IPsec VIDs
Hello
I would like to make a list with Vendor IDs, their Hex values and their purpose.
I am not aware of any document that mentions their usage and values so I would like to make one.
The reason for this is that in some outputs (e.g. 'capture CAP type isakmp' or 'debug crypto ikev1 255') on ASA you see only the Hex values of the VID.
I will make the beginning by combining outputs from the above debug commands along with Wireshark captures and list some of the VIDs and their usage. Please feel free to continue the update/correction of the list:
Vendor ID
Data (In Hex): 09 00 26 89 df d6 b7 12
Name: draft-beaulieu-ike-xauth-02.txt (XAUTH)
Usage: In my opinion this VID informs the Responder that the Initiator is using Aggressive mode.
Data (In Hex): af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
Name: RFC 3706 Detecting Dead IKE Peers (DPD)
Usage: In my opinion this VID informs the Responder that the Initiator supports DPD.
Data (In Hex): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 80 00 00 00
Name: Cisco Fragmentation
Usage: ?
Data (In Hex): 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f
Name: draft-ietf-ipsec-nat-t-ike-02\n
Usage: Advertises the capability of the device to support NAT-T (NAT Traversal Support)
Data (In Hex): 12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 74 cc 01 00
Name: CISCO-UNITY-1.0
Usage: ?
Regards
Mikis Zafeiroudis
If your connections are breaking due to NAT/IPSEC-being-blocked issues, then SSL VPNs have a better chance as 443 is rarely blocked. But if your IPSEC VPN is properly setup with NAT-T and keepalives, they should work through most networks.
You need to post more details about the existing issues to comment further.
Regards
Farrukh
Similar Messages
-
RV042G VPN - How to connect with Windows 7 IPsec client?
Hello,
I'm trying to use the Windows 7 VPN client, to connect to my RV042G. Here are some Screenshots of my router's and Windows' configuration:
I tried different other configurations, too, but each time, I get a lot of errors on the router. The upper configuration results in the following:
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: received Vendor ID payload [RFC 3947]
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: received Vendor ID payload [RFC 3947]
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: ignoring Vendor ID payload [FRAGMENTATION]
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: ignoring Vendor ID payload [FRAGMENTATION]
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: ignoring Vendor ID payload [fb1de3cdf341b7ea16b7e5be0855f120]
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: ignoring Vendor ID payload [fb1de3cdf341b7ea16b7e5be0855f120]
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: ignoring Vendor ID payload [e3a5966a76379fe707228231e5ce8652]
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: ignoring Vendor ID payload [e3a5966a76379fe707228231e5ce8652]
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet
Feb 13 14:58:05 2014 VPN Log packet from 192.168.1.24:500: [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: responding to Main Mode from unknown peer 192.168.1.24
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: OAKLEY_AES_CBC is not enabled for this connection. Attribute OAKLEY_ENCRYPTION_ALGORITHM
Feb 13 14:58:05 2014 Kernel last message repeated 5 times
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: OAKLEY_GROUP_MODP2048 is not enabled for this connection. Attribute OAKLEY_GROUP_DESCRIPTION
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: OAKLEY_GROUP_MODP2048 is not enabled for this connection. Attribute OAKLEY_GROUP_DESCRIPTION
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: Peer ID is ID_IPV4_ADDR: '192.168.1.24'
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] >>> Responder Send Main Mode 6th packet
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] >>> Responder Send Main Mode 6th packet
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: sent MR3, ISAKMP SA established
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: [Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: cannot respond to IPsec SA request because no connection is known for 78.52.27.132:17/1701...192.168.1.24[[email protected]]:17/1701
Feb 13 14:58:05 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: sending encrypted notification INVALID_ID_INFORMATION to 192.168.1.24:500
Feb 13 14:58:07 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)
Feb 13 14:58:07 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)
Feb 13 14:58:07 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: sending encrypted notification INVALID_MESSAGE_ID to 192.168.1.24:500
Feb 13 14:58:10 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)
Feb 13 14:58:10 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)
Feb 13 14:58:10 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: sending encrypted notification INVALID_MESSAGE_ID to 192.168.1.24:500
Feb 13 14:58:14 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)
Feb 13 14:58:14 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)
Feb 13 14:58:14 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: sending encrypted notification INVALID_MESSAGE_ID to 192.168.1.24:500
Feb 13 14:58:22 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)
Feb 13 14:58:22 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)
Feb 13 14:58:22 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: sending encrypted notification INVALID_MESSAGE_ID to 192.168.1.24:500
Feb 13 14:58:38 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)
Feb 13 14:58:38 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x00000001 (perhaps this is a duplicated packet)
Feb 13 14:58:38 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: sending encrypted notification INVALID_MESSAGE_ID to 192.168.1.24:500
Feb 13 14:58:52 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: received Delete SA payload: deleting ISAKMP State #89
Feb 13 14:58:52 2014 VPN Log (c2gips0)[2] 192.168.1.24 #89: received Delete SA payload: deleting ISAKMP State #89
Feb 13 14:58:52 2014 VPN Log (c2gips0)[2] 192.168.1.24: deleting connection (c2gips0) instance with peer 192.168.1.24 {isakmp=#0/ipsec=#0}
Does anyone know, how to configure the router and Windows 7, to get a working VPN tunnel?
Thanks.Ok, I could find the time, to try this out. I followed this instruction: https://www.shrew.net/support/Howto_Linksys and it works.
There is at last one Problem: I can't access computers behind the remote router from the connected client. The client can see the remote router and computers behind the remote router can see the connected client using the IP-adress, I used for shrewsoft.
I tried to ping some remote PCs from the client, but I get timeout messages. Ping is enabled on all devices. There are no log errors on the router. I tried to add the remote router on the client as a standard gateway, and I decativated the router's firewall, but without success.
Does anyone know, why the communication just works in one direction? -
IPSEC tunnel sa local ident is an odd IP range
I am setting up for the first time a tunnell from my ASA 5505 to an ISA 2006 server. I have a successful connection between the two devices, but what seems for only a certain IP range. show crypto ipsec sa shows local ident (192.168.100.16/255.255.255.240/0/0). It has been like this since I set up the tunnel, a few days ago, then this morning there is another SA that has local ident (192.168.100.64/255.255.255.192/0/0). Everything acts as it should between boths ends of the tunnel from devices within these ip subnets.
The subnet should be 192.168.100.0 255.255.255.0, how can I fix this?
asa# show crypto ipsec sa
interface: outside
Crypto map tag: outside_map, seq num: 1, local addr: xxx.xxx.xxx.193
access-list outside_1_cryptomap permit ip DG-office 255.255.255.0 Colo 25
.255.255.0
local ident (addr/mask/prot/port): (192.168.100.16/255.255.255.240/0/0)
remote ident (addr/mask/prot/port): (Colo/255.255.255.0/0/0)
current_peer: xxx.xxx.xxx.162
#pkts encaps: 39963, #pkts encrypt: 39963, #pkts digest: 39963
#pkts decaps: 38308, #pkts decrypt: 38308, #pkts verify: 38308
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 39963, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: xxx.xxx.xxx.193, remote crypto endpt.: xxx.xxx.xxx.162
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: 8959F8CC
inbound esp sas:
spi: 0x3F356DCF (1060466127)
transform: esp-3des esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 2, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (92667/2268)
IV size: 8 bytes
replay detection support: Y
outbound esp sas:
spi: 0x8959F8CC (2304374988)
transform: esp-3des esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 2, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (92660/2268)
IV size: 8 bytes
replay detection support: Y
Crypto map tag: outside_map, seq num: 1, local addr: xxx.xxx.xxx.193
access-list outside_1_cryptomap permit ip DG-office 255.255.255.0 Colo 25
.255.255.0
local ident (addr/mask/prot/port): (192.168.100.64/255.255.255.192/0/0)
remote ident (addr/mask/prot/port): (Colo/255.255.255.0/0/0)
current_peer: xxx.xxx.xxx.162
#pkts encaps: 69, #pkts encrypt: 69, #pkts digest: 69
#pkts decaps: 67, #pkts decrypt: 67, #pkts verify: 67
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 69, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: xxx.xxx.xxx.193, remote crypto endpt.: xxx.xxx.xxx.162
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: B1A6CD86
inbound esp sas:
spi: 0xA5593A3C (2774088252)
transform: esp-3des esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 2, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (92762/2814)
IV size: 8 bytes
replay detection support: Y
outbound esp sas:
spi: 0xB1A6CD86 (2980498822)
transform: esp-3des esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 2, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (92766/2814)
IV size: 8 bytes
replay detection support: YHere I increased the debug level to 255 and initiated the tunnel from the ISA side.
