the solution and the result is that the multicast stream (dns) is indeed forwarded to R8, but R8 doesn't transform it to broadcast, it just sends it as a multicast on vlan 108 and R10 builds (S,G) for it, then sends R10 sends (S,G) prune for it and R8 actually prunes gi1.58 off (exactly like in the workbook solution):

(155.1.146.6, 239.1.1.100), 00:04:08/00:01:51, flags: PLTX

  Incoming interface: GigabitEthernet1.58, RPF nbr 155.1.58.5

  Outgoing interface list:

    GigabitEthernet1.108, Prune/Dense, 00:02:45/00:00:14

It just doesn't do the mcast->bcast transformation :(.

I'm using csr1000v 15.5(1)S. I've done the same lab using 3725s in GNS3 and it works there flawlessly.

Enabling usual debugging on R8 (no ip mfib cef in/out, debug ip packet detailed, debug ip mfib ps and debug ip mfib pak for 239.1.1.100) yielded:

FIBipv4-packet-proc: route packet from GigabitEthernet1.58 src 155.1.146.100 dst 239.1.1.100

FIBfwd-proc: Default:224.0.0.0/4 multicast entry

FIBipv4-packet-proc: packet routing failed

Does anybody have any idea why this happens on csr1000v but works on 3725?

The config is quite simple (copy&paste of the solution basically):

GNS R4:

ip multicast-routing

ip forward-protocol udp 5000

interface FastEthernet0/0.146

 ip multicast helper-map broadcast 239.1.1.100 HELPER ttl 10

ip access-list extended HELPER

 permit udp any any eq domain

 permit udp any any eq 5000

GNS R8:

ip multicast-routing

ip forward-protocol udp 5000

interface FastEthernet0/0.58

 ip multicast helper-map 239.1.1.100 155.1.108.255 HELPER

interface FastEthernet0/0.108

 ip broadcast-address 155.1.108.255

 ip directed-broadcast

CSR1000v R4:

ip multicast-routing distributed

ip forward-protocol udp 5000

interface GigabitEthernet1.146

 encapsulation dot1Q 146

 ip address 155.1.146.4 255.255.255.0

 ip pim dense-mode

 ip multicast helper-map broadcast 239.1.1.100 HELPER ttl 10

ip access-list extended HELPER

 permit udp any any eq 5000

 permit udp any any eq domain

CSR1000v R8:

ip multicast-routing distributed

interface GigabitEthernet1.58

 ip multicast helper-map 239.1.1.100 155.1.108.255 HELPER

!

interface GigabitEthernet1.108

 ip broadcast-address 155.1.108.255

 ip directed-broadcast

Thx for any help.

Hello all,

  Does anyone use a windows based tabbed terminal/console solution? I am looking for a good terminal program with tabbed windows.

Thanks

Normal 0 false false false EN-US X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

Hi guys, I know the DC track has been around a while, what are the chances that it is going to face a complete refresh soon?

Also does anyone know if the waiting times for sitting lab are still very long ?

Thanks

I've yet to find a really good write-up of what the various BGP multicast address families are for and to which feature they apply.  Can anyone provide a good reference for that? I know what some of them do but honestly, I don't have a firm grasp on when to use each one.

Router(config-router)#address-family ipv4 ?

  mdt        Address Family modifier

  multicast  Address Family modifier

  mvpn       Address Family modifier

  unicast    Address Family modifier

  vrf        Specify parameters for a VPN Routing/Forwarding instance

  <cr>

Router(config-router)#address-family ipv4

Does anyone know who teaches DC bootcamp in Huntington Beach, Ca? I'm looking at attending in May or July, but curious about whos teaching it.

Thanks,

Just curious if / when we can expect video updates for v2 for those who don't have an AAP and downloaded the training bundle?  Thanks.

Use this thread for discussion on building INE's CCIE RSv5 topology using the Cloud Services Router 1000v (CSR1000v).

Details of INE's RSv5 topology can be found here.

Details on CSR1000v can be found here.

Check the CSR1000v Data Sheets for specific platform requirements.

This thread is a continuation of the original RSv5 build thread that can be found here.

PLEASE DO NOT POST REQUESTS FOR IOS IMAGES, IT IS ILLEGAL TO PROVIDE YOU WITH THEM UNLESS YOU ALREADY HAVE A VALID CISCO SERVICE CONTRACT.

Hi,

Having a look at CCIE spanning-tree training videos....

The MAC aging timer says how long an inactive mac address stays on the MAC address (MA) table.
A topology change reduces this aging timer to Forwarding Delay timer (assuming its bigger than the Forwarding Delay).

Question:
For how long does this aging timer reduction last? How long until the aging timer gets back to the previous value? (300s assuming default)

2nd little question:
Does the topology change aging timer show up in output of "show mac address-table aging-time"? Any command to see if the reducing aging timer is  "in effect" at the moment?

---
Mario

hi,

I am uisng Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 15.2(4)S5, RELEASE SOFTWARE (fc1)

 on GNS3

ip nat stateful is not working as you see here

R1(config)#ip nat ?

  create       Create flow entries

  inside       Inside address translation

  log          NAT Logging

  outside      Outside address translation

  pool         Define pool of addresses

  service      Special translation for application using non-standard port

  translation  NAT translation entry configuration

R1(config)#ip nat

Hi, by chance I've discovered e new type of transceiver SFP called "enterprise class".

Here is the data sheet

 http://www.cisco.com/c/en/us/products/collateral/interfaces-modules/transceiver-modules/datasheet-c78-733585.html

and in the compatibility matrix I see they can adapt just about everywhere.....

http://www.cisco.com/c/en/us/td/docs/interfaces_modules/transceiver_modules/compatibility/matrix/10GE_Tx_Matrix.html

Seemingly the main features, such as distance limitations and temperature range of 10G-SR and 10G-LR, are the same as the ones related to the normal SFP without final "S" in the code

Their price is less than the others, so I wonder what are their limitations and when we cannot utilize them?

thanks anyone will help

Bye

Andrew CCDE#20140048

hi all,

could someone please explain this command for me !?

R6:
interface Serial 0/0/0
 dampening 30 1000 2000 60 restart 2000

this is from lab WB v4 V1

13.52 IP Event Dampening

Hi All,

There is additional loop caused by redistribution.

R3 is doing rip redistribution into OSPF. When all the links are up then all routers see the route toward R9 loopback is originated by R3. Output below

R3#sh ip ro 9.9.9.9

Routing entry for 9.9.9.9/32

  Known via "rip", distance 120, metric 1

  Redistributing via ospf 1, rip

  Advertised by ospf 1 metric-type 1 subnets

  Last update from 156.1.39.9 on GigabitEthernet1.39, 00:00:07 ago

  Routing Descriptor Blocks:

  * 156.1.39.9, from 156.1.39.9, 00:00:07 ago, via GigabitEthernet1.39

      Route metric is 1, traffic share count is 1

R3#

R5#sh ip ro 9.9.9.9

Routing entry for 9.9.9.9/32

  Known via "ospf 1", distance 110, metric 21, type extern 1

  Last update from 156.1.35.3 on GigabitEthernet1.35, 00:04:00 ago

  Routing Descriptor Blocks:

  * 156.1.35.3, from 3.3.3.3, 00:04:00 ago, via GigabitEthernet1.35

      Route metric is 21, traffic share count is 1

R5#

R6#sh ip ro 9.9.9.9

Routing entry for 9.9.9.9/32

  Known via "ospf 1", distance 110, metric 22, type extern 1

  Redistributing via ospf 2, eigrp 5

  Advertised by ospf 2 subnets

                eigrp 5 metric 100000000 10 255 1 1500

  Last update from 156.1.56.5 on GigabitEthernet1.56, 00:03:55 ago

  Routing Descriptor Blocks:

  * 156.1.56.5, from 3.3.3.3, 00:03:55 ago, via GigabitEthernet1.56

      Route metric is 22, traffic share count is 1

R6#

R4#sh ip ro 9.9.9.9

Routing entry for 9.9.9.9/32

  Known via "ospf 1", distance 110, metric 23, type extern 1

  Redistributing via eigrp 5

  Advertised by eigrp 5 metric 1000000 10 255 1 1500

  Last update from 156.1.46.6 on GigabitEthernet1.46, 00:03:45 ago

  Routing Descriptor Blocks:

  * 156.1.46.6, from 3.3.3.3, 00:03:45 ago, via GigabitEthernet1.46

      Route metric is 23, traffic share count is 1

R4#

R10#sh ip ro 9.9.9.9

Routing entry for 9.9.9.9/32

  Known via "ospf 1", distance 110, metric 21, type NSSA extern 1

  Last update from 156.1.103.3 on GigabitEthernet1.103, 00:15:49 ago

  Routing Descriptor Blocks:

  * 156.1.103.3, from 3.3.3.3, 00:15:49 ago, via GigabitEthernet1.103

      Route metric is 21, traffic share count is 1

R10#

When we shut down the link between R3 and R9 then R3 will start learning that route via OSPF and see R4 as originator.

R3#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

R3(config)#int g 1.39

R3(config-subif)#sh

R3(config-subif)#

R3(config-subif)#

R3(config-subif)#do sh ip ro 9.9.9.9

Routing entry for 9.9.9.9/32

  Known via "ospf 1", distance 110, metric 1, type extern 2, forward metric 3

  Redistributing via rip

  Advertised by rip metric 1 match internal external 1 & 2

  Last update from 156.1.35.5 on GigabitEthernet1.35, 00:00:14 ago

  Routing Descriptor Blocks:

  * 156.1.35.5, from 4.4.4.4, 00:00:14 ago, via GigabitEthernet1.35

      Route metric is 1, traffic share count is 1

R3(config-subif)#

R4#sh ip ro 9.9.9.9

Routing entry for 9.9.9.9/32

  Known via "eigrp 5", distance 170, metric 61440, type external

  Redistributing via ospf 1, eigrp 5

  Advertised by ospf 1 metric 1 subnets

  Last update from 156.1.146.6 on GigabitEthernet1.146, 00:01:27 ago

  Routing Descriptor Blocks:

  * 156.1.146.6, from 156.1.146.6, 00:01:27 ago, via GigabitEthernet1.146

      Route metric is 61440, traffic share count is 1

      Total delay is 110 microseconds, minimum bandwidth is 1000000 Kbit

      Reliability 255/255, minimum MTU 1500 bytes

      Loading 1/255, Hops 1

R4#

R6#sh ip ro 9.9.9.9

Routing entry for 9.9.9.9/32

  Known via "ospf 1", distance 110, metric 1, type extern 2, forward metric 1

  Redistributing via ospf 2, eigrp 5

  Advertised by ospf 2 subnets

                eigrp 5 metric 100000000 10 255 1 1500

  Last update from 156.1.46.4 on GigabitEthernet1.46, 00:01:35 ago

  Routing Descriptor Blocks:

  * 156.1.46.4, from 4.4.4.4, 00:01:35 ago, via GigabitEthernet1.46

      Route metric is 1, traffic share count is 1

R6#

That loop will exist even if we enable the link between R3 and R9 as R3 will prefer OSPF route over RIP route.

Hi, 

   If I am trying to configure VSAN load-balancing for an FCOE trunk. Besides, configuring the load-balance method under the VSAN database do I need to also configure the load-balance method globally on the switch for the port-channel load-balancing? 

Thank you 

Hi All, 

I don't know if is experiencing what I am experiencing. Basically on my CSR whenever I configure ospf and try looking up my LSA 2 to see routers attached to my DR, I don't see the  "Routing Bit Set on this LSA in topology Base with MTID 0" on my CSR 1000v but funny enough it shows on my gns3. I really can't say if it's a bug with the version of IOS i am using, that is IOS 15.4(2)

see the screen shots attached.