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2012.07.16 15:13:19 =~=~=~=~=~=~=~=~=~=~=~=
VIREasa#
VIREasa# ena
^
ERROR: % Invalid input detected at '^' marker.
VIREasa# ena
^
ERROR: % Invalid input detected at '^' marker.
VIREasa# clear crypto isakmp sa
VIREasa# debug crypto condition peer XXX.XXX.XXX.162
^
ERROR: % Invalid input detected at '^' marker.
VIREasa# debug crypto isakmp 255
VIREasa# debug crypto ipsec 255
VIREasa# Jul 16 10:37:06 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
Jul 16 10:37:06 [IKEv1]: IP = XXX.XXX.XXX.162, IKE Initiator: New Phase 1, Intf inside, IKE Peer XXX.XXX.XXX.162 local Proxy Address 192.168.100.0, remote Proxy Address 10.1.245.0, Crypto map (outside_map)
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, constructing ISAKMP SA payload
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, constructing Fragmentation VID + extended capabilities payload
Jul 16 10:37:06 [IKEv1]: IP = XXX.XXX.XXX.162, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + NONE (0) total length : 108
SENDING PACKET to XXX.XXX.XXX.162
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: 00 00 00 00 00 00 00 00
Next Payload: Security Association
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (none)
MessageID: 00000000
Length: 108
Payload Security Association
Next Payload: Vendor ID
Reserved: 00
Payload Length: 56
DOI: IPsec
Situation:(SIT_IDENTITY_ONLY)
Payload Proposal
Next Payload: None
Reserved: 00
Payload Length: 44
Proposal #: 1
Protocol-Id: PROTO_ISAKMP
SPI Size: 0
# of transforms: 1
Payload Transform
Next Payload: None
Reserved: 00
Payload Length: 36
Transform #: 1
Transform-Id: KEY_IKE
Reserved2: 0000
Group Description: Group 2
Encryption Algorithm: 3DES-CBC
Hash Algorithm: SHA1
Authentication Method: Preshared key
Life Type: seconds
Life Duration (Hex): 00 00 70 80
Payload Vendor ID
Next Payload: None
Reserved: 00
Payload Length: 24
Data (In Hex):
40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
c0 00 00 00
IKE Recv RAW packet dump
b7 e9 4e 56 4d c7 d9 2a b3 40 f6 5d bc 96 49 67 | ..NVM..*.@.]..Ig
01 10 02 00 00 00 00 00 00 00 00 a8 0d 00 00 38 | ...............8
00 00 00 01 00 00 00 01 00 00 00 2c 01 01 00 01 | ...........,....
00 00 00 24 01 01 00 00 80 01 00 05 80 02 00 02 | ...$............
80 04 00 02 80 03 00 01 80 0b 00 01 00 0c 00 04 | ................
00 00 70 80 0d 00 00 18 1e 2b 51 69 05 99 1c 7d | ..p......+Qi...}
7c 96 fc bf b5 87 e4 61 00 00 00 04 0d 00 00 14 | |......a........
40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | @H..n...%......
0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 | ........>.in.c..
ec 42 7b 1f 00 00 00 14 72 87 2b 95 fc da 2e b7 | .B{.....r.+.....
08 ef e3 22 11 9b 49 71 | ..."..Iq
RECV PACKET from XXX.XXX.XXX.162
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Security Association
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (none)
MessageID: 00000000
Length: 168
Payload Security Association
Next Payload: Vendor ID
Reserved: 00
Payload Length: 56
DOI: IPsec
Situation:(SIT_IDENTITY_ONLY)
Payload Proposal
Next Payload: None
Reserved: 00
Payload Length: 44
Proposal #: 1
Protocol-Id: PROTO_ISAKMP
SPI Size: 0
# of transforms: 1
Payload Transform
Next Payload: None
Reserved: 00
Payload Length: 36
Transform #: 1
Transform-Id: KEY_IKE
Reserved2: 0000
Encryption Algorithm: 3DES-CBC
Hash Algorithm: SHA1
Group Description: Group 2
Authentication Method: Preshared key
Life Type: seconds
Life Duration (Hex): 00 00 70 80
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 24
Data (In Hex):
1e 2b 51 69 05 99 1c 7d 7c 96 fc bf b5 87 e4 61
00 00 00 04
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f
Payload Vendor ID
Next Payload: None
Reserved: 00
Payload Length: 20
Data (In Hex):
72 87 2b 95 fc da 2e b7 08 ef e3 22 11 9b 49 71
Jul 16 10:37:06 [IKEv1]: IP = XXX.XXX.XXX.162, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 168
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, processing SA payload
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, Oakley proposal is acceptable
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, processing VID payload
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, processing VID payload
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, Received Fragmentation VID
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, processing VID payload
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, Received NAT-Traversal ver 02 VID
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, processing VID payload
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, constructing ke payload
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, constructing nonce payload
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, constructing Cisco Unity VID payload
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, constructing xauth V6 VID payload
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, Send IOS VID
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, constructing VID payload
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Jul 16 10:37:06 [IKEv1]: IP = XXX.XXX.XXX.162, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 256
SENDING PACKET to XXX.XXX.XXX.162
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Key Exchange
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (none)
MessageID: 00000000
Length: 256
Payload Key Exchange
Next Payload: Nonce
Reserved: 00
Payload Length: 132
Data:
20 ef 0c b5 34 72 9c d0 e7 04 57 3d c1 24 33 18
61 7b 4c 20 22 4f 21 35 03 9e f2 32 f4 00 93 dd
48 e5 75 70 88 84 59 e8 25 15 e6 7f 34 78 36 7b
fc ef c5 af 08 f7 84 42 ae 2f 2c bb 1f a5 28 c6
76 3d c5 96 72 e0 17 de 18 e9 65 37 b0 8d 8f ca
de 12 14 49 2d 92 2e c2 0f 75 82 ef e6 14 83 99
c3 34 f4 3f b1 18 b7 47 ec da 1f af 8a d3 4f c7
a6 8d be ab 06 f3 e9 b6 62 4b 92 aa 84 ea fd 1a
Payload Nonce
Next Payload: Vendor ID
Reserved: 00
Payload Length: 24
Data:
1d fd 28 53 fc e8 e3 a2 8e 45 13 6a f0 eb 35 ed
60 e9 b4 34
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 74 cc 01 00
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 12
Data (In Hex): 09 00 26 89 df d6 b7 12
Payload Vendor ID
Next Payload: Vendor ID
Reserved: 00
Payload Length: 20
Data (In Hex):
42 2e e9 4b 4d c6 d9 2a 0a 4f d8 e6 97 31 29 31
Payload Vendor ID
Next Payload: None
Reserved: 00
Payload Length: 20
Data (In Hex):
1f 07 f7 0e aa 65 14 d3 b0 fa 96 54 2a 50 01 00
IKE Recv RAW packet dump
b7 e9 4e 56 4d c7 d9 2a b3 40 f6 5d bc 96 49 67 | ..NVM..*.@.]..Ig
04 10 02 00 00 00 00 00 00 00 00 b8 0a 00 00 84 | ................
08 da ec 1d 50 67 35 31 dd 86 2e 10 8a 06 f9 5a | ....Pg51.......Z
15 b8 21 8f 41 78 91 6e 6a 58 69 9e 51 b2 3e c8 | ..!.Ax.njXi.Q.>.
f2 73 66 c6 dc 96 fc 02 c3 a8 4f 50 8c 39 c8 2e | .sf.......OP.9..
f1 ee f9 19 c3 b5 c8 19 2e d3 59 64 bb 78 19 a8 | ..........Yd.x..
ff e4 02 a6 82 a4 2c 73 ba 9a 7a c3 7b 3b 25 d9 | ......,s..z.{;%.
7b d5 e0 52 a5 c6 fb 5e b7 42 8e 5d 93 7d 83 c5 | {..R...^.B.].}..
91 8f 7d f9 4f 05 66 4b 6c c0 da bc 80 44 a5 1b | ..}.O.fKl....D..
da f4 34 03 3a a2 bd 24 6a 9c ff 47 3c f3 ba e8 | ..4.:..$j..G<...
00 00 00 18 1a bf f9 d7 92 92 38 1f 1f 37 48 18 | ..........8..7H.
e2 84 c9 5e 86 2c c8 e8 | ...^.,..
RECV PACKET from XXX.XXX.XXX.162
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Key Exchange
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (none)
MessageID: 00000000
Length: 184
Payload Key Exchange
Next Payload: Nonce
Reserved: 00
Payload Length: 132
Data:
08 da ec 1d 50 67 35 31 dd 86 2e 10 8a 06 f9 5a
15 b8 21 8f 41 78 91 6e 6a 58 69 9e 51 b2 3e c8
f2 73 66 c6 dc 96 fc 02 c3 a8 4f 50 8c 39 c8 2e
f1 ee f9 19 c3 b5 c8 19 2e d3 59 64 bb 78 19 a8
ff e4 02 a6 82 a4 2c 73 ba 9a 7a c3 7b 3b 25 d9
7b d5 e0 52 a5 c6 fb 5e b7 42 8e 5d 93 7d 83 c5
91 8f 7d f9 4f 05 66 4b 6c c0 da bc 80 44 a5 1b
da f4 34 03 3a a2 bd 24 6a 9c ff 47 3c f3 ba e8
Payload Nonce
Next Payload: None
Reserved: 00
Payload Length: 24
Data:
1a bf f9 d7 92 92 38 1f 1f 37 48 18 e2 84 c9 5e
86 2c c8 e8
Jul 16 10:37:06 [IKEv1]: IP = XXX.XXX.XXX.162, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NONE (0) total length : 184
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, processing ke payload
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, processing ISA_KE payload
Jul 16 10:37:06 [IKEv1 DEBUG]: IP = XXX.XXX.XXX.162, processing nonce payload
Jul 16 10:37:06 [IKEv1]: IP = XXX.XXX.XXX.162, Connection landed on tunnel_group XXX.XXX.XXX.162
Jul 16 10:37:06 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Generating keys for Initiator...
Jul 16 10:37:06 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing ID payload
Jul 16 10:37:06 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing hash payload
Jul 16 10:37:06 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Computing hash for ISAKMP
Jul 16 10:37:06 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing dpd vid payload
Jul 16 10:37:06 [IKEv1]: IP = XXX.XXX.XXX.162, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + VENDOR (13) + NONE (0) total length : 84
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
b7 e9 4e 56 4d c7 d9 2a b3 40 f6 5d bc 96 49 67 | ..NVM..*.@.]..Ig
05 10 02 00 00 00 00 00 1c 00 00 00 08 00 00 0c | ................
01 11 01 f4 ad 0f 76 c1 0d 00 00 18 7b 35 df 40 | ......v.....{5.@
d0 10 31 39 3a 14 72 50 cb ff 48 de c4 f1 9d e2 | ..19:.rP..H.....
00 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc | ........h...k...
77 57 01 00 | wW..
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Identification
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (none)
MessageID: 00000000
Length: 469762048
Payload Identification
Next Payload: Hash
Reserved: 00
Payload Length: 12
ID Type: IPv4 Address (1)
Protocol ID (UDP/TCP, etc...): 17
Port: 500
ID Data: YYY.YYY.YYY
Payload Hash
Next Payload: Vendor ID
Reserved: 00
Payload Length: 24
Data:
7b 35 df 40 d0 10 31 39 3a 14 72 50 cb ff 48 de
c4 f1 9d e2
Payload Vendor ID
Next Payload: None
Reserved: 00
Payload Length: 20
Data (In Hex):
af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
SENDING PACKET to XXX.XXX.XXX.162
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Identification
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (Encryption)
MessageID: 00000000
Length: 84
IKE Recv RAW packet dump
b7 e9 4e 56 4d c7 d9 2a b3 40 f6 5d bc 96 49 67 | ..NVM..*.@.]..Ig
05 10 02 01 00 00 00 00 00 00 00 44 ed 48 40 6f | ...........D.H@o
aa 8e b8 5a b3 59 f7 d8 cc 4e e9 a7 d3 d1 0a 04 | ...Z.Y...N......
ca cf 7f 53 11 d9 ea e7 fa eb 2f ad cf 85 fc d8 | ..S....../.....
d0 00 1e 11 | ....
RECV PACKET from XXX.XXX.XXX.162
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Identification
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (Encryption)
MessageID: 00000000
Length: 68
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Identification
Version: 1.0
Exchange Type: Identity Protection (Main Mode)
Flags: (Encryption)
MessageID: 00000000
Length: 68
Payload Identification
Next Payload: Hash
Reserved: 00
Payload Length: 12
ID Type: IPv4 Address (1)
Protocol ID (UDP/TCP, etc...): 0
Port: 0
ID Data: XXX.XXX.XXX.162
Payload Hash
Next Payload: None
Reserved: 00
Payload Length: 24
Data:
9d 85 c6 d1 37 3d 5e df 25 22 2c 01 1f f8 4d 42
e5 51 da ed
Jul 16 10:37:07 [IKEv1]: IP = XXX.XXX.XXX.162, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + NONE (0) total length : 64
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, processing ID payload
Jul 16 10:37:07 [IKEv1 DECODE]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, ID_IPV4_ADDR ID received
XXX.XXX.XXX.162
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, processing hash payload
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Computing hash for ISAKMP
Jul 16 10:37:07 [IKEv1]: IP = XXX.XXX.XXX.162, Connection landed on tunnel_group XXX.XXX.XXX.162
Jul 16 10:37:07 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Freeing previously allocated memory for authorization-dn-attributes
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Oakley begin quick mode
Jul 16 10:37:07 [IKEv1 DECODE]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IKE Initiator starting QM: msg id = d034947b
Jul 16 10:37:07 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, PHASE 1 COMPLETED
Jul 16 10:37:07 [IKEv1]: IP = XXX.XXX.XXX.162, Keep-alive type for this connection: None
Jul 16 10:37:07 [IKEv1]: IP = XXX.XXX.XXX.162, Keep-alives configured on but peer does not support keep-alives (type = None)
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Starting P1 rekey timer: 21600 seconds.
IPSEC: Received a PFKey message from IKE
IPSEC: Parsing PFKey GETSPI message
IPSEC: Creating IPsec SA
IPSEC: Getting the inbound SPI
IPSEC: New embryonic SA created @ 0x03F0A668,
SCB: 0x03E6B0D0,
Direction: inbound
SPI : 0xAC3E784B
Session ID: 0x00000023
VPIF num : 0x00000002
Tunnel type: l2l
Protocol : esp
Lifetime : 240 seconds
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IKE got SPI from key engine: SPI = 0xac3e784b
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, oakley constucting quick mode
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing blank hash payload
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing IPSec SA payload
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing IPSec nonce payload
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing proxy ID
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Transmitting Proxy Id:
Local subnet: 192.168.100.0 mask 255.255.255.0 Protocol 0 Port 0
Remote subnet: 10.1.245.0 Mask 255.255.255.0 Protocol 0 Port 0
Jul 16 10:37:07 [IKEv1 DECODE]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IKE Initiator sending Initial Contact
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing qm hash payload
Jul 16 10:37:07 [IKEv1 DECODE]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IKE Initiator sending 1st QM pkt: msg id = d034947b
Jul 16 10:37:07 [IKEv1]: IP = XXX.XXX.XXX.162, IKE_DECODE SENDING Message (msgid=d034947b) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NOTIFY (11) + NONE (0) total length : 196
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
b7 e9 4e 56 4d c7 d9 2a b3 40 f6 5d bc 96 49 67 | ..NVM..*.@.]..Ig
08 10 20 00 7b 94 34 d0 1c 00 00 00 01 00 00 18 | .. .{.4.........
3f 10 13 8a 47 5e 02 06 75 50 d3 43 26 14 5f 12 | ?...G^..uP.C&._.
dd 0f 3c fa 0a 00 00 3c 00 00 00 01 00 00 00 01 | ..<....<........
00 00 00 30 01 03 04 01 ac 3e 78 4b 00 00 00 24 | ...0.....>xK...$
01 03 00 00 80 01 00 01 80 02 0e 10 80 01 00 02 | ................
00 02 00 04 00 46 50 00 80 04 00 01 80 05 00 02 | .....FP.........
05 00 00 18 53 e8 3e 40 01 c5 64 9e 79 39 ea 39 | ....S.>@..d.y9.9
ab a6 0d 55 14 26 f1 49 05 00 00 10 04 00 00 00 | ...U.&.I........
c0 a8 64 00 ff ff ff 00 0b 00 00 10 04 00 00 00 | ..d.............
0a 01 f5 00 ff ff ff 00 00 00 00 1c 00 00 00 01 | ................