I do appreciate anybody's input on this. 

I am trying to learn and implement these protocols using GN3.  Everytime I run into issues where things partially work with all configs looking as they should.  Is there something with GNS3 where you would more likely run into these issues?

I am using routers as PC's and switches by disabling routing.  I have a setup below.  I can ping all IP's addresses in subnet 134 from anywhere but PC2.  I cannot ping anything in subnet 22 other than the sub-interfaces from respective routers and ping PC2 from PC2. 

SW1 and SW2 are connectd via a trunk port.  On SW1, ports to PC's are access ports.  On SW2 ports to R1 & R2 are trunk ports.  On R1 and R2 I configured sub-interfaces.

I ran wireshark on link between SW1 & SW2 while running traces/pingd from Routers attemapting to ping PC2.  I can see the broadcast arping for PC2.  When I run capture on link to PC2 while still running pings/traces and dont see the broadcast arp neither do I see it on link to PC1.  I was thinking SW2 is discarding the broadcasts but whe I check all interfaces on SW2 I dont see any discards or drops.  R1 and R2 are configured exactly the same except that the IP's on the sub-interfaces are unique. 

What could be causing my issue - suspecting GNS3 that it doesn't always work -   Please Help!!

Ignore the virtual Ip addresses noted - I could not get as far to configure them coz I am stuck and hard for me to move forward

R1

interface FastEthernet0/0.22
 encapsulation dot1Q 22
 ip address 22.22.22.1 255.255.255.0
!
interface FastEthernet0/0.134
 encapsulation dot1Q 134
 ip address 134.134.134.3 255.255.255.0
!

R2

interface FastEthernet0/0.22
 encapsulation dot1Q 22
 ip address 22.22.22.3 255.255.255.0
!
interface FastEthernet0/0.134
 encapsulation dot1Q 134
 ip address 134.134.134.4 255.255.255.0

PC1

interface FastEthernet1/0
 no switchport
 ip address 134.134.134.1 255.255.255.0
!
ip default-gateway 134.134.134.5
ip forward-protocol nd
!

PC2

interface FastEthernet1/0
 no switchport
 ip address 22.22.22.2 255.255.255.0
!
ip default-gateway 22.22.22.4
ip forward-protocol nd

All ports on swithces are configured as trunks except for ports to PC's

Thanks you in advance.

Hi,

Could you tell me what is wrong with my configuration as I cant get the tunnel up.

R1:

!        
crypto ikev2 proposal TEST_PRO
 encryption aes-cbc-128
 integrity sha256
 group 2 
!        
crypto ikev2 policy TEST
 proposal TEST_PRO
!        
crypto ikev2 keyring KEY
 peer ASA1
  address 10.10.10.10
  pre-shared-key local cisco
  pre-shared-key remote cisco
 !       
!        
!        
crypto ikev2 profile TEST_PROFILE
 match identity remote address 10.10.10.10 255.255.255.255
 identity local address 10.10.10.1
 authentication remote pre-share
 authentication local pre-share
 keyring local KEY
!        
!        
!        
!        
!        
!        
crypto ipsec transform-set TEST_TRANS esp-aes esp-sha-hmac
 mode tunnel
!        
!        
!        
!        
crypto map TEST_MAP 10 ipsec-isakmp
 set peer 10.10.10.10
 set transform-set TEST_TRANS
 set ikev2-profile TEST_PROFILE
 match address TEST_TRAFFIC
!        
!        
!        
!        
!        
interface Loopback0
 ip address 1.1.1.1 255.255.255.0
!        
!        
interface GigabitEthernet0/1
 ip address 10.10.10.1 255.255.255.0
 duplex auto
 speed auto
 crypto map TEST_MAP
!        
!        
ip route 3.3.3.0 255.255.255.0 GigabitEthernet0/1
!        
ip access-list extended TEST_TRAFFIC
 permit ip 1.1.1.0 0.0.0.255 3.3.3.0 0.0.0.255
!        
!        

------------

ASA:

interface Ethernet0/0
 nameif outside
 security-level 0
 ip address 10.10.10.10 255.255.255.0
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 123.123.123.10 255.255.255.0
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet0/3
 shutdown    
 no nameif   
 no security-level
 no ip address
!            
interface Management0/0
 shutdown    
 no nameif   
 no security-level
 no ip address

!  
access-list TRAFFIC extended permit ip 3.3.3.0 255.255.255.0 1.1.1.0 255.255.255.0

 crypto ipsec ikev2 ipsec-proposal TRANS
 protocol esp encryption aes
 protocol esp integrity sha-1
crypto map MAP 10 match address TRAFFIC
crypto map MAP 10 set peer 10.10.10.1
crypto map MAP interface outside
crypto map MAO 10 set ikev2 ipsec-proposal TRANS
crypto isakmp identity address
crypto ikev2 policy 10
 encryption aes
 integrity sha256
 group 2     
 prf sha256  
 lifetime seconds 86400
crypto ikev2 enable outside
tunnel-group 10.10.10.1 type ipsec-l2l
tunnel-group 10.10.10.1 ipsec-attributes
 ikev2 remote-authentication pre-shared-key cisco
 ikev2 local-authentication pre-shared-key cisco

ASA debug:

ASA(config)# debug crypto ikev2 protocol 100
ASA(config)# %ASA-5-111008: User 'enable_15' executed the 'debug crypto ikev2 protocol 100' command.
%ASA-5-111010: User 'enable_15', running 'CLI' from IP 0.0.0.0, executed 'debug crypto ikev2 protocol 100'

ASA(config)#
ASA(config)#
ASA(config)#
ASA(config)#
ASA(config)#
ASA(config)# %ASA-5-750002: Local:10.10.10.10:500 Remote:10.10.10.1:500 Username:Unknown Received a IKE_INIT_SA request
IKEv2-PROTO-3: Rx [L 10.10.10.10:500/R 10.10.10.1:500/VRF i0:f0] m_id: 0x0
IKEv2-PROTO-3: HDR[i:EE42D28DEF00CFC0 - r: 0000000000000000]
IKEv2-PROTO-4: IKEV2 HDR ispi: EE42D28DEF00CFC0 - rspi: 0000000000000000
IKEv2-PROTO-4: Next payload: SA, version: 2.0
IKEv2-PROTO-4: Exchange type: IKE_SA_INIT, flags: INITIATOR
IKEv2-PROTO-4: Message id: 0x0, length: 336

 SA  Next payload: KE, reserved: 0x0, length: 48
IKEv2-PROTO-4:   last proposal: 0x0, reserved: 0x0, length: 44
  Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4
IKEv2-PROTO-4:     last transform: 0x3, reserved: 0x0: length: 12
    type: 1, reserved: 0x0, id: AES-CBC
IKEv2-PROTO-4:     last transform: 0x3, reserved: 0x0: length: 8
    type: 2, reserved: 0x0, id: SHA256
IKEv2-PROTO-4:     last transform: 0x3, reserved: 0x0: length: 8
    type: 3, reserved: 0x0, id: SHA256
IKEv2-PROTO-4:     last transform: 0x0, reserved: 0x0: length: 8
    type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2

 KE  Next payload: N, reserved: 0x0, length: 136
    DH group: 2, Reserved: 0x0

     17 f3 ab d5 b8 5b 87 35 b2 02 d2 1d f7 a8 9c f1
     61 97 f6 7b 78 e6 7f 48 f9 26 84 85 27 f9 ac 82
     50 95 a6 74 b8 60 a5 f3 1e ec 97 18 ad 4c 07 6c
     a8 97 b1 e2 da 3d 25 16 02 11 96 ff e2 f2 3e df
     cc 8b 0e 69 3b 8d 71 1a de 33 73 d6 88 8e 63 22
     fc 15 47 06 ea 5d 67 59 53 92 58 53 f1 a0 20 ff
     31 28 e1 db f5 c6 99 85 70 3c b1 d7 57 f5 65 00
     44 ea 93 81 df a4 7e 91 9b 01 79 22 89 eb 4d 43
 N  Next payload: VID, reserved: 0x0, length: 24

     86 62 4c 38 68 44 8a cc 2e 7b 73 97 82 e4 9a 76
     59 f0 b5 ef
IKEv2-PROTO-5: Parse Vendor Specific Payload: CISCO-DELETE-REASON VID  Next payload: VID, reserved: 0x0, length: 23

     43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
     53 4f 4e
IKEv2-PROTO-5: Parse Vendor Specific Payload: (CUSTOM) VID  Next payload: NOTIFY, reserved: 0x0, length: 21

     46 4c 45 58 56 50 4e 2d 53 55 50 50 4f 52 54 45
     44
IKEv2-PROTO-5: Parse Notify Payload: NAT_DETECTION_SOURCE_IP NOTIFY(NAT_DETECTION_SOURCE_IP)  Next payload: NOTIFY, reserved: 0x0, length: 28
    Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP

     1e 8b ce a6 60 68 89 c9 95 56 50 20 96 92 cd 15
     02 3b 74 73
IKEv2-PROTO-5: Parse Notify Payload: NAT_DETECTION_DESTINATION_IP NOTIFY(NAT_DETECTION_DESTINATION_IP)  Next payload: NONE, reserved: 0x0, length: 28
    Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP

     f6 5c b2 2e 5a aa 31 23 38 31 9e 8f f0 1d fe 46
     95 05 24 6f

Decrypted packet:Data: 336 bytes
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000000 CurState: IDLE Event: EV_RECV_INIT
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000000 CurState: R_INIT Event: EV_VERIFY_MSG
IKEv2-PROTO-3: (9): Verify SA init message
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000000 CurState: R_INIT Event: EV_INSERT_SA
IKEv2-PROTO-3: (9): Insert SA
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000000 CurState: R_INIT Event: EV_GET_IKE_POLICY
IKEv2-PROTO-3: (9): Getting configured policies
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000000 CurState: R_INIT Event: EV_PROC_MSG
IKEv2-PROTO-2: (9): Processing initial message
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000000 CurState: R_INIT Event: EV_DETECT_NAT
IKEv2-PROTO-3: (9): Process NAT discovery notify
IKEv2-PROTO-5: (9): Processing nat detect src notify
IKEv2-PROTO-5: (9): Remote address matched
IKEv2-PROTO-5: (9): Processing nat detect dst notify
IKEv2-PROTO-5: (9): Local address matched
IKEv2-PROTO-5: (9): No NAT found
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000000 CurState: R_INIT Event: EV_CHK_CONFIG_MODE
%ASA-5-750006: Local:10.10.10.10:500 Remote:10.10.10.1:500 Username:10.10.10.1 SA UP. Reason: New Connection Established
%ASA-6-113009: AAA retrieved default group policy (DfltGrpPolicy) for user = 10.10.10.1
%ASA-5-750007: Local:10.10.10.10:500 Remote:10.10.10.1:500 Username:10.10.10.1 SA DOWN. Reason: peer request
%ASA-4-113019: Group = 10.10.10.1, Username = 10.10.10.1, IP = 10.10.10.1, Session disconnected. Session Type: LAN-to-LAN, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: User Requested
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_SET_POLICY
IKEv2-PROTO-3: (9): Setting configured policies
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_CHK_AUTH4PKI
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_PKI_SESH_OPEN
IKEv2-PROTO-3: (9): Opening a PKI session
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_KEY
IKEv2-PROTO-3: (9): Computing DH public key
IKEv2-PROTO-3: (9):
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP
IKEv2-PROTO-5: (9): Action: Action_Null
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_SECRET
IKEv2-PROTO-3: (9): Computing DH secret key
IKEv2-PROTO-3: (9):
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_SECRET_RESP
IKEv2-PROTO-5: (9): Action: Action_Null
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_SKEYID
IKEv2-PROTO-3: (9): Generate skeyid
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GET_CONFIG_MODE
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_BLD_MSG
IKEv2-PROTO-2: (9): Sending initial message
IKEv2-PROTO-3:   IKE Proposal: 1, SPI size: 0 (initial negotiation),
Num. transforms: 4
   AES-CBC   SHA256   SHA256   DH_GROUP_1024_MODP/Group 2
IKEv2-PROTO-5: Construct Vendor Specific Payload: DELETE-REASONIKEv2-PROTO-5: Construct Vendor Specific Payload: (CUSTOM)IKEv2-PROTO-5: Construct Notify Payload: NAT_DETECTION_SOURCE_IPIKEv2-PROTO-5: Construct Notify Payload: NAT_DETECTION_DESTINATION_IPIKEv2-PROTO-5: Construct Vendor Specific Payload: FRAGMENTATIONIKEv2-PROTO-3: Tx [L 10.10.10.10:500/R 10.10.10.1:500/VRF i0:f0] m_id: 0x0
IKEv2-PROTO-3: HDR[i:EE42D28DEF00CFC0 - r: 1412898590F6BFA7]
IKEv2-PROTO-4: IKEV2 HDR ispi: EE42D28DEF00CFC0 - rspi: 1412898590F6BFA7
IKEv2-PROTO-4: Next payload: SA, version: 2.0
IKEv2-PROTO-4: Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE
IKEv2-PROTO-4: Message id: 0x0, length: 394
 SA  Next payload: KE, reserved: 0x0, length: 48
IKEv2-PROTO-4:   last proposal: 0x0, reserved: 0x0, length: 44
  Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4
IKEv2-PROTO-4:     last transform: 0x3, reserved: 0x0: length: 12
    type: 1, reserved: 0x0, id: AES-CBC
IKEv2-PROTO-4:     last transform: 0x3, reserved: 0x0: length: 8
    type: 2, reserved: 0x0, id: SHA256
IKEv2-PROTO-4:     last transform: 0x3, reserved: 0x0: length: 8
    type: 3, reserved: 0x0, id: SHA256
IKEv2-PROTO-4:     last transform: 0x0, reserved: 0x0: length: 8
    type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2