01 10 60 02 b7 e9 4e 56 4d c7 d9 2a b3 40 f6 5d | ..`...NVM..*.@.]
bc 96 49 67 | ..Ig
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (none)
MessageID: 7B9434D0
Length: 469762048
Payload Hash
Next Payload: Security Association
Reserved: 00
Payload Length: 24
Data:
3f 10 13 8a 47 5e 02 06 75 50 d3 43 26 14 5f 12
dd 0f 3c fa
Payload Security Association
Next Payload: Nonce
Reserved: 00
Payload Length: 60
DOI: IPsec
Situation:(SIT_IDENTITY_ONLY)
Payload Proposal
Next Payload: None
Reserved: 00
Payload Length: 48
Proposal #: 1
Protocol-Id: PROTO_IPSEC_ESP
SPI Size: 4
# of transforms: 1
SPI: ac 3e 78 4b
Payload Transform
Next Payload: None
Reserved: 00
Payload Length: 36
Transform #: 1
Transform-Id: ESP_3DES
Reserved2: 0000
Life Type: Seconds
Life Duration (Hex): 0e 10
Life Type: Kilobytes
Life Duration (Hex): 00 46 50 00
Encapsulation Mode: Tunnel
Authentication Algorithm: SHA1
Payload Nonce
Next Payload: Identification
Reserved: 00
Payload Length: 24
Data:
53 e8 3e 40 01 c5 64 9e 79 39 ea 39 ab a6 0d 55
14 26 f1 49
Payload Identification
Next Payload: Identification
Reserved: 00
Payload Length: 16
ID Type: IPv4 Subnet (4)
Protocol ID (UDP/TCP, etc...): 0
Port: 0
ID Data: DG-office/255.255.255.0
Payload Identification
Next Payload: Notification
Reserved: 00
Payload Length: 16
ID Type: IPv4 Subnet (4)
Protocol ID (UDP/TCP, etc...): 0
Port: 0
ID Data: Colo/255.255.255.0
Payload Notification
Next Payload: None
Reserved: 00
Payload Length: 28
DOI: IPsec
Protocol-ID: PROTO_ISAKMP
Spi Size: 16
Notify Type: STATUS_INITIAL_CONTACT
SPI:
b7 e9 4e 56 4d c7 d9 2a b3 40 f6 5d bc 96 49 67
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (Encryption)
MessageID: D034947B
Length: 196
IKE Recv RAW packet dump
b7 e9 4e 56 4d c7 d9 2a b3 40 f6 5d bc 96 49 67 | ..NVM..*.@.]..Ig
08 10 05 01 ee d1 a5 04 00 00 00 44 26 c1 f7 cc | ...........D&...
ec 14 8f 80 ff d0 08 ae ab 96 92 b3 56 2b 07 7c | ............V+.|
c5 e5 77 ec 2e 15 6e 56 d2 5d 33 37 4d fc bb 7d | ..w...nV.]37M..}
e8 98 2b c1 | ..+.
RECV PACKET from XXX.XXX.XXX.162
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: EED1A504
Length: 68
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: EED1A504
Length: 68
Payload Hash
Next Payload: Notification
Reserved: 00
Payload Length: 24
Data:
53 20 d4 29 bd 19 4a b1 f6 65 f7 c4 e8 6d 5c af
cf fa ea b5
Payload Notification
Next Payload: None
Reserved: 00
Payload Length: 16
DOI: IPsec
Protocol-ID: PROTO_IPSEC_ESP
Spi Size: 4
Notify Type: INVALID_ID_INFO
SPI: 00 00 00 00
Jul 16 10:37:07 [IKEv1]: IP = XXX.XXX.XXX.162, IKE_DECODE RECEIVED Message (msgid=eed1a504) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 68
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, processing hash payload
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, processing notify payload
Jul 16 10:37:07 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Received non-routine Notify message: Invalid ID info (18)
IKE Recv RAW packet dump
b7 e9 4e 56 4d c7 d9 2a b3 40 f6 5d bc 96 49 67 | ..NVM..*.@.]..Ig
08 10 20 01 a2 7b cd 29 00 00 00 ac 19 db 72 b1 | .. ..{.)......r.
04 b4 77 94 93 8c 06 d2 9e 67 f7 ab c1 23 19 74 | ..w......g...#.t
e5 f6 92 4a 61 7b 62 93 2e 75 18 b6 c3 53 89 74 | ...Ja{b..u...S.t
d7 f9 b3 2e 6d 0f 9e 9c 26 4a b0 1e 6d 05 be 7f | ....m...&J..m..
e1 60 fa f1 34 c9 af d8 5c dd b5 71 a9 8c 80 77 | .`..4...\..q...w
7a ad b4 2e 72 a9 df d2 d1 cd 61 a6 02 5c 08 4f | z...r.....a..\.O
74 18 3e db 0e 4e 9d 8b a2 03 48 c2 a3 9e 30 de | t.>..N....H...0.
d6 93 fb df 34 fc e4 9c 28 59 bb b8 a6 d9 62 4d | ....4...(Y....bM
35 8c c4 65 78 03 a6 db cc 7f 33 7e eb ff 9e b3 | 5..ex....3~....
6f 11 7b aa 56 cf 74 48 58 45 1c c0 | o.{.V.tHXE..
RECV PACKET from XXX.XXX.XXX.162
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (Encryption)
MessageID: A27BCD29
Length: 172
Jul 16 10:37:07 [IKEv1 DECODE]: IP = XXX.XXX.XXX.162, IKE Responder starting QM: msg id = a27bcd29
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (Encryption)
MessageID: A27BCD29
Length: 172
Payload Hash
Next Payload: Security Association
Reserved: 00
Payload Length: 24
Data:
9c 15 1c c7 d7 e6 b5 91 c6 8e 1b d6 b2 4c c7 63
ee 9f 60 3e
Payload Security Association
Next Payload: Nonce
Reserved: 00
Payload Length: 64
DOI: IPsec
Situation:(SIT_IDENTITY_ONLY)
Payload Proposal
Next Payload: None
Reserved: 00
Payload Length: 52
Proposal #: 1
Protocol-Id: PROTO_IPSEC_ESP
SPI Size: 4
# of transforms: 1
SPI: de 9f df a1
Payload Transform
Next Payload: None
Reserved: 00
Payload Length: 40
Transform #: 1
Transform-Id: ESP_3DES
Reserved2: 0000
Life Type: Seconds
Life Duration (Hex): 00 00 0e 10
Life Type: Kilobytes
Life Duration (Hex): 00 46 50 00
Encapsulation Mode: Tunnel
Authentication Algorithm: SHA1
Payload Nonce
Next Payload: Identification
Reserved: 00
Payload Length: 24
Data:
ed 0a 2d a8 d8 f0 80 aa c6 19 bf 9e bb d3 68 18
0c 40 15 96
Payload Identification
Next Payload: Identification
Reserved: 00
Payload Length: 16
ID Type: IPv4 Subnet (4)
Protocol ID (UDP/TCP, etc...): 0
Port: 0
ID Data: Colo/255.255.255.0
Payload Identification
Next Payload: None
Reserved: 00
Payload Length: 16
ID Type: IPv4 Subnet (4)
Protocol ID (UDP/TCP, etc...): 0
Port: 0
ID Data: 192.168.100.16/255.255.255.240
Jul 16 10:37:07 [IKEv1]: IP = XXX.XXX.XXX.162, IKE_DECODE RECEIVED Message (msgid=a27bcd29) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NONE (0) total length : 172
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, processing hash payload
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, processing SA payload
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, processing nonce payload
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, processing ID payload
Jul 16 10:37:07 [IKEv1 DECODE]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, ID_IPV4_ADDR_SUBNET ID received--10.1.245.0--255.255.255.0
Jul 16 10:37:07 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Received remote IP Proxy Subnet data in ID Payload: Address 10.1.245.0, Mask 255.255.255.0, Protocol 0, Port 0
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, processing ID payload
Jul 16 10:37:07 [IKEv1 DECODE]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, ID_IPV4_ADDR_SUBNET ID received--192.168.100.16--255.255.255.240
Jul 16 10:37:07 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Received local IP Proxy Subnet data in ID Payload: Address 192.168.100.16, Mask 255.255.255.240, Protocol 0, Port 0
Jul 16 10:37:07 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, QM IsRekeyed old sa not found by addr
Jul 16 10:37:07 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Static Crypto Map check, checking map = outside_map, seq = 1...
Jul 16 10:37:07 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Static Crypto Map check, map outside_map, seq = 1 is a successful match
Jul 16 10:37:07 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IKE Remote Peer configured for crypto map: outside_map
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, processing IPSec SA payload
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IPSec SA Proposal # 1, Transform # 1 acceptable Matches global IPSec SA entry # 1
Jul 16 10:37:07 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IKE: requesting SPI!
IPSEC: Received a PFKey message from IKE
IPSEC: Parsing PFKey GETSPI message
IPSEC: Creating IPsec SA
IPSEC: Getting the inbound SPI
IPSEC: New embryonic SA created @ 0x0406CF98,
SCB: 0x03E3BE78,
Direction: inbound
SPI : 0x8B032DDE
Session ID: 0x00000023
VPIF num : 0x00000002
Tunnel type: l2l
Protocol : esp
Lifetime : 240 seconds
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IKE got SPI from key engine: SPI = 0x8b032dde
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, oakley constucting quick mode
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing blank hash payload
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing IPSec SA payload
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing IPSec nonce payload
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing proxy ID
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Transmitting Proxy Id:
Remote subnet: 10.1.245.0 Mask 255.255.255.0 Protocol 0 Port 0
Local subnet: 192.168.100.16 mask 255.255.255.240 Protocol 0 Port 0
Jul 16 10:37:07 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing qm hash payload
Jul 16 10:37:07 [IKEv1 DECODE]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IKE Responder sending 2nd QM pkt: msg id = a27bcd29
Jul 16 10:37:07 [IKEv1]: IP = XXX.XXX.XXX.162, IKE_DECODE SENDING Message (msgid=a27bcd29) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NONE (0) total length : 168
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
b7 e9 4e 56 4d c7 d9 2a b3 40 f6 5d bc 96 49 67 | ..NVM..*.@.]..Ig
08 10 20 00 29 cd 7b a2 1c 00 00 00 01 00 00 18 | .. .).{.........
db fb e2 21 78 0a 66 2b b4 92 0f 63 80 bd ee b5 | ...!x.f+...c....
1a b6 be d1 0a 00 00 3c 00 00 00 01 00 00 00 01 | .......<........
00 00 00 30 01 03 04 01 8b 03 2d de 00 00 00 24 | ...0......-....$
01 03 00 00 80 01 00 01 80 02 0e 10 80 01 00 02 | ................
00 02 00 04 00 46 50 00 80 04 00 01 80 05 00
IKE Recv RAW packet dump
b7 e9 Jul 16 10:37:07 [IKEv1]IPSEC: New embryonic SA created @ 0x03F64B78,
SCB: 0x03F74178,
Direction: outbound
SPI : 0xDE9FDFA1
Session ID: 0x00000023
VPIF num : 0x00000002
Tunnel type: l2l
Protocol : esp
Lifetime : 240 seconds
IPSEC: Completed host OBSA update, SPI 0xDE9FDFA1
IPSEC: Creating outbound VPN context, SPI 0xDE9FDFA1
Flags: 0x00000005
SA : 0x03F64B78
SPI : 0xDE9FDFA1
MTU : 1500 bytes
VCID : 0x00000000
Peer : 0x00000000
SCB : 0x03F74178
Channel: 0x0174FC00
IPSEC: Increment SA NP ref counter for outbound SPI 0xDE9FDFA1, old value: 0, new value: 1, (ctm_ipsec_create_vpn_context:5166)
IPSEC: Completed outbound VPN context, SPI 0xDE9FDFA1
VPN handle: 0x053ADADC
IPSEC: Increment SA NP ref counter for outbound SPI 0xDE9FDFA1, old value: 1, new value: 2, (ctm_ipsec_create_acl_entry:4257)
Jul 16 10:37:09 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (Encryption)
MessageID: D034947B
Length: 196
Jul 16 10:37:15 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
Jul 16 10:37:18 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
Jul 16 10:37:21 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (Encryption)
MessageID: D034947B
Length: 196
Jul 16 10:37:27 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (Encryption)
MessageID: D034947B
Length: 196
Jul 16 10:37:39 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, QM FSM error (P2 struct &0x3f0cf28, mess id 0xd034947b)!
Jul 16 10:37:39 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IKE QM Initiator FSM error history (struct &0x3f0cf28) , : QM_DONE, EV_ERROR-->QM_WAIT_MSG2, EV_TIMEOUT-->QM_WAIT_MSG2, NullEvent-->QM_SND_MSG1, EV_SND_MSG-->QM_SND_MSG1, EV_START_TMR-->QM_SND_MSG1, EV_RESEND_MSG-->QM_WAIT_MSG2, EV_TIMEOUT-->QM_WAIT_MSG2, NullEvent
Jul 16 10:37:39 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, sending delete/delete with reason message
Jul 16 10:37:39 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing blank hash payload
Jul 16 10:37:39 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, construct_ipsec_delete(): No SPI to identify Phase 2 SA!
Jul 16 10:37:39 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IKE Deleting SA: Remote Proxy 10.1.245.0, Local Proxy 192.168.100.0
Jul 16 10:37:39 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Removing peer from correlator table failed, no match!
IPSEC: Received a PFKey message from IKE
IPSEC: Destroy current inbound SPI: 0xAC3E784B
Jul 16 10:37:39 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0xac3e784b
Jul 16 10:37:40 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
Jul 16 10:37:40 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IKE Initiator: New Phase 2, Intf inside, IKE Peer XXX.XXX.XXX.162 local Proxy Address 192.168.100.0, remote Proxy Address 10.1.245.0, Crypto map (outside_map)
Jul 16 10:37:40 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Oakley begin quick mode
Jul 16 10:37:40 [IKEv1 DECODE]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IKE Initiator starting QM: msg id = 51890662
IPSEC: Received a PFKey message from IKE
IPSEC: Parsing PFKey GETSPI message
IPSEC: Creating IPsec SA
IPSEC: Getting the inbound SPI
IPSEC: New embryonic SA created @ 0x03F0A668,
SCB: 0x03E6B0D0,
Direction: inbound
SPI : 0xF14B8E07
Session ID: 0x00000023
VPIF num : 0x00000002
Tunnel type: l2l
Protocol : esp
Lifetime : 240 seconds
Jul 16 10:37:40 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IKE got SPI from key engine: SPI = 0xf14b8e07
Jul 16 10:37:40 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, oakley constucting quick mode
Jul 16 10:37:40 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing blank hash payload
Jul 16 10:37:40 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing IPSec SA payload
Jul 16 10:37:40 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing IPSec nonce payload
Jul 16 10:37:40 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing proxy ID
Jul 16 10:37:40 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Transmitting Proxy Id:
Local subnet: 192.168.100.0 mask 255.255.255.0 Protocol 0 Port 0
Remote subnet: 10.1.245.0 Mask 255.255.255.0 Protocol 0 Port 0
Jul 16 10:37:40 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, constructing qm hash payload
Jul 16 10:37:40 [IKEv1 DECODE]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, IKE Initiator sending 1st QM pkt: msg id = 51890662
Jul 16 10:37:40 [IKEv1]: IP = XXX.XXX.XXX.162, IKE_DECODE SENDING Message (msgid=51890662) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NONE (0) total length : 168
BEFORE ENCRYPTION
RAW PACKET DUMP on SEND
b7 e9 4e 56 4d c7 d9 2a b3 40 f6 5d bc 96 49 67 | ..NVM..*.@.]..Ig
08 10 20 00 62 06 89 51 1c 00 00 00 01 00 00 18 | .. .b..Q........
d1 63 d0 1c f2 fe 51 54 ed 50 52 e5 15 97 11 61 | .c....QT.PR....a
bc cf 89 bf 0a 00 00 3c 00 00 00 01 00 00 00 01 | .......<........
00 00 00 30 01 03 04 01 f1 4b 8e 07 00 00 00 24 | ...0.....K.....$
01 03 00 00 80 01 00 01 80 02 0e 10 80 01 00 02 | ................
00 02 00 04 00 46 50 00 80 04 00 01 80 05 00 02 | .....FP.........
05 00 00 18 dc d3 97 00 48 5b e9 d4 05 af ef 1d | ........H[......
5c 3f bd b4 06 e5 ad 4c 05 00 00 10 04 00 00 00 | \?.....L........
c0 a8 64 00 ff ff ff 00 00 00 00 10 04 00 00 00 | ..d.............
0a 01 f5 00 ff ff ff 00 | ........