 KE  Next payload: N, reserved: 0x0, length: 136
    DH group: 2, Reserved: 0x0

     6b 1d 73 7e e8 b4 fa a6 1e cc f1 6c 4b 64 1b cd
     5d 70 8f ca 96 20 38 13 75 c5 2f 8d 21 44 39 46
     6f 94 65 be 47 4a 48 0a 3e b7 98 ed 7d dd ac 08
     d6 c7 9e dd 7f 85 da 92 ed 67 7a cc 12 26 04 bb
     8b 7b 3d a2 42 9a af af 64 4e 84 19 a2 4c cd d5
     cb de 18 fc d7 1f e7 df 88 fe 9d 51 01 ad e1 08
     28 f8 a2 7f f3 ab 6a b1 9a 44 2b c7 c1 5a 65 89
     e1 d0 85 e2 cd 02 40 11 fe 97 70 52 60 be b7 80
 N  Next payload: VID, reserved: 0x0, length: 24

     9e 31 59 1e 3e 09 6b a0 16 ad ac 83 b0 d9 02 55
     8d cf 7d 91
 VID  Next payload: VID, reserved: 0x0, length: 23

     43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
     53 4f 4e
 VID  Next payload: NOTIFY, reserved: 0x0, length: 59

     43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
     26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
     30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
     73 2c 20 49 6e 63 2e
 NOTIFY(NAT_DETECTION_SOURCE_IP)  Next payload: NOTIFY, reserved: 0x0, length: 28
    Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP

     47 3c 47 58 bd 9a ec 0b 8d a2 c3 bc b5 f8 fe f0
     d6 74 49 6d
 NOTIFY(NAT_DETECTION_DESTINATION_IP)  Next payload: VID, reserved: 0x0, length: 28
    Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP

     a3 f8 85 c0 a1 ab 61 6a 0d 46 1f 29 e7 be c7 fa
     ff e0 42 44
 VID  Next payload: NONE, reserved: 0x0, length: 20

     40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3

IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_DONE
IKEv2-PROTO-3: (9): Cisco DeleteReason Notify is enabled
IKEv2-PROTO-3: (9): Complete SA init exchange
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_CHK4_ROLE
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_START_TMR
IKEv2-PROTO-3: (9): Starting timer to wait for auth message (30 sec)
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000000 CurState: R_WAIT_AUTH Event: EV_NO_EVENT
IKEv2-PROTO-3: Rx [L 10.10.10.10:500/R 10.10.10.1:500/VRF i0:f0] m_id: 0x1
IKEv2-PROTO-3: HDR[i:EE42D28DEF00CFC0 - r: 1412898590F6BFA7]
IKEv2-PROTO-4: IKEV2 HDR ispi: EE42D28DEF00CFC0 - rspi: 1412898590F6BFA7
IKEv2-PROTO-4: Next payload: ENCR, version: 2.0
IKEv2-PROTO-4: Exchange type: IKE_AUTH, flags: INITIATOR
IKEv2-PROTO-4: Message id: 0x1, length: 304
IKEv2-PROTO-5: (9): Request has mess_id 1; expected 1 through 1


REAL Decrypted packet:Data: 232 bytes
IKEv2-PROTO-5: Parse Vendor Specific Payload: (CUSTOM) VID  Next payload: IDi, reserved: 0x0, length: 20

     ef 42 d3 8d fc 37 3c 87 57 39 80 0d f0 3d 05 ba
 IDi  Next payload: AUTH, reserved: 0x0, length: 12
    Id type: IPv4 address, Reserved: 0x0 0x0

     0a 0a 0a 01
 AUTH  Next payload: SA, reserved: 0x0, length: 40
    Auth method PSK, reserved: 0x0, reserved 0x0
Auth data: 32 bytes
 SA  Next payload: TSi, reserved: 0x0, length: 44
IKEv2-PROTO-4:   last proposal: 0x0, reserved: 0x0, length: 40
  Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 3
IKEv2-PROTO-4:     last transform: 0x3, reserved: 0x0: length: 12
    type: 1, reserved: 0x0, id: AES-CBC
IKEv2-PROTO-4:     last transform: 0x3, reserved: 0x0: length: 8
    type: 3, reserved: 0x0, id: SHA96
IKEv2-PROTO-4:     last transform: 0x0, reserved: 0x0: length: 8
    type: 5, reserved: 0x0, id:

 TSi  Next payload: TSr, reserved: 0x0, length: 40
    Num of TSs: 2, reserved 0x0, reserved 0x0
    TS type: TS_IPV4_ADDR_RANGE, proto id: 1, length: 16
    start port: 0, end port: 65535
    start addr: 1.1.1.1, end addr: 1.1.1.1
    TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
    start port: 0, end port: 65535
    start addr: 1.1.1.0, end addr: 1.1.1.255
 TSr  Next payload: NOTIFY, reserved: 0x0, length: 40
    Num of TSs: 2, reserved 0x0, reserved 0x0
    TS type: TS_IPV4_ADDR_RANGE, proto id: 1, length: 16
    start port: 0, end port: 65535
    start addr: 3.3.3.3, end addr: 3.3.3.3
    TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
    start port: 0, end port: 65535
    start addr: 3.3.3.0, end addr: 3.3.3.255
IKEv2-PROTO-5: Parse Notify Payload: INITIAL_CONTACT NOTIFY(INITIAL_CONTACT)  Next payload: NOTIFY, reserved: 0x0, length: 8
    Security protocol id: IKE, spi size: 0, type: INITIAL_CONTACT
IKEv2-PROTO-5: Parse Notify Payload: SET_WINDOW_SIZE NOTIFY(SET_WINDOW_SIZE)  Next payload: NOTIFY, reserved: 0x0, length: 12
    Security protocol id: IKE, spi size: 0, type: SET_WINDOW_SIZE

     00 00 00 05
IKEv2-PROTO-5: Parse Notify Payload: ESP_TFC_NO_SUPPORT NOTIFY(ESP_TFC_NO_SUPPORT)  Next payload: NOTIFY, reserved: 0x0, length: 8
    Security protocol id: IKE, spi size: 0, type: ESP_TFC_NO_SUPPORT
IKEv2-PROTO-5: Parse Notify Payload: NON_FIRST_FRAGS NOTIFY(NON_FIRST_FRAGS)  Next payload: NONE, reserved: 0x0, length: 8
    Security protocol id: IKE, spi size: 0, type: NON_FIRST_FRAGS

Decrypted packet:Data: 304 bytes
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_RECV_AUTH
IKEv2-PROTO-3: (9): Stopping timer to wait for auth message
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_NAT_T
IKEv2-PROTO-3: (9): Check NAT discovery
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_PROC_ID
IKEv2-PROTO-2: (9): Recieved valid parameteres in process id
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_IF_PEER_CERT_NEEDS_TO_BE_FETCHED_FOR_PROF_SEL
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_GET_POLICY_BY_PEERID
IKEv2-PROTO-3: (9): Getting configured policies
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_SET_POLICY
IKEv2-PROTO-3: (9): Setting configured policies
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_VERIFY_POLICY_BY_PEERID
IKEv2-PROTO-3: (9): Verify peer's policy
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_CONFIG_MODE
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_AUTH4EAP
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_POLREQEAP
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_CHK_AUTH_TYPE
IKEv2-PROTO-3: (9): Get peer authentication method
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_GET_PRESHR_KEY
IKEv2-PROTO-3: (9): Get peer's preshared key for 10.10.10.1
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_VERIFY_AUTH
IKEv2-PROTO-3: (9): Verify authentication data
IKEv2-PROTO-3: (9): Use preshared key for id 10.10.10.1, key len 5
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_GET_CONFIG_MODE
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_CHK4_IC
IKEv2-PROTO-3: (9): Processing initial contact
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_CHK_REDIRECT
IKEv2-PROTO-5: (9): Redirect check is not needed, skipping it
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_PROC_SA_TS
IKEv2-PROTO-2: (9): Processing auth message
IKEv2-PROTO-1: (9): Failed to find a matching policy
IKEv2-PROTO-1: (9): Received Policies:
ESP: Proposal 1:  AES-CBC-128 SHA96

IKEv2-PROTO-1: (9): Failed to find a matching policy
IKEv2-PROTO-1: (9): Expected Policies:
IKEv2-PROTO-5: (9): Failed to verify the proposed policies
IKEv2-PROTO-1: (9): Failed to find a matching policy
IKEv2-PROTO-1: (9):
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_NO_PROP_CHOSEN
IKEv2-PROTO-2: (9): Sending no proposal chosen notify
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_MY_AUTH_METHOD
IKEv2-PROTO-3: (9): Get my authentication method
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_GET_PRESHR_KEY
IKEv2-PROTO-3: (9): Get peer's preshared key for 10.10.10.1
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_GEN_AUTH
IKEv2-PROTO-3: (9): Generate my authentication data
IKEv2-PROTO-3: (9): Use preshared key for id 10.10.10.10, key len 5
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_CHK4_SIGN
IKEv2-PROTO-3: (9): Get my authentication method
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_OK_AUTH_GEN
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_SEND_AUTH
IKEv2-PROTO-2: (9): Sending auth message
IKEv2-PROTO-5: Construct Vendor Specific Payload: CISCO-GRANITEIKEv2-PROTO-5: Construct Notify Payload: NO_PROPOSAL_CHOSENIKEv2-PROTO-3: (9): Building packet for encryption; contents are:
 VID  Next payload: IDr, reserved: 0x0, length: 20

     16 12 88 85 83 c1 4c e0 57 39 80 0d f0 3d 05 ba
 IDr  Next payload: AUTH, reserved: 0x0, length: 12
    Id type: IPv4 address, Reserved: 0x0 0x0

     0a 0a 0a 0a
 AUTH  Next payload: NOTIFY, reserved: 0x0, length: 40
    Auth method PSK, reserved: 0x0, reserved 0x0
Auth data: 32 bytes
 NOTIFY(NO_PROPOSAL_CHOSEN)  Next payload: NONE, reserved: 0x0, length: 8
    Security protocol id: IKE, spi size: 0, type: NO_PROPOSAL_CHOSEN

IKEv2-PROTO-3: Tx [L 10.10.10.10:500/R 10.10.10.1:500/VRF i0:f0] m_id: 0x1
IKEv2-PROTO-3: HDR[i:EE42D28DEF00CFC0 - r: 1412898590F6BFA7]
IKEv2-PROTO-4: IKEV2 HDR ispi: EE42D28DEF00CFC0 - rspi: 1412898590F6BFA7
IKEv2-PROTO-4: Next payload: ENCR, version: 2.0
IKEv2-PROTO-4: Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE
IKEv2-PROTO-4: Message id: 0x1, length: 160
 ENCR  Next payload: VID, reserved: 0x0, length: 132
Encrypted data: 128 bytes

IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_OK
IKEv2-PROTO-5: (9): Action: Action_Null
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_PKI_SESH_CLOSE
IKEv2-PROTO-3: (9): Closing the PKI session
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_INSERT_IKE
IKEv2-PROTO-2: (9): SA created; inserting SA into database
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_REGISTER_SESSION
IKEv2-PROTO-3: (9):
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_NO_EVENT
IKEv2-PROTO-3: (9): Initializing DPD, configured for 10 seconds
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_RECD_REGISTER_SESSION_RESP
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_CHECK_DUPE
IKEv2-PROTO-3: (9): Checking for duplicate SA
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_CHK4_ROLE
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: READY Event: EV_R_UPDATE_CAC_STATS
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: READY Event: EV_R_OK
IKEv2-PROTO-3: (9): Starting timer to delete negotiation context
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000001 CurState: READY Event: EV_NO_EVENT
IKEv2-PROTO-3: Rx [L 10.10.10.10:500/R 10.10.10.1:500/VRF i0:f0] m_id: 0x2
IKEv2-PROTO-3: HDR[i:EE42D28DEF00CFC0 - r: 1412898590F6BFA7]
IKEv2-PROTO-4: IKEV2 HDR ispi: EE42D28DEF00CFC0 - rspi: 1412898590F6BFA7
IKEv2-PROTO-4: Next payload: ENCR, version: 2.0
IKEv2-PROTO-4: Exchange type: INFORMATIONAL, flags: INITIATOR
IKEv2-PROTO-4: Message id: 0x2, length: 80
IKEv2-PROTO-5: (9): Request has mess_id 2; expected 2 through 2


REAL Decrypted packet:Data: 12 bytes
 DELETE  Next payload: NONE, reserved: 0x0, length: 12
    Security protocol id: ESP, spi size: 4, num of spi: 1

     c1 23 f5 28

Decrypted packet:Data: 80 bytes
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000002 CurState: READY Event: EV_RECV_INFO_REQ
IKEv2-PROTO-5: (9): Action: Action_Null
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000002 CurState: INFO_R Event: EV_RECV_INFO_REQ
IKEv2-PROTO-3: (9): Building packet for encryption; contents are:
IKEv2-PROTO-3: Tx [L 10.10.10.10:500/R 10.10.10.1:500/VRF i0:f0] m_id: 0x2
IKEv2-PROTO-3: HDR[i:EE42D28DEF00CFC0 - r: 1412898590F6BFA7]
IKEv2-PROTO-4: IKEV2 HDR ispi: EE42D28DEF00CFC0 - rspi: 1412898590F6BFA7
IKEv2-PROTO-4: Next payload: ENCR, version: 2.0
IKEv2-PROTO-4: Exchange type: INFORMATIONAL, flags: RESPONDER MSG-RESPONSE
IKEv2-PROTO-4: Message id: 0x2, length: 80
 ENCR  Next payload: NONE, reserved: 0x0, length: 52
Encrypted data: 48 bytes

IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000002 CurState: INFO_R Event: EV_CHK_INFO_TYPE
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000002 CurState: INFO_R Event: EV_RECV_DEL
IKEv2-PROTO-2: (9): Process delete request from peer
IKEv2-PROTO-5: Trying to remove child SA with spi 28F523C1
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000002 CurState: INFO_R Event: EV_CHK4_ACTIVE_SA
IKEv2-PROTO-3: (9): Check for existing active SA
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000002 CurState: INFO_R Event: EV_START_DEL_NEG_TMR
IKEv2-PROTO-5: (9): Action: Action_Null
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000002 CurState: EXIT Event: EV_CHK_PENDING
IKEv2-PROTO-5: (9): Sent response with message id 2, Requests can be accepted from range 3 to 3
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000002 CurState: EXIT Event: EV_NO_EVENT
IKEv2-PROTO-3: Rx [L 10.10.10.10:500/R 10.10.10.1:500/VRF i0:f0] m_id: 0x3
IKEv2-PROTO-3: HDR[i:EE42D28DEF00CFC0 - r: 1412898590F6BFA7]
IKEv2-PROTO-4: IKEV2 HDR ispi: EE42D28DEF00CFC0 - rspi: 1412898590F6BFA7
IKEv2-PROTO-4: Next payload: ENCR, version: 2.0
IKEv2-PROTO-4: Exchange type: INFORMATIONAL, flags: INITIATOR
IKEv2-PROTO-4: Message id: 0x3, length: 80
IKEv2-PROTO-5: (9): Request has mess_id 3; expected 3 through 3


REAL Decrypted packet:Data: 8 bytes
 DELETE  Next payload: NONE, reserved: 0x0, length: 8
    Security protocol id: IKE, spi size: 0, num of spi: 0

Decrypted packet:Data: 80 bytes
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000003 CurState: READY Event: EV_RECV_INFO_REQ
IKEv2-PROTO-5: (9): Action: Action_Null
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000003 CurState: INFO_R Event: EV_RECV_INFO_REQ
IKEv2-PROTO-3: (9): Building packet for encryption; contents are:
 DELETE  Next payload: NONE, reserved: 0x0, length: 8
    Security protocol id: IKE, spi size: 0, num of spi: 0

IKEv2-PROTO-3: Tx [L 10.10.10.10:500/R 10.10.10.1:500/VRF i0:f0] m_id: 0x3
IKEv2-PROTO-3: HDR[i:EE42D28DEF00CFC0 - r: 1412898590F6BFA7]
IKEv2-PROTO-4: IKEV2 HDR ispi: EE42D28DEF00CFC0 - rspi: 1412898590F6BFA7
IKEv2-PROTO-4: Next payload: ENCR, version: 2.0
IKEv2-PROTO-4: Exchange type: INFORMATIONAL, flags: RESPONDER MSG-RESPONSE
IKEv2-PROTO-4: Message id: 0x3, length: 80
 ENCR  Next payload: DELETE, reserved: 0x0, length: 52
Encrypted data: 48 bytes

IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000003 CurState: INFO_R Event: EV_CHK_INFO_TYPE
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000003 CurState: INFO_R Event: EV_RECV_DEL
IKEv2-PROTO-2: (9): Process delete request from peer
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000003 CurState: INFO_R Event: EV_CHK4_ACTIVE_SA
IKEv2-PROTO-3: (9): Check for existing active SA
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000003 CurState: INFO_R Event: EV_STOP_ACCT
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000003 CurState: INFO_R Event: EV_TERM_CONN
IKEv2-PROTO-3: (9): Delete all IKE SAs
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000003 CurState: INFO_R Event: EV_START_DEL_NEG_TMR
IKEv2-PROTO-5: (9): Action: Action_Null
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000003 CurState: EXIT Event: EV_CHK_PENDING
IKEv2-PROTO-5: (9): Sent response with message id 3, Requests can be accepted from range 4 to 4
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000003 CurState: EXIT Event: EV_NO_EVENT
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (R) MsgID = 00000002 CurState: EXIT Event: EV_FREE_NEG
IKEv2-PROTO-5: (9): Deleting negotiation context for peer message ID: 0x2
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (I) MsgID = 00000001 CurState: READY Event: EV_RECV_DEL
IKEv2-PROTO-5: (9): Action: Action_Null
IKEv2-PROTO-5: (9): SM Trace-> SA: I_SPI=EE42D28DEF00CFC0 R_SPI=1412898590F6BFA7 (I) MsgID = 00000001 CurState: DELETE Event: EV_FREE_SA
IKEv2-PROTO-3: (9): Deleting SA
%ASA-5-750002: Local:10.10.10.10:500 Remote:10.10.10.1:500 Username:Unknown Received a IKE_INIT_SA request
IKEv2-PROTO-3: Rx [L 10.10.10.10:500/R 10.10.10.1:500/VRF i0:f0] m_id: 0x0
IKEv2-PROTO-3: HDR[i:95110AEB2DB55B1E - r: 0000000000000000]
IKEv2-PROTO-4: IKEV2 HDR ispi: 95110AEB2DB55B1E - rspi: 0000000000000000
IKEv2-PROTO-4: Next payload: SA, version: 2.0
IKEv2-PROTO-4: Exchange type: IKE_SA_INIT, flags: INITIATOR
IKEv2-PROTO-4: Message id: 0x0, length: 336

 SA  Next payload: KE, reserved: 0x0, length: 48
IKEv2-PROTO-4:   last proposal: 0x0, reserved: 0x0, length: 44
  Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4
IKEv2-PROTO-4:     last transform: 0x3, reserved: 0x0: length: 12
    type: 1, reserved: 0x0, id: AES-CBC
IKEv2-PROTO-4:     last transform: 0x3, reserved: 0x0: length: 8
    type: 2, reserved: 0x0, id: SHA256
IKEv2-PROTO-4:     last transform: 0x3, reserved: 0x0: length: 8
    type: 3, reserved: 0x0, id: SHA256
IKEv2-PROTO-4:     last transform: 0x0, reserved: 0x0: length: 8
    type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2

 KE  Next payload: N, reserved: 0x0, length: 136
    DH group: 2, Reserved: 0x0

     17 f3 ab d5 b8 5b 87 35 b2 02 d2 1d f7 a8 9c f1
     61 97 f6 7b 78 e6 7f 48 f9 26 84 85 27 f9 ac 82
     50 95 a6 74 b8 60 a5 f3 1e ec 97 18 ad 4c 07 6c
     a8 97 b1 e2 da 3d 25 16 02 11 96 ff e2 f2 3e df
     cc 8b 0e 69 3b 8d 71 1a de 33 73 d6 88 8e 63 22
     fc 15 47 06 ea 5d 67 59 53 92 58 53 f1 a0 20 ff
     31 28 e1 db f5 c6 99 85 70 3c b1 d7 57 f5 65 00
     44 ea 93 81 df a4 7e 91 9b 01 79 22 89 eb 4d 43
 N  Next payload: VID, reserved: 0x0, length: 24

     60 70 b2 13 c1 16 7f 27 fa 35 eb 74 13 3b 72 16
     15 02 c5 49
IKEv2-PROTO-5: Parse Vendor Specific Payload: CISCO-DELETE-REASON VID  Next payload: VID, reserved: 0x0, length: 23

     43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
     53 4f 4e
IKEv2-PROTO-5: Parse Vendor Specific Payload: (CUSTOM) VID  Next payload: NOTIFY, reserved: 0x0, length: 21