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (none)
MessageID: 62068951
Length: 469762048
Payload Hash
Next Payload: Security Association
Reserved: 00
Payload Length: 24
Data:
d1 63 d0 1c f2 fe 51 54 ed 50 52 e5 15 97 11 61
bc cf 89 bf
Payload Security Association
Next Payload: Nonce
Reserved: 00
Payload Length: 60
DOI: IPsec
Situation:(SIT_IDENTITY_ONLY)
Payload Proposal
Next Payload: None
Reserved: 00
Payload Length: 48
Proposal #: 1
Protocol-Id: PROTO_IPSEC_ESP
SPI Size: 4
# of transforms: 1
SPI: f1 4b 8e 07
Payload Transform
Next Payload: None
Reserved: 00
Payload Length: 36
Transform #: 1
Transform-Id: ESP_3DES
Reserved2: 0000
Life Type: Seconds
Life Duration (Hex): 0e 10
Life Type: Kilobytes
Life Duration (Hex): 00 46 50 00
Encapsulation Mode: Tunnel
Authentication Algorithm: SHA1
Payload Nonce
Next Payload: Identification
Reserved: 00
Payload Length: 24
Data:
dc d3 97 00 48 5b e9 d4 05 af ef 1d 5c 3f bd b4
06 e5 ad 4c
Payload Identification
Next Payload: Identification
Reserved: 00
Payload Length: 16
ID Type: IPv4 Subnet (4)
Protocol ID (UDP/TCP, etc...): 0
Port: 0
ID Data: DG-office/255.255.255.0
Payload Identification
Next Payload: None
Reserved: 00
Payload Length: 16
ID Type: IPv4 Subnet (4)
Protocol ID (UDP/TCP, etc...): 0
Port: 0
ID Data: Colo/255.255.255.0
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (Encryption)
MessageID: 51890662
Length: 172
IKE Recv RAW packet dump
b7 e9 4e 56 4d c7 d9 2a b3 40 f6 5d bc 96 49 67 | ..NVM..*.@.]..Ig
08 10 05 01 50 d5 d4 b3 00 00 00 44 6b 63 20 72 | ....P......Dkc r
fc 1c c8 af 22 61 8f ae f0 9c 5c 41 1d 80 b1 6e | ...."a....\A...n
75 46 65 1c 9d 8e 51 5b d0 f7 82 d8 88 9b 49 e9 | uFe...Q[......I.
42 5f a2 a8 | B_..
RECV PACKET from XXX.XXX.XXX.162
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 50D5D4B3
Length: 68
AFTER DECRYPTION
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Hash
Version: 1.0
Exchange Type: Informational
Flags: (Encryption)
MessageID: 50D5D4B3
Length: 68
Payload Hash
Next Payload: Notification
Reserved: 00
Payload Length: 24
Data:
a8 07 00 a6 3c 57 dd 50 49 a7 5e e0 55 ab 01 f3
65 29 9e 9b
Payload Notification
Next Payload: None
Reserved: 00
Payload Length: 16
DOI: IPsec
Protocol-ID: PROTO_IPSEC_ESP
Spi Size: 4
Notify Type: INVALID_ID_INFO
SPI: 00 00 00 00
Jul 16 10:37:40 [IKEv1]: IP = XXX.XXX.XXX.162, IKE_DECODE RECEIVED Message (msgid=50d5d4b3) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 68
Jul 16 10:37:40 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, processing hash payload
Jul 16 10:37:40 [IKEv1 DEBUG]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, processing notify payload
Jul 16 10:37:40 [IKEv1]: Group = XXX.XXX.XXX.162, IP = XXX.XXX.XXX.162, Received non-routine Notify message: Invalid ID info (18)
Jul 16 10:37:43 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
ISAKMP Header
Initiator COOKIE: b7 e9 4e 56 4d c7 d9 2a
Responder COOKIE: b3 40 f6 5d bc 96 49 67
Next Payload: Hash
Version: 1.0
Exchange Type: Quick Mode
Flags: (Encryption)
MessageID: 51890662
Length: 172
Jul 16 10:37:49 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0
VIREasa#
VIREasa# no debug crypto isakmp 255
VIREasa# no debug crypto ipsec 255
VIREasa# -
Hi!
We engaged in transportation vehicles Ford. Now we create a VPN tunnel with Ipsec support from Ford. VPN tunnel is raised on the basis of Linkys Befvp41. The tunnel is configured and connected. But in logs i see some errors. I don't know that errors. Log:
00:01:38 IKE[12] Tx >> MM_I1 : 0.0.0.0 Error !
00:02:00 IKE[12] Tx >> MM_I1 : 0.0.0.0 Error !
2012-06-05 18:51:40 IKE[12] Tx >> MM_I1 : 0.0.0.0 Error !
2012-06-05 18:52:10 IKE[12] Tx >> MM_I1 : 0.0.0.0 Error !
2012-06-05 18:52:40 IKE[12] Tx >> MM_I1 : 0.0.0.0 Error !
2012-06-05 18:53:10 IKE[12] Tx >> MM_I1 : 0.0.0.0 Error !
2012-06-05 18:53:35 IKE[1] Tx >> MM_I1 : 136.8.33.17 SA
2012-06-05 18:53:35 IKE[1] Rx << MM_R1 : 136.8.33.17 SA, VID
2012-06-05 18:53:35 IKE[1] ISAKMP SA CKI=[67face6c d8c78307] CKR=[b32f54b0 f73043dd]
2012-06-05 18:53:35 IKE[1] ISAKMP SA 3DES / SHA / PreShared / MODP_1024 / 86400 sec (*86400 sec)
2012-06-05 18:53:35 IKE[1] Tx >> MM_I2 : 136.8.33.17 KE, NONCE
2012-06-05 18:53:36 IKE[1] Rx << MM_R2 : 136.8.33.17 KE, NONCE, VID, VID, VID, VID
2012-06-05 18:53:36 IKE[1] Tx >> MM_I3 : 136.8.33.17 ID, HASH
2012-06-05 18:53:37 IKE[1] Rx << MM_R3 : 136.8.33.17 ID, HASH, VID
2012-06-05 18:53:37 IKE[1] Tx >> QM_I1 : 136.8.33.17 HASH, SA, NONCE, ID, ID
2012-06-05 18:53:37 IKE[1] Rx << QM_R1 : 136.8.33.17 HASH, SA, NONCE, ID, ID
2012-06-05 18:53:37 IKE[1] Tx >> QM_I2 : 136.8.33.17 HASH
2012-06-05 18:53:37 IKE[1] ESP_SA 3DES / SHA / 3600 sec (*3600 sec) / SPI=[65f2e68f:3b4694df]
2012-06-05 18:53:37 IKE[1] Set up ESP tunnel with 136.8.33.17 Success !
2012-06-05 18:53:40 IKE[12] Tx >> MM_I1 : 0.0.0.0 Error !
Further, I do not know how to set up Ipsec with support NAT, because Ford only works with white ip addresses on the Internet. Can you send some information to set up ipsec with nat? Thank you.Thank you for you replies there are 2 options either easy vpn client but it requires cisco at the other end ...or that one:
crypto keyring spokes
pre-shared-key address 0.0.0.0 0.0.0.0 key cisco123
crypto isakmp profile L2L
description LAN-to-LAN for spoke router(s) connection
keyring spokes
match identity address 0.0.0.0
here is the cisco url link where u can find further information about it:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801dddbb.shtml
I m gonna test those 2 options
I still don t know how to push acl with easy vpn client and remote mode.
thank you for your advices
regards,
alex
regards,
alex -
Hi Everybody
is there a doc or white paper that explain step by step how configure ipsec under solaris 10
Thankshttp://docs.sun.com
-
Dúvida no fluxo do processo de rejeição/recusa
Bom dia, pessoal,
Embora tenha participado de alguns projetos de nota fiscal eletrônica, uma coisa nunca ficou muito clara para mim. Estou em um novo projeto agora e eu queria fazer da melhor forma possível.
A primeira dúvida é sobre Recusa/Rejeição. Basicamente qual a diferença entre os dois? Eu sempre entendi que uma nota é rejeitada pela SEFAZ, e recusada pela validação do GRC ou do outro sistema de mensageria. Essa abordagem está correta?
A segunda dúvida é sobre essa mesma validação. Quando o GRC, ou outro sistema encontra erros de sintaxe do arquivo, ou de qualquer informação, qual deve ser o status dessa nota? Ela deve ficar como recusada? E o status de comunicação do sistema?
Quando uma nota fiscal está recusada, qual o melhor fluxo? Considerando que o erro foi apontado pelo sistema de mensageria e não pela SEFAZ, a nota fiscal não pode ser cancelada. O sistema também não permite o estorno da nota, nem mesmo depois de resetar seu status . Uma vez eu debuguei e vi que é porque ela está numerada.
Meu último problema é sobre inutilização. Alem do report, existe alguma outra forma de fazer a inutilização, direto pelo monitor? Penso em fazer isso justamente quando uma nota está recusada/rejeitada sem ter ido para o SEFAZ. Daí usaríamos a própria entrada dela, no monitor, para solicitar a inutilização da numeração.
É Isso...