     46 4c 45 58 56 50 4e 2d 53 55 50 50 4f 52 54 45
     44
IKEv2-PROTO-5: Parse Notify Payload: NAT_DETECTION_SOURCE_IP NOTIFY(NAT_DETECTION_SOURCE_IP)  Next payload: NOTIFY, reserved: 0x0, length: 28
    Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP

     e0 e8 8b ad e2 e1 71 8c e9 ea e7 92 47 31 ab be
     92 bf d6 42
IKEv2-PROTO-5: Parse Notify Payload: NAT_DETECTION_DESTINATION_IP NOTIFY(NAT_DETECTION_DESTINATION_IP)  Next payload: NONE, reserved: 0x0, length: 28
    Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP

     79 e6 74 1b c6 e5 1d 2c e0 dc e8 59 b1 c1 7e 11
     eb 1d 40 64

Decrypted packet:Data: 336 bytes
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000000 CurState: IDLE Event: EV_RECV_INIT
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000000 CurState: R_INIT Event: EV_VERIFY_MSG
IKEv2-PROTO-3: (10): Verify SA init message
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000000 CurState: R_INIT Event: EV_INSERT_SA
IKEv2-PROTO-3: (10): Insert SA
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000000 CurState: R_INIT Event: EV_GET_IKE_POLICY
IKEv2-PROTO-3: (10): Getting configured policies
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000000 CurState: R_INIT Event: EV_PROC_MSG
IKEv2-PROTO-2: (10): Processing initial message
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000000 CurState: R_INIT Event: EV_DETECT_NAT
IKEv2-PROTO-3: (10): Process NAT discovery notify
IKEv2-PROTO-5: (10): Processing nat detect src notify
IKEv2-PROTO-5: (10): Remote address matched
IKEv2-PROTO-5: (10): Processing nat detect dst notify
IKEv2-PROTO-5: (10): Local address matched
IKEv2-PROTO-5: (10): No NAT found
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000000 CurState: R_INIT Event: EV_CHK_CONFIG_MODE
%ASA-5-750006: Local:10.10.10.10:500 Remote:10.10.10.1:500 Username:10.10.10.1 SA UP. Reason: New Connection Established
%ASA-6-113009: AAA retrieved default group policy (DfltGrpPolicy) for user = 10.10.10.1
%ASA-5-750007: Local:10.10.10.10:500 Remote:10.10.10.1:500 Username:10.10.10.1 SA DOWN. Reason: peer request
%ASA-4-113019: Group = 10.10.10.1, Username = 10.10.10.1, IP = 10.10.10.1, Session disconnected. Session Type: LAN-to-LAN, Duration: 0h:00m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: User Requested
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_SET_POLICY
IKEv2-PROTO-3: (10): Setting configured policies
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_CHK_AUTH4PKI
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_PKI_SESH_OPEN
IKEv2-PROTO-3: (10): Opening a PKI session
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_KEY
IKEv2-PROTO-3: (10): Computing DH public key
IKEv2-PROTO-3: (10):
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP
IKEv2-PROTO-5: (10): Action: Action_Null
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_SECRET
IKEv2-PROTO-3: (10): Computing DH secret key
IKEv2-PROTO-3: (10):
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_SECRET_RESP
IKEv2-PROTO-5: (10): Action: Action_Null
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_SKEYID
IKEv2-PROTO-3: (10): Generate skeyid
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GET_CONFIG_MODE
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_BLD_MSG
IKEv2-PROTO-2: (10): Sending initial message
IKEv2-PROTO-3:   IKE Proposal: 1, SPI size: 0 (initial negotiation),
Num. transforms: 4
   AES-CBC   SHA256   SHA256   DH_GROUP_1024_MODP/Group 2
IKEv2-PROTO-5: Construct Vendor Specific Payload: DELETE-REASONIKEv2-PROTO-5: Construct Vendor Specific Payload: (CUSTOM)IKEv2-PROTO-5: Construct Notify Payload: NAT_DETECTION_SOURCE_IPIKEv2-PROTO-5: Construct Notify Payload: NAT_DETECTION_DESTINATION_IPIKEv2-PROTO-5: Construct Vendor Specific Payload: FRAGMENTATIONIKEv2-PROTO-3: Tx [L 10.10.10.10:500/R 10.10.10.1:500/VRF i0:f0] m_id: 0x0
IKEv2-PROTO-3: HDR[i:95110AEB2DB55B1E - r: 781732A709335C26]
IKEv2-PROTO-4: IKEV2 HDR ispi: 95110AEB2DB55B1E - rspi: 781732A709335C26
IKEv2-PROTO-4: Next payload: SA, version: 2.0
IKEv2-PROTO-4: Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE
IKEv2-PROTO-4: Message id: 0x0, length: 394
 SA  Next payload: KE, reserved: 0x0, length: 48
IKEv2-PROTO-4:   last proposal: 0x0, reserved: 0x0, length: 44
  Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4
IKEv2-PROTO-4:     last transform: 0x3, reserved: 0x0: length: 12
    type: 1, reserved: 0x0, id: AES-CBC
IKEv2-PROTO-4:     last transform: 0x3, reserved: 0x0: length: 8
    type: 2, reserved: 0x0, id: SHA256
IKEv2-PROTO-4:     last transform: 0x3, reserved: 0x0: length: 8
    type: 3, reserved: 0x0, id: SHA256
IKEv2-PROTO-4:     last transform: 0x0, reserved: 0x0: length: 8
    type: 4, reserved: 0x0, id: DH_GROUP_1024_MODP/Group 2

 KE  Next payload: N, reserved: 0x0, length: 136
    DH group: 2, Reserved: 0x0

     d3 77 61 4d e1 17 ff 6c 35 81 70 e4 0c f9 c5 53
     ac 4e 17 98 17 1e b7 bc 5c d9 d3 53 fc 63 7a 00
     96 86 ba 04 1f 2a 6c 8d d6 cb e6 f8 6a 38 af d6
     00 cb cb 32 d6 62 57 de 55 95 5d 0f b0 33 a4 26
     08 45 de c7 6c 67 09 2d 60 93 ae 00 90 54 14 0e
     cf 26 f1 57 1b 71 f4 32 0e f5 9f 01 6e db ab bd
     f1 61 61 2f 16 96 6e c9 4f da eb 3b c9 59 73 9b
     38 98 21 31 8b 92 26 ff 25 03 b9 17 f5 a1 45 c3
 N  Next payload: VID, reserved: 0x0, length: 24

     5e 34 eb f3 b6 7b b5 43 d2 d3 46 fa 3c 02 b4 02
     98 03 24 e5
 VID  Next payload: VID, reserved: 0x0, length: 23

     43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
     53 4f 4e
 VID  Next payload: NOTIFY, reserved: 0x0, length: 59

     43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
     26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
     30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
     73 2c 20 49 6e 63 2e
 NOTIFY(NAT_DETECTION_SOURCE_IP)  Next payload: NOTIFY, reserved: 0x0, length: 28
    Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP

     a5 dc a2 2f 94 5a ef eb fe 63 ad 0e 1c ea 54 2d
     36 da 1f 31
 NOTIFY(NAT_DETECTION_DESTINATION_IP)  Next payload: VID, reserved: 0x0, length: 28
    Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP

     47 74 ce 05 74 24 a0 4e 86 3b 2c d7 26 fb 80 5a
     fb f5 c0 13
 VID  Next payload: NONE, reserved: 0x0, length: 20

     40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3

IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_DONE
IKEv2-PROTO-3: (10): Cisco DeleteReason Notify is enabled
IKEv2-PROTO-3: (10): Complete SA init exchange
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_CHK4_ROLE
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_START_TMR
IKEv2-PROTO-3: (10): Starting timer to wait for auth message (30 sec)
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000000 CurState: R_WAIT_AUTH Event: EV_NO_EVENT
IKEv2-PROTO-3: Rx [L 10.10.10.10:500/R 10.10.10.1:500/VRF i0:f0] m_id: 0x1
IKEv2-PROTO-3: HDR[i:95110AEB2DB55B1E - r: 781732A709335C26]
IKEv2-PROTO-4: IKEV2 HDR ispi: 95110AEB2DB55B1E - rspi: 781732A709335C26
IKEv2-PROTO-4: Next payload: ENCR, version: 2.0
IKEv2-PROTO-4: Exchange type: IKE_AUTH, flags: INITIATOR
IKEv2-PROTO-4: Message id: 0x1, length: 272
IKEv2-PROTO-5: (10): Request has mess_id 1; expected 1 through 1


REAL Decrypted packet:Data: 200 bytes
IKEv2-PROTO-5: Parse Vendor Specific Payload: (CUSTOM) VID  Next payload: IDi, reserved: 0x0, length: 20

     94 11 0b eb 3e 82 a8 59 15 7e 16 91 23 e2 6e 8d
 IDi  Next payload: AUTH, reserved: 0x0, length: 12
    Id type: IPv4 address, Reserved: 0x0 0x0

     0a 0a 0a 01
 AUTH  Next payload: SA, reserved: 0x0, length: 40
    Auth method PSK, reserved: 0x0, reserved 0x0
Auth data: 32 bytes
 SA  Next payload: TSi, reserved: 0x0, length: 44
IKEv2-PROTO-4:   last proposal: 0x0, reserved: 0x0, length: 40
  Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 3
IKEv2-PROTO-4:     last transform: 0x3, reserved: 0x0: length: 12
    type: 1, reserved: 0x0, id: AES-CBC
IKEv2-PROTO-4:     last transform: 0x3, reserved: 0x0: length: 8
    type: 3, reserved: 0x0, id: SHA96
IKEv2-PROTO-4:     last transform: 0x0, reserved: 0x0: length: 8
    type: 5, reserved: 0x0, id:

 TSi  Next payload: TSr, reserved: 0x0, length: 24
    Num of TSs: 1, reserved 0x0, reserved 0x0
    TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
    start port: 0, end port: 65535
    start addr: 1.1.1.0, end addr: 1.1.1.255
 TSr  Next payload: NOTIFY, reserved: 0x0, length: 24
    Num of TSs: 1, reserved 0x0, reserved 0x0
    TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
    start port: 0, end port: 65535
    start addr: 3.3.3.0, end addr: 3.3.3.255
IKEv2-PROTO-5: Parse Notify Payload: INITIAL_CONTACT NOTIFY(INITIAL_CONTACT)  Next payload: NOTIFY, reserved: 0x0, length: 8
    Security protocol id: IKE, spi size: 0, type: INITIAL_CONTACT
IKEv2-PROTO-5: Parse Notify Payload: SET_WINDOW_SIZE NOTIFY(SET_WINDOW_SIZE)  Next payload: NOTIFY, reserved: 0x0, length: 12
    Security protocol id: IKE, spi size: 0, type: SET_WINDOW_SIZE

     00 00 00 05
IKEv2-PROTO-5: Parse Notify Payload: ESP_TFC_NO_SUPPORT NOTIFY(ESP_TFC_NO_SUPPORT)  Next payload: NOTIFY, reserved: 0x0, length: 8
    Security protocol id: IKE, spi size: 0, type: ESP_TFC_NO_SUPPORT
IKEv2-PROTO-5: Parse Notify Payload: NON_FIRST_FRAGS NOTIFY(NON_FIRST_FRAGS)  Next payload: NONE, reserved: 0x0, length: 8
    Security protocol id: IKE, spi size: 0, type: NON_FIRST_FRAGS