Obrigado,
Fernando FussiBom dia Fernando,
Esta dúvida é comum principalmente que boa parte dos projetos (no início) não fez a implementação de NF-e por Support Package mas por aplicação de notas, então os termos originais Rejected and Denied foram traduzidos de forma diferente em cada projeto (a SAP só entrega traduções por SP), isso deu margem a boa confusão no tema.
A primeira dúvida é sobre Recusa/Rejeição. Basicamente qual a diferença entre os dois?
Existe rejeição (2xx, 4xx,999) e denegação (301 / 302)
- Na rejeição a Sefaz rejeita por algum dado incorreto e não deixa salvo no banco de dados dela, você deve tentar corrigir e enviar quantas vezes necessário
- Na denegação é uma situação específica que o emissor ou o destinatário estão com irregularidade fiscal junto à Receita, neste caso a NF-e é armazenada na base da Sefaz e não deve ser novamente enviada (o ERP ao receber a denegação dispara o cancelamento automaticamente)
Eu sempre entendi que uma nota é rejeitada pela SEFAZ, e recusada pela validação do GRC ou do outro sistema de mensageria. Essa abordagem está correta?
- Sim, a rejeição da validação é devido a algo que provocaria uma rejeição da Sefaz se enviado você também pode tentar acertar até passar pelo validador/Sefaz
A segunda dúvida é sobre essa mesma validação. Quando o GRC, ou outro sistema encontra erros de sintaxe do arquivo, ou de qualquer informação, qual deve ser o status dessa nota?Ela deve ficar como recusada? E o status de comunicação do sistema?
- Sim, rejeitado pelo validador MSS=V DOCSTAT=vazio (o ERP não considera que a rejeição do validador tem peso igual a validação da Sefaz, porém pro processo é a mesma coisa que no ERP tem status específicos)
Veja detalhes sobre status e situações aqui:
Status do SAP Nota Fiscal Eletrônica (ERP x GRC x PI)
ou em inglês:
NF-e Status on SAP Nota Fiscal Electronica Solution (ERP x GRC x PI)
Quando uma nota fiscal está recusada, qual o melhor fluxo? Considerando que o erro foi apontado pelo sistema de mensageria e não pela SEFAZ
- Em linhas gerais o fluxo básico seria RESET + tentar corrigir o que o GRC ou a Sefaz informaram + NF-e -> Send
, a nota fiscal não pode ser cancelada. O sistema também não permite o estorno da nota, nem mesmo depois de resetar seu status . Uma vez eu debuguei e vi que é porque ela está numerada.
- Em um ERP e GRC corretamente atualizado com os SP's e notas isso não é normal em cada caso a causa raiz deve ser encontrada e sanada com notas ou chamado à SAP
Meu último problema é sobre inutilização. Alem do report, existe alguma outra forma de fazer a inutilização, direto pelo monitor?
- Que report? O de encontrar gaps? Este report é para sanar um side effect quando os clientes não implementaram ainda o decouple. Hoje em dia todos os clientes devem implementar o decouple job para evitar vários transtornos como (gaps (já não dá mais medo), NF-e autorizada no GRC/Sefaz e não existe no ERP (isso é terrível), inconsistência de transmissão (dados obtidos em memória X dados obtidos do banco)....
- Inutilização é direto no monitor, que situação está descrevendo?
Penso em fazer isso justamente quando uma nota está recusada/rejeitada sem ter ido para o SEFAZ. Daí usaríamos a própria entrada dela, no monitor, para solicitar a inutilização da numeração.
- não entendi. Hoje uma nota Rejected seja pela Sefaz ou pelo validador deve ser cancelada pelo monitor J1BNFE. Entendi errado sua pergunta?
- Existe também uma nova funcionalidade "Cancel Prior Authorization" que permite o cancelamento de uma NF-e antes mesmo dela ter sido numerada
Atenciosamente, Fernando Da Ró -
Dúvida no Preenchimento dos campos PREFNO / CHECOD em NFS-e de SP
Olá Pessoal,
Estou a procura de informações sobre a solução para nota fiscal eletronica de serviços da prefeitura de São Paulo, pesquisando no forum pouco encontrei sobre a nota 981687 - NFe: For Services in Muncipio Sao Paulo.
A SAP disponibilizou os dois campos PREFNO / CHECOD para o numero da nota fiscal e código de verificação gerados pela prefeitura (uma vez que o SAP deve gerar o número da RPS), além de um report para geração do arquivo TXT e envio manual.
Minha dúvida é a seguinte:
1) Após enviar o arquivo para a prefeitura, são convertias as RPS em Notas Fiscais Eletronicas. Como armazenar as informações nos campos standards mencionados ? Existe um outro report que le o arquivo de retorno da prefeitura ?
Outra dúvida está na procura de uma sugestão, onde o RPS pode ter até 12 posições e o NFNUM do SAP apenas 6. Vcs estão utilizando outro campo Z para compor o numero maior ? Ou como esta fazendo quando o RPS atingir 999.999 ? Pensei en usar o NFENUM, mas teria o mesmo problema quando atingir o limite de 9 posições (999.999.999).
Muito obrigado pela atenção e ajuda.A_cristovao ,
Vamos ver se posso lhe ajudar em algo:
1) Após enviar o arquivo para a prefeitura, são convertias as RPS em Notas Fiscais Eletronicas. Como armazenar as informações nos campos standards mencionados ? Existe um outro report que le o arquivo de retorno da prefeitura ?
Resposta: Em alguns projetos que passei, consultei os abaps e sempre foi desenvolvido um programa Z para ler este arquivo e fazer um BDC na J1B2N, porem sua categoria de nota não dever ser eletrônica, aqueles dois campos flag no cabeçalho NF eletronica e NF servico, apenas o último(serviço) marcado para o BDC entrar e conseguir mapear o campo com o NFSe e cod verificador.
2) Outra dúvida está na procura de uma sugestão, onde o RPS pode ter até 12 posições e o NFNUM do SAP apenas 6. Vcs estão utilizando outro campo Z para compor o numero maior ? Ou como esta fazendo quando o RPS atingir 999.999 ? Pensei en usar o NFENUM, mas teria o mesmo problema quando atingir o limite de 9 posições (999.999.999).
Resposta: Esse estamos usando o NFNUM mesmo, não chegamos a nos preocupar com isso devido ser um volume baixo de NFS, talvez um chamado no componente XX-CSC-BR-NFE lhe ajude.
Abraço,
Bruno Lima -
Dúvida no cancelamento de uma NFe Rejeitada
Boa tarde a todos,
Estou com uma dúvida quanto ao processo de cancelamento de uma NFe rejeitada e agradeço antecipadamente a colaboração dos colegas aqui do forum que possam ter passado por situação semelhante.
Temos o seguinte cenário: implementação SAP ECC 6.0 (SP13), já foram aplicadas uma série de notas dos SP14, SP15 e SP16 para resolver outros problemas que surgiram ao longo do projeto. O sistema de mensageria não é o GRC SAP, o cliente optou pela solução da Mastersaf.
O problema ocorre quando o usuário cancela uma NFe (opção "Solicitar Estorno") que está rejeitada pela validação da mensageria (NFe sem CPF do cliente, por exemplo). Como esta NFe não foi enviada à SEFAZ, o sistema interpreta o cancelamento como uma inutilização de número. Até este ponto tudo perfeito, o procedimento é correto, segundo nosso entendimento. O problema é que ao consultar a inutilização, tanto no sistema Mastersaf quanto na SEFAZ, o número inutilizado foi o número aleatório (DOCNUM9) e não o número da NFe (NFENUM).
Debugando a rotina, descobrimos que o "problema" está no módulo de função J_1B_NFE_SEND_REQUESTS, onde há uma linha onde a rotina move o número aleatório para a estrutura que irá gerar o XML para a mensageria ("xmlh-nnf = ls_acttab-docnum9.").
A pergunta é se isso está correto ou se é um bug da função? Procurei por alguma nota OSS que tratasse isso mas não encontrei nada.
Vocês já se depararam com essa situação?
Um abraço,
Rinaldo ConteBom dia Rinaldo,
Talvez este problema esteja limitado ao R/3 NFe x MasterSAF. Como a interface chamada é a de inutilização, entende-se que já ocorreu uma tentativa de envio ( o que envia o NNF corretamente ). Então ao solicitar a inutilização a mensageria poderia partir deste NNF correto para proceder a inutilização.
De qualquer forma, parece que você encontrou um bug no envio de dados à interface de inutilização.
Discuta este ponto com o fornecedor da mensageria, pode ser necessário abrir chamado à SAP para modificação.