Decrypted packet:Data: 272 bytes
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_RECV_AUTH
IKEv2-PROTO-3: (10): Stopping timer to wait for auth message
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_NAT_T
IKEv2-PROTO-3: (10): Check NAT discovery
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_PROC_ID
IKEv2-PROTO-2: (10): Recieved valid parameteres in process id
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_IF_PEER_CERT_NEEDS_TO_BE_FETCHED_FOR_PROF_SEL
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_GET_POLICY_BY_PEERID
IKEv2-PROTO-3: (10): Getting configured policies
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_SET_POLICY
IKEv2-PROTO-3: (10): Setting configured policies
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_VERIFY_POLICY_BY_PEERID
IKEv2-PROTO-3: (10): Verify peer's policy
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_CONFIG_MODE
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_AUTH4EAP
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_POLREQEAP
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_CHK_AUTH_TYPE
IKEv2-PROTO-3: (10): Get peer authentication method
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_GET_PRESHR_KEY
IKEv2-PROTO-3: (10): Get peer's preshared key for 10.10.10.1
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_VERIFY_AUTH
IKEv2-PROTO-3: (10): Verify authentication data
IKEv2-PROTO-3: (10): Use preshared key for id 10.10.10.1, key len 5
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_GET_CONFIG_MODE
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_CHK4_IC
IKEv2-PROTO-3: (10): Processing initial contact
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_CHK_REDIRECT
IKEv2-PROTO-5: (10): Redirect check is not needed, skipping it
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_PROC_SA_TS
IKEv2-PROTO-2: (10): Processing auth message
IKEv2-PROTO-1: (10): Failed to find a matching policy
IKEv2-PROTO-1: (10): Received Policies:
ESP: Proposal 1:  AES-CBC-128 SHA96

IKEv2-PROTO-1: (10): Failed to find a matching policy
IKEv2-PROTO-1: (10): Expected Policies:
IKEv2-PROTO-5: (10): Failed to verify the proposed policies
IKEv2-PROTO-1: (10): Failed to find a matching policy
IKEv2-PROTO-1: (10):
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_NO_PROP_CHOSEN
IKEv2-PROTO-2: (10): Sending no proposal chosen notify
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_MY_AUTH_METHOD
IKEv2-PROTO-3: (10): Get my authentication method
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_GET_PRESHR_KEY
IKEv2-PROTO-3: (10): Get peer's preshared key for 10.10.10.1
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_GEN_AUTH
IKEv2-PROTO-3: (10): Generate my authentication data
IKEv2-PROTO-3: (10): Use preshared key for id 10.10.10.10, key len 5
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_CHK4_SIGN
IKEv2-PROTO-3: (10): Get my authentication method
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_OK_AUTH_GEN
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_SEND_AUTH
IKEv2-PROTO-2: (10): Sending auth message
IKEv2-PROTO-5: Construct Vendor Specific Payload: CISCO-GRANITEIKEv2-PROTO-5: Construct Notify Payload: NO_PROPOSAL_CHOSENIKEv2-PROTO-3: (10): Building packet for encryption; contents are:
 VID  Next payload: IDr, reserved: 0x0, length: 20

     7a 17 33 a7 1a 04 af 61 15 7e 16 91 23 e2 6e 8d
 IDr  Next payload: AUTH, reserved: 0x0, length: 12
    Id type: IPv4 address, Reserved: 0x0 0x0

     0a 0a 0a 0a
 AUTH  Next payload: NOTIFY, reserved: 0x0, length: 40
    Auth method PSK, reserved: 0x0, reserved 0x0
Auth data: 32 bytes
 NOTIFY(NO_PROPOSAL_CHOSEN)  Next payload: NONE, reserved: 0x0, length: 8
    Security protocol id: IKE, spi size: 0, type: NO_PROPOSAL_CHOSEN

IKEv2-PROTO-3: Tx [L 10.10.10.10:500/R 10.10.10.1:500/VRF i0:f0] m_id: 0x1
IKEv2-PROTO-3: HDR[i:95110AEB2DB55B1E - r: 781732A709335C26]
IKEv2-PROTO-4: IKEV2 HDR ispi: 95110AEB2DB55B1E - rspi: 781732A709335C26
IKEv2-PROTO-4: Next payload: ENCR, version: 2.0
IKEv2-PROTO-4: Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE
IKEv2-PROTO-4: Message id: 0x1, length: 160
 ENCR  Next payload: VID, reserved: 0x0, length: 132
Encrypted data: 128 bytes

IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_OK
IKEv2-PROTO-5: (10): Action: Action_Null
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_PKI_SESH_CLOSE
IKEv2-PROTO-3: (10): Closing the PKI session
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_INSERT_IKE
IKEv2-PROTO-2: (10): SA created; inserting SA into database
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_REGISTER_SESSION
IKEv2-PROTO-3: (10):
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_NO_EVENT
IKEv2-PROTO-3: (10): Initializing DPD, configured for 10 seconds
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_RECD_REGISTER_SESSION_RESP
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_CHECK_DUPE
IKEv2-PROTO-3: (10): Checking for duplicate SA
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_CHK4_ROLE
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: READY Event: EV_R_UPDATE_CAC_STATS
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: READY Event: EV_R_OK
IKEv2-PROTO-3: (10): Starting timer to delete negotiation context
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000001 CurState: READY Event: EV_NO_EVENT
IKEv2-PROTO-3: Rx [L 10.10.10.10:500/R 10.10.10.1:500/VRF i0:f0] m_id: 0x2
IKEv2-PROTO-3: HDR[i:95110AEB2DB55B1E - r: 781732A709335C26]
IKEv2-PROTO-4: IKEV2 HDR ispi: 95110AEB2DB55B1E - rspi: 781732A709335C26
IKEv2-PROTO-4: Next payload: ENCR, version: 2.0
IKEv2-PROTO-4: Exchange type: INFORMATIONAL, flags: INITIATOR
IKEv2-PROTO-4: Message id: 0x2, length: 80
IKEv2-PROTO-5: (10): Request has mess_id 2; expected 2 through 2


REAL Decrypted packet:Data: 12 bytes
 DELETE  Next payload: NONE, reserved: 0x0, length: 12
    Security protocol id: ESP, spi size: 4, num of spi: 1

     0a a3 b4 ec

Decrypted packet:Data: 80 bytes
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000002 CurState: READY Event: EV_RECV_INFO_REQ
IKEv2-PROTO-5: (10): Action: Action_Null
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000002 CurState: INFO_R Event: EV_RECV_INFO_REQ
IKEv2-PROTO-3: (10): Building packet for encryption; contents are:
IKEv2-PROTO-3: Tx [L 10.10.10.10:500/R 10.10.10.1:500/VRF i0:f0] m_id: 0x2
IKEv2-PROTO-3: HDR[i:95110AEB2DB55B1E - r: 781732A709335C26]
IKEv2-PROTO-4: IKEV2 HDR ispi: 95110AEB2DB55B1E - rspi: 781732A709335C26
IKEv2-PROTO-4: Next payload: ENCR, version: 2.0
IKEv2-PROTO-4: Exchange type: INFORMATIONAL, flags: RESPONDER MSG-RESPONSE
IKEv2-PROTO-4: Message id: 0x2, length: 80
 ENCR  Next payload: NONE, reserved: 0x0, length: 52
Encrypted data: 48 bytes

IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000002 CurState: INFO_R Event: EV_CHK_INFO_TYPE
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000002 CurState: INFO_R Event: EV_RECV_DEL
IKEv2-PROTO-2: (10): Process delete request from peer
IKEv2-PROTO-5: Trying to remove child SA with spi ECB4A30A
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000002 CurState: INFO_R Event: EV_CHK4_ACTIVE_SA
IKEv2-PROTO-3: (10): Check for existing active SA
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000002 CurState: INFO_R Event: EV_START_DEL_NEG_TMR
IKEv2-PROTO-5: (10): Action: Action_Null
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000002 CurState: EXIT Event: EV_CHK_PENDING
IKEv2-PROTO-5: (10): Sent response with message id 2, Requests can be accepted from range 3 to 3
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000002 CurState: EXIT Event: EV_NO_EVENT
IKEv2-PROTO-3: Rx [L 10.10.10.10:500/R 10.10.10.1:500/VRF i0:f0] m_id: 0x3
IKEv2-PROTO-3: HDR[i:95110AEB2DB55B1E - r: 781732A709335C26]
IKEv2-PROTO-4: IKEV2 HDR ispi: 95110AEB2DB55B1E - rspi: 781732A709335C26
IKEv2-PROTO-4: Next payload: ENCR, version: 2.0
IKEv2-PROTO-4: Exchange type: INFORMATIONAL, flags: INITIATOR
IKEv2-PROTO-4: Message id: 0x3, length: 80
IKEv2-PROTO-5: (10): Request has mess_id 3; expected 3 through 3


REAL Decrypted packet:Data: 8 bytes
 DELETE  Next payload: NONE, reserved: 0x0, length: 8
    Security protocol id: IKE, spi size: 0, num of spi: 0

Decrypted packet:Data: 80 bytes
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000003 CurState: READY Event: EV_RECV_INFO_REQ
IKEv2-PROTO-5: (10): Action: Action_Null
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000003 CurState: INFO_R Event: EV_RECV_INFO_REQ
IKEv2-PROTO-3: (10): Building packet for encryption; contents are:
 DELETE  Next payload: NONE, reserved: 0x0, length: 8
    Security protocol id: IKE, spi size: 0, num of spi: 0

IKEv2-PROTO-3: Tx [L 10.10.10.10:500/R 10.10.10.1:500/VRF i0:f0] m_id: 0x3
IKEv2-PROTO-3: HDR[i:95110AEB2DB55B1E - r: 781732A709335C26]
IKEv2-PROTO-4: IKEV2 HDR ispi: 95110AEB2DB55B1E - rspi: 781732A709335C26
IKEv2-PROTO-4: Next payload: ENCR, version: 2.0
IKEv2-PROTO-4: Exchange type: INFORMATIONAL, flags: RESPONDER MSG-RESPONSE
IKEv2-PROTO-4: Message id: 0x3, length: 80
 ENCR  Next payload: DELETE, reserved: 0x0, length: 52
Encrypted data: 48 bytes

IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000003 CurState: INFO_R Event: EV_CHK_INFO_TYPE
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000003 CurState: INFO_R Event: EV_RECV_DEL
IKEv2-PROTO-2: (10): Process delete request from peer
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000003 CurState: INFO_R Event: EV_CHK4_ACTIVE_SA
IKEv2-PROTO-3: (10): Check for existing active SA
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000003 CurState: INFO_R Event: EV_STOP_ACCT
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000003 CurState: INFO_R Event: EV_TERM_CONN
IKEv2-PROTO-3: (10): Delete all IKE SAs
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000003 CurState: INFO_R Event: EV_START_DEL_NEG_TMR
IKEv2-PROTO-5: (10): Action: Action_Null
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000003 CurState: EXIT Event: EV_CHK_PENDING
IKEv2-PROTO-5: (10): Sent response with message id 3, Requests can be accepted from range 4 to 4
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000003 CurState: EXIT Event: EV_NO_EVENT
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (R) MsgID = 00000002 CurState: EXIT Event: EV_FREE_NEG
IKEv2-PROTO-5: (10): Deleting negotiation context for peer message ID: 0x2
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (I) MsgID = 00000001 CurState: READY Event: EV_RECV_DEL
IKEv2-PROTO-5: (10): Action: Action_Null
IKEv2-PROTO-5: (10): SM Trace-> SA: I_SPI=95110AEB2DB55B1E R_SPI=781732A709335C26 (I) MsgID = 00000001 CurState: DELETE Event: EV_FREE_SA
IKEv2-PROTO-3: (10): Deleting SA

R1 Debug:

R1#debug crypto ikev2
*Feb 25 23:01:45.251: %SYS-5-CONFIG_I: Configured from console by console
R1#ping 3.3.3.3 source 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
.....
Success rate is 0 percent (0/5)
R1#
*Feb 25 23:01:49.227: IKEv2:% Getting preshared key from profile keyring KEY
*Feb 25 23:01:49.227: IKEv2:% Matched peer block 'ASA1'
*Feb 25 23:01:49.227: IKEv2:Searching Policy with fvrf 0, local address 10.10.10.1
*Feb 25 23:01:49.227: IKEv2:Found Policy 'TEST'
*Feb 25 23:01:49.227: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Computing DH public key, DH Group 2
*Feb 25 23:01:49.227: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] DH key Computation PASSED
*Feb 25 23:01:49.227: IKEv2:(SA ID = 1):Request queued for computation of DH key
*Feb 25 23:01:49.227: IKEv2:IKEv2 initiator - no config data to send in IKE_SA_INIT exch
*Feb 25 23:01:49.227: IKEv2:(SA ID = 1):Generating IKE_SA_INIT message
*Feb 25 23:01:49.227: IKEv2:(SA ID = 1):IKE Proposal: 1, SPI size: 0 (initial negotiation),
Num. transforms: 4
   AES-CBC   SHA256   SHA256   DH_GROUP_1024_MODP/Group 2

*Feb 25 23:01:49.227: IKEv2:(SA ID = 1):Sending Packet [To 10.10.10.10:500/From 10.10.10.1:500/VRF i0:f0]
Initiator SPI : 48746602F5031812 - Responder SPI : 0000000000000000 Message id: 0
IKEv2 IKE_SA_INIT Exchange REQUEST
Payload contents:
 SA KE N VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP)

*Feb 25 23:01:49.227: IKEv2:(SA ID = 1):Insert SA

*Feb 25 23:01:49.231: IKEv2:(SA ID = 1):Received Packet [From 10.10.10.10:500/To 10.10.10.1:500/VRF i0:f0]
Initiator SPI : 48746602F5031812 - Responder SPI : 9F8132B6DDF29858 Message id: 0
IKEv2 IKE_SA_INIT Exchange RESPONSE
Payload contents:
 SA KE N VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP) VID

*Feb 25 23:01:49.231: IKEv2:(SA ID = 1):Processing IKE_SA_INIT message
*Feb 25 23:01:49.231: IKEv2:(SA ID = 1):Verify SA init message
*Feb 25 23:01:49.231: IKEv2:(SA ID = 1):Processing IKE_SA_INIT message
*Feb 25 23:01:49.231: IKEv2:(SA ID = 1):Checking NAT discovery
*Feb 25 23:01:49.231: IKEv2:(SA ID = 1):NAT not found
*Feb 25 23:01:49.231: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 2
*Feb 25 23:01:49.255: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] DH key Computation PASSED
*Feb 25 23:01:49.255: IKEv2:(SA ID = 1):Request queued for computation of DH secret
*Feb 25 23:01:49.255: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Calculate SKEYSEED and create rekeyed IKEv2 SA
*Feb 25 23:01:49.255: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] SKEYSEED calculation and creation of rekeyed IKEv2 SA PASSED
*Feb 25 23:01:49.255: IKEv2:(SA ID = 1):Completed SA init exchange
*Feb 25 23:01:49.255: IKEv2:(SA ID = 1):Check for EAP exchange
*Feb 25 23:01:49.255: IKEv2:(SA ID = 1):Generate my authentication data
*Feb 25 23:01:49.255: IKEv2:(SA ID = 1):Use preshared key for id 10.10.10.3, key len 5
*Feb 25 23:01:49.255: IKEv2:[IKEv2 -> Crypto Engine] Generate IKEv2 authentication data
*Feb 25 23:01:49.255: IKEv2:[Crypto Engine -> IKEv2] IKEv2 authentication data generation PASSED
*Feb 25 23:01:49.255: IKEv2:(SA ID = 1):Get my authentication method
*Feb 25 23:01:49.255: IKEv2:(SA ID = 1):My authentication method is 'PSK'
*Feb 25 23:01:49.255: IKEv2:(SA ID = 1):Check for EAP exchange
*Feb 25 23:01:49.255: IKEv2:(SA ID = 1):Generating IKE_AUTH message
*Feb 25 23:01:49.255: IKEv2:(SA ID = 1):Constructing IDi payload: '10.10.10.3' of type 'IPv4 address'
*Feb 25 23:01:49.255: IKEv2:(SA ID = 1):ESP Proposal: 1, SPI size: 4 (IPSec negotiation),
Num. transforms: 3
   AES-CBC   SHA96   Don't use ESN
*Feb 25 23:01:49.255: IKEv2:(SA ID = 1):Building packet for encryption. 
Payload contents:
 VID IDi AUTH SA TSi TSr NOTIFY(INITIAL_CONTACT) NOTIFY(SET_WINDOW_SIZE) NOTIFY(ESP_TFC_NO_SUPPORT) NOTIFY(NON_FIRST_FRAGS)

*Feb 25 23:01:49.255: IKEv2:(SA ID = 1):Sending Packet [To 10.10.10.10:500/From 10.10.10.1:500/VRF i0:f0]
Initiator SPI : 48746602F5031812 - Responder SPI : 9F8132B6DDF29858 Message id: 1
IKEv2 IKE_AUTH Exchange REQUEST
Payload contents:
 ENCR
 

*Feb 25 23:01:49.259: IKEv2:(SA ID = 1):Received Packet [From 10.10.10.10:500/To 10.10.10.1:500/VRF i0:f0]
Initiator SPI : 48746602F5031812 - Responder SPI : 9F8132B6DDF29858 Message id: 1
IKEv2 IKE_AUTH Exchange RESPONSE
Payload contents:
 VID IDr AUTH NOTIFY(NO_PROPOSAL_CHOSEN)

*Feb 25 23:01:49.259: IKEv2:(SA ID = 1):Process auth response notify
*Feb 25 23:01:49.259: IKEv2:(SA ID = 1):
*Feb 25 23:01:49.259: IKEv2:(SA ID = 1):Searching policy based on peer's identity '10.10.10.10' of type 'IPv4 address'
*Feb 25 23:01:49.259: IKEv2:Searching Policy with fvrf 0, local address 10.10.10.1
*Feb 25 23:01:49.259: IKEv2:Found Policy 'TEST'
*Feb 25 23:01:49.259: IKEv2:(SA ID = 1):Verify peer's policy
*Feb 25 23:01:49.259: IKEv2:(SA ID = 1):Peer's policy verified
*Feb 25 23:01:49.259: IKEv2:(SA ID = 1):Get peer's authentication method
*Feb 25 23:01:49.259: IKEv2:(SA ID = 1):Peer's authentication method is 'PSK'
*Feb 25 23:01:49.259: IKEv2:(SA ID = 1):Get peer's preshared key for 10.10.10.10
*Feb 25 23:01:49.259: IKEv2:(SA ID = 1):Verify peer's authentication data
*Feb 25 23:01:49.259: IKEv2:(SA ID = 1):Use preshared key for id 10.10.10.10, key len 5
*Feb 25 23:01:49.259: IKEv2:[IKEv2 -> Crypto Engine] Generate IKEv2 authentication data
*Feb 25 23:01:49.259: IKEv2:[Crypto Engine -> IKEv2] IKEv2 authentication data generation PASSED
*Feb 25 23:01:49.259: IKEv2:(SA ID = 1):Verification of peer's authenctication data PASSED
*Feb 25 23:01:49.259: IKEv2:(SA ID = 1):Check for EAP exchange
*Feb 25 23:01:49.259: IKEv2:(SA ID = 1):IKEV2 SA created; inserting SA into database. SA lifetime timer (86400 sec) started
*Feb 25 23:01:49.259: IKEv2:(SA ID = 1):Session with IKE ID PAIR (10.10.10.10, 10.10.10.3) is UP
*Feb 25 23:01:49.263: IKEv2:IKEv2 MIB tunnel started, tunnel index 1
*Feb 25 23:01:49.263: IKEv2:(SA ID = 1):Checking for duplicate IKEv2 SA
*Feb 25 23:01:49.263: IKEv2:(SA ID = 1):No duplicate IKEv2 SA found
*Feb 25 23:01:49.263: IKEv2:(SA ID = 1):Queuing IKE SA delete request reason: unknown
*Feb 25 23:01:49.263: IKEv2:(SA ID = 1):Sending DELETE INFO message for IPsec SA [SPI: 0x5608A108]
*Feb 25 23:01:49.263: IKEv2:(SA ID = 1):Building packet for encryption. 
Payload contents:
 DELETE
*Feb 25 23:01:49.263: IKEv2:(SA ID = 1):Checking if request will fit in peer window

*Feb 25 23:01:49.263: IKEv2:(SA ID = 1):Sending Packet [To 10.10.10.10:500/From 10.10.10.1:500/VRF i0:f0]
Initiator SPI : 48746602F5031812 - Responder SPI : 9F8132B6DDF29858 Message id: 2
IKEv2 INFORMATIONAL Exchange REQUEST
Payload contents:
 ENCR

*Feb 25 23:01:49.263: IKEv2:(SA ID = 1):Check for existing IPSEC SA
*Feb 25 23:01:49.263: IKEv2:(SA ID = 1):Delete all IKE SAs
*Feb 25 23:01:49.263: IKEv2:(SA ID = 1):Sending DELETE INFO message for IKEv2 SA [ISPI: 0x48746602F5031812 RSPI: 0x9F8132B6DDF29858]
*Feb 25 23:01:49.263: IKEv2:(SA ID = 1):Building packet for encryption. 
Payload contents:
 DELETE
*Feb 25 23:01:49.263: IKEv2:(SA ID = 1):Checking if request will fit in peer window
*Feb 25 23:01:49.263: IKEv2:(SA ID = 1):Check for existing active SA
*Feb 25 23:01:49.263: IKEv2:(SA ID = 1):Delete all IKE SAs

*Feb 25 23:01:49.263: IKEv2:(SA ID = 1):Received Packet [From 10.10.10.10:500/To 10.10.10.1:500/VRF i0:f0]
Initiator SPI : 48746602F5031812 - Responder SPI : 9F8132B6DDF29858 Message id: 2
IKEv2 INFORMATIONAL Exchange RESPONSE
Payload contents:
 

*Feb 25 23:01:49.263: IKEv2:(SA ID = 1):Processing ACK to informational exchange
*Feb 25 23:01:49.263: IKEv2:(SA ID = 1):Check for existing IPSEC SA
*Feb 25 23:01:49.263: IKEv2:(SA ID = 1):Delete all IKE SAs

*Feb 25 23:01:49.263: IKEv2:(SA ID = 1):Sending Packet [To 10.10.10.10:500/From 10.10.10.1:500/VRF i0:f0]
Initiator SPI : 48746602F5031812 - Responder SPI : 9F8132B6DDF29858 Message id: 3
IKEv2 INFORMATIONAL Exchange REQUEST
Payload contents:
 ENCR
 

*Feb 25 23:01:49.267: IKEv2:(SA ID = 1):Received Packet [From 10.10.10.10:500/To 10.10.10.1:500/VRF i0:f0]
Initiator SPI : 48746602F5031812 - Responder SPI : 9F8132B6DDF29858 Message id: 3
IKEv2 INFORMATIONAL Exchange RESPONSE
Payload contents:
 DELETE

*Feb 25 23:01:49.267: IKEv2:(SA ID = 1):Processing ACK to informational exchange
*Feb 25 23:01:49.267: IKEv2:(SA ID = 1):Deleting SA
R1#
*Feb 25 23:02:19.227: IKEv2:% Getting preshared key from profile keyring KEY
*Feb 25 23:02:19.227: IKEv2:% Matched peer block 'ASA1'
*Feb 25 23:02:19.227: IKEv2:Searching Policy with fvrf 0, local address 10.10.10.1
*Feb 25 23:02:19.227: IKEv2:Found Policy 'TEST'
*Feb 25 23:02:19.227: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Computing DH public key, DH Group 2
*Feb 25 23:02:19.227: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] DH key Computation PASSED
*Feb 25 23:02:19.227: IKEv2:(SA ID = 1):Request queued for computation of DH key
*Feb 25 23:02:19.227: IKEv2:IKEv2 initiator - no config data to send in IKE_SA_INIT exch
*Feb 25 23:02:19.227: IKEv2:(SA ID = 1):Generating IKE_SA_INIT message
*Feb 25 23:02:19.227: IKEv2:(SA ID = 1):IKE Proposal: 1, SPI size: 0 (initial negotiation),
Num. transforms: 4
   AES-CBC   SHA256   SHA256   DH_GROUP_1024_MODP/Group 2

*Feb 25 23:02:19.227: IKEv2:(SA ID = 1):Sending Packet [To 10.10.10.10:500/From 10.10.10.1:500/VRF i0:f0]
Initiator SPI : 8E39F3B81DD7B834 - Responder SPI : 0000000000000000 Message id: 0
IKEv2 IKE_SA_INIT Exchange REQUEST
Payload contents:
 SA KE N VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP)

*Feb 25 23:02:19.227: IKEv2:(SA ID = 1):Insert SA

*Feb 25 23:02:19.231: IKEv2:(SA ID = 1):Received Packet [From 10.10.10.10:500/To 10.10.10.1:500/VRF i0:f0]
Initiator SPI : 8E39F3B81DD7B834 - Responder SPI : 9440A6ADAB3F206E Message id: 0
IKEv2 IKE_SA_INIT Exchange RESPONSE
Payload contents:
 SA KE N VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP) VID

*Feb 25 23:02:19.231: IKEv2:(SA ID = 1):Processing IKE_SA_INIT message
*Feb 25 23:02:19.231: IKEv2:(SA ID = 1):Verify SA init message
*Feb 25 23:02:19.231: IKEv2:(SA ID = 1):Processing IKE_SA_INIT message
*Feb 25 23:02:19.231: IKEv2:(SA ID = 1):Checking NAT discovery
*Feb 25 23:02:19.231: IKEv2:(SA ID = 1):NAT not found
*Feb 25 23:02:19.231: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 2
*Feb 25 23:02:19.255: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] DH key Computation PASSED
*Feb 25 23:02:19.255: IKEv2:(SA ID = 1):Request queued for computation of DH secret
*Feb 25 23:02:19.255: IKEv2:(SA ID = 1):[IKEv2 -> Crypto Engine] Calculate SKEYSEED and create rekeyed IKEv2 SA
*Feb 25 23:02:19.255: IKEv2:(SA ID = 1):[Crypto Engine -> IKEv2] SKEYSEED calculation and creation of rekeyed IKEv2 SA PASSED
*Feb 25 23:02:19.255: IKEv2:(SA ID = 1):Completed SA init exchange
*Feb 25 23:02:19.255: IKEv2:(SA ID = 1):Check for EAP exchange
*Feb 25 23:02:19.255: IKEv2:(SA ID = 1):Generate my authentication data
*Feb 25 23:02:19.255: IKEv2:(SA ID = 1):Use preshared key for id 10.10.10.3, key len 5
*Feb 25 23:02:19.255: IKEv2:[IKEv2 -> Crypto Engine] Generate IKEv2 authentication data
*Feb 25 23:02:19.255: IKEv2:[Crypto Engine -> IKEv2] IKEv2 authentication data generation PASSED
*Feb 25 23:02:19.255: IKEv2:(SA ID = 1):Get my authentication method
*Feb 25 23:02:19.255: IKEv2:(SA ID = 1):My authentication method is 'PSK'
*Feb 25 23:02:19.255: IKEv2:(SA ID = 1):Check for EAP exchange
*Feb 25 23:02:19.255: IKEv2:(SA ID = 1):Generating IKE_AUTH message
*Feb 25 23:02:19.255: IKEv2:(SA ID = 1):Constructing IDi payload: '10.10.10.3' of type 'IPv4 address'
*Feb 25 23:02:19.255: IKEv2:(SA ID = 1):ESP Proposal: 1, SPI size: 4 (IPSec negotiation),
Num. transforms: 3
   AES-CBC   SHA96   Don't use ESN
*Feb 25 23:02:19.255: IKEv2:(SA ID = 1):Building packet for encryption. 
Payload contents:
 VID IDi AUTH SA TSi TSr NOTIFY(INITIAL_CONTACT) NOTIFY(SET_WINDOW_SIZE) NOTIFY(ESP_TFC_NO_SUPPORT) NOTIFY(NON_FIRST_FRAGS)

*Feb 25 23:02:19.255: IKEv2:(SA ID = 1):Sending Packet [To 10.10.10.10:500/From 10.10.10.1:500/VRF i0:f0]
Initiator SPI : 8E39F3B81DD7B834 - Responder SPI : 9440A6ADAB3F206E Message id: 1
IKEv2 IKE_AUTH Exchange REQUEST
Payload contents:
 ENCR
 

*Feb 25 23:02:19.259: IKEv2:(SA ID = 1):Received Packet [From 10.10.10.10:500/To 10.10.10.1:500/VRF i0:f0]
Initiator SPI : 8E39F3B81DD7B834 - Responder SPI : 9440A6ADAB3F206E Message id: 1
IKEv2 IKE_AUTH Exchange RESPONSE
Payload contents:
 VID IDr AUTH NOTIFY(NO_PROPOSAL_CHOSEN)

*Feb 25 23:02:19.259: IKEv2:(SA ID = 1):Process auth response notify
*Feb 25 23:02:19.259: IKEv2:(SA ID = 1):
*Feb 25 23:02:19.259: IKEv2:(SA ID = 1):Searching policy based on peer's identity '10.10.10.10' of type 'IPv4 address'
*Feb 25 23:02:19.259: IKEv2:Searching Policy with fvrf 0, local address 10.10.10.1
*Feb 25 23:02:19.259: IKEv2:Found Policy 'TEST'
*Feb 25 23:02:19.259: IKEv2:(SA ID = 1):Verify peer's policy
*Feb 25 23:02:19.259: IKEv2:(SA ID = 1):Peer's policy verified
*Feb 25 23:02:19.259: IKEv2:(SA ID = 1):Get peer's authentication method
*Feb 25 23:02:19.259: IKEv2:(SA ID = 1):Peer's authentication method is 'PSK'
*Feb 25 23:02:19.259: IKEv2:(SA ID = 1):Get peer's preshared key for 10.10.10.10
*Feb 25 23:02:19.259: IKEv2:(SA ID = 1):Verify peer's authentication data
*Feb 25 23:02:19.259: IKEv2:(SA ID = 1):Use preshared key for id 10.10.10.10, key len 5
*Feb 25 23:02:19.259: IKEv2:[IKEv2 -> Crypto Engine] Generate IKEv2 authentication data
*Feb 25 23:02:19.259: IKEv2:[Crypto Engine -> IKEv2] IKEv2 authentication data generation PASSED
*Feb 25 23:02:19.259: IKEv2:(SA ID = 1):Verification of peer's authenctication data PASSED
*Feb 25 23:02:19.259: IKEv2:(SA ID = 1):Check for EAP exchange
*Feb 25 23:02:19.259: IKEv2:(SA ID = 1):IKEV2 SA created; inserting SA into database. SA lifetime timer (86400 sec) started
*Feb 25 23:02:19.259: IKEv2:(SA ID = 1):Session with IKE ID PAIR (10.10.10.10, 10.10.10.3) is UP
*Feb 25 23:02:19.259: IKEv2:IKEv2 MIB tunnel started, tunnel index 1
*Feb 25 23:02:19.259: IKEv2:(SA ID = 1):Checking for duplicate IKEv2 SA
*Feb 25 23:02:19.259: IKEv2:(SA ID = 1):No duplicate IKEv2 SA found
*Feb 25 23:02:19.259: IKEv2:(SA ID = 1):Queuing IKE SA delete request reason: unknown
*Feb 25 23:02:19.259: IKEv2:(SA ID = 1):Sending DELETE INFO message for IPsec SA [SPI: 0xB266654B]
*Feb 25 23:02:19.259: IKEv2:(SA ID = 1):Building packet for encryption. 
Payload contents:
 DELETE
*Feb 25 23:02:19.259: IKEv2:(SA ID = 1):Checking if request will fit in peer window

*Feb 25 23:02:19.259: IKEv2:(SA ID = 1):Sending Packet [To 10.10.10.10:500/From 10.10.10.1:500/VRF i0:f0]
Initiator SPI : 8E39F3B81DD7B834 - Responder SPI : 9440A6ADAB3F206E Message id: 2
IKEv2 INFORMATIONAL Exchange REQUEST
Payload contents:
 ENCR

*Feb 25 23:02:19.263: IKEv2:(SA ID = 1):Check for existing IPSEC SA
*Feb 25 23:02:19.263: IKEv2:(SA ID = 1):Delete all IKE SAs
*Feb 25 23:02:19.263: IKEv2:(SA ID = 1):Sending DELETE INFO message for IKEv2 SA [ISPI: 0x8E39F3B81DD7B834 RSPI: 0x9440A6ADAB3F206E]
*Feb 25 23:02:19.263: IKEv2:(SA ID = 1):Building packet for encryption. 
Payload contents:
 DELETE
*Feb 25 23:02:19.263: IKEv2:(SA ID = 1):Checking if request will fit in peer window
*Feb 25 23:02:19.263: IKEv2:(SA ID = 1):Check for existing active SA
*Feb 25 23:02:19.263: IKEv2:(SA ID = 1):Delete all IKE SAs

*Feb 25 23:02:19.263: IKEv2:(SA ID = 1):Received Packet [From 10.10.10.10:500/To 10.10.10.1:500/VRF i0:f0]
Initiator SPI : 8E39F3B81DD7B834 - Responder SPI : 9440A6ADAB3F206E Message id: 2
IKEv2 INFORMATIONAL Exchange RESPONSE
Payload contents:
 

*Feb 25 23:02:19.263: IKEv2:(SA ID = 1):Processing ACK to informational exchange
*Feb 25 23:02:19.263: IKEv2:(SA ID = 1):Check for existing IPSEC SA
*Feb 25 23:02:19.263: IKEv2:(SA ID = 1):Delete all IKE SAs

*Feb 25 23:02:19.263: IKEv2:(SA ID = 1):Sending Packet [To 10.10.10.10:500/From 10.10.10.1:500/VRF i0:f0]
Initiator SPI : 8E39F3B81DD7B834 - Responder SPI : 9440A6ADAB3F206E Message id: 3
IKEv2 INFORMATIONAL Exchange REQUEST
Payload contents:
 ENCR
 

*Feb 25 23:02:19.263: IKEv2:(SA ID = 1):Received Packet [From 10.10.10.10:500/To 10.10.10.1:500/VRF i0:f0]
Initiator SPI : 8E39F3B81DD7B834 - Responder SPI : 9440A6ADAB3F206E Message id: 3
IKEv2 INFORMATIONAL Exchange RESPONSE
Payload contents:
 DELETE

*Feb 25 23:02:19.263: IKEv2:(SA ID = 1):Processing ACK to informational exchange
*Feb 25 23:02:19.263: IKEv2:(SA ID = 1):Deleting SA
R1#