Atenciosamente,
Fernando Da Ró -
Bom dia pessoal,
Estou com uma dúvida aqui:
Estamos implementando o cenário B2B para notas de entrada. O cenário NFB2B_WebAS_Inbound_B2B_NFe, será implementado para pegar arquivos XML de um diretório X da rede.
Gostaria de confirmar se, os dados do XML serão armazenados diretamente na tabela /XNFE/XMLIN. O proxy para este cenário está implementado diretamente pelo pacote SLL-NFE ?
Precisaremos também, dar entrada nas NFes a partir dos XMLs. Será necessário fazer um XSLT Transformation para utilizar os dados armazenados na string da tabela /XNFE/XMLIN (para enviá-los ao R/3) ?
Estamos na versão 1.0.
Abraços e muito obrigada,
Luciana RossanOlá Luciana,
sim, existe um proxy standard para entrada (recebimento) dos XMLs no NFE 1.0 e, sim, se vc entra o XML por esse proxy ele já armazena o documento.
Quanto à entrada no ERP, aconselho a considerar a implementação do SAP NFE Incoming (módulo de recebimento automatico) incluído no NFE 10.0. Veja mais detalhes aqui:
Abs,
Henrique. -
Dúvida sobre a fase de processamento em paralelo
Boa tarde pessoal,
Estou configurando / testando o processo de geração de XML em paralelo à NF modelo 1. Meu cenário aqui no cliente é a geração do XML no ECC 6.0, SP13, com a mensageria Mastersaf.
Segui os passos descritos na documentação oficial da SAP, criando um tipo de mensagem que dispara a impressão da NF tradicional e adicionalmente executa o programa J_1BNFEXMLOUTPARALLEL. Também foram aplicadas as notas SAP relevantes para o processo, 1. 1238295 / 2. 1240212 / 3. 1255450 / 4. 1257030 / 5. 1254565 / 6. 1276438.
O XML está sendo gerado com sucesso e o sistema Mastersaf está recebendo o arquivo perfeitamente e enviando-o à SEFAZ com êxito.
A partir daí começaram minhas dúvidas:
1. Como vou monitorar o processo no ECC, pois no momento da geração do XML, nenhuma informação é armazenada na tabela J_1BNFE_ACTIVE. Será que está faltando alguma configuração ou nota a ser aplicada? Busquei informações a respeito no help da SAP, mas não encontrei nada.
2. Percebi também que o XML de entrada está gerando uma entrada na tabela J_1BNFE_INVALID. Ok, faz todo o sentido, pois como o RFC não encontrou o registro na tabela J_1BNFE_ACTIVE, ele grava erro nesta tabela de inválidos. Será que é por esta tabela que irei monitorar o processo? Terei que gerar uma consulta (abap ou query) para disponibilizar ao usuário?
Toda ajuda é benvinda, obrigado antecipadamente.
Rinaldo ConteBom dia Rinaldo,
Suas considerações sobre o paralelo no R/3 estão corretas. Processos completos de emissão, impressão, cancelamento/inutilização só são suportados fora do paralelo.
A fase de emissão em paralelo que consiste em NF modelo 1/1A oficial com transmissão da NF como se fosse NF-e à Sefaz homologação não é controlado pelo R/3.
Serve para você simular o funcionamento do R/3 e mensageria em ambiente produtivo (cliente) com Sefaz (homologação). Neste caso, as mensagens não devem ser reenviadas ao R/3 pois serão todas recusadas.
A tabela J_1BNFE_INVALID contém todas as linhas recusadas pelo R/3, no caso, linhas de paralelo irão 100% para ela.
Minha sugestão é que você utilize a fase paralelo para treinar a equipe no trato com problemas de entrega/processamento à Sefaz e ponto. Nada em relação ao R/3.
Atenciosamente,
Fernando Da Ró -
Bom dia ALL,
Tenho algumas dúvidas a levantar em relação ao B2B - XML Email.
Primeiro ponto)
Caso o fornecedor envie uma nota fiscal que esta em duplicidade, usando ou não a solução GRC, vou receber duas vezes na caixa de e-mail ? Se isso acontecer, vou possuir dois registros iguais no monitor de B2B ?
Segundo ponto)
Caso o cliente reenvie os e-mails, o PI vai reler os arquivos xml´s na caixa de email, e isso vai me gerar duplidicade no monitor de B2B ? Ou vai cobrir o registro antigo ? Pois a chave de acesso vai ser a mesma , apenas os horários diferentes.
Terceiro ponto)
Caso o cliente me envie um e-mail com 5 xml´s em anexo, o PI verifica apenas um arquivo XML ou verifica todos e os registras no monitor de B2B ?
Se o cliente enviar 5 arquivos em anexo, é possível abrir cada arquivo ? Se for, precisa fazer alguma configuração de module ? Qual ?
Obrigado atenção.
Atenciosamente,O problema maior é que sao tantos "IFs" que acaba sendo praticamente impossivel tratar isso de maneira simples em um unico canal de comunicacao, usando apenas os modules/adapter standard.
Pra ter um tratamento geral, que consiga processar independente de como veio (1 ou + XMLs, zipado, etc.), vc vai precisar desenvolver um module que vai fazendo essa sequencia de IFs (inclusive, pode ateh incluir uma validacao pra ver se o XML é um XML valido de NFe).
Abs,
Henrique. -
VPN IPSEC - Contabilizar a utilização
Vocês saberiam me responder como faço para contabilizar o período de utilização de uma VPN IPSEC entre dois roteadores Cisco?
Antecipadamente grata,
AlineVocês saberiam me responder como faço para contabilizar o período de utilização de uma VPN IPSEC entre dois roteadores Cisco?
Antecipadamente grata,
Aline -
Dúvida - Classe de avaliação para bens não avaliados
Prezados,
Estamos com dúvidas em relação a necessidade de cadastro de classe de avaliação para bens não avaliados.
Estes tipos de materiais não avaliados (uso/consumo) precisam do cadastro da classe de avaliação?
Obrigado.Oi Raphael
Para determinar a classe de avaliação pelo grupo de mercadoria caso o material não tenha classe de avaliação definida na visão de contabilidade... utilize a tcode OMQW.
Dependente do objeto de classificação contábil.. FS00.
Abraço
Eduardo Chagas -
IPSec tunnel on sub-interface on ASA 5510
Hello All,
I working on a security solution using ASA firewall and need some technical advice on ASA. Is it possible to setup a IPSec tunnels on each subinterface of a physical interface on ASA 5510?
I would be greatul if someone please reply post this with some details.
Regards,
MudsHi Jennifer,
Thanks very much for your reply. I understand where you coming from, but the reason of using sub-interfaces is that, we have only one physical interface on the firewall connected to the MPLS cloud, and we need to setup a seperate IPSec tunnels for each client for security and integrity. In the current scenario, I have static peers and we can easily setup a static route to peer address.
Many thanks for your assistance, please feel free to to advise if you have any other suggestion.
Regards,
Muds -
Looking for help to set up l2tp Ipsec vpn on asa 5055
I am trying to set up a L2tp Ipsec vpn on asa 5055 and I am using windows 8.1 build in VPN client to connect to it. I got the following error. Anyone has experence please help.
Apr 17 22:48:21 [IKEv1]Group = DefaultRAGroup, IP = 209.171.88.81, All IPSec SA proposals found unacceptable!
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, sending notify message
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, constructing blank hash payload
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, constructing ipsec notify payload for msg id 1
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, constructing qm hash payload
Apr 17 22:48:21 [IKEv1]IP = 209.171.88.81, IKE_DECODE SENDING Message (msgid=6a50f8f9) with payloads : HDR + HASH (8) + NOTIFY (11) + NONE (0) total length : 84
Apr 17 22:48:21 [IKEv1]Group = DefaultRAGroup, IP = 209.171.88.81, QM FSM error (P2 struct &0xad6946b8, mess id 0x1)!
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, IKE QM Responder FSM error history (struct &0xad6946b8) <state>, <event>: QM_DONE, EV_ERROR-->QM_BLD_MSG2,
EV_NEGO_SA-->QM_BLD_MSG2, EV_IS_REKEY-->QM_BLD_MSG2, EV_CONFIRM_SA-->QM_BLD_MSG2, EV_PROC_MSG-->QM_BLD_MSG2, EV_HASH_OK-->QM_BLD_MSG2, NullEvent-->QM_BLD_MSG2,
EV_COMP_HASH
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, sending delete/delete with reason message
Apr 17 22:48:21 [IKEv1]Group = DefaultRAGroup, IP = 209.171.88.81, Removing peer from correlator table failed, no match!
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, IKE SA MM:d8870fa5 rcv'd Terminate: state MM_ACTIVE flags 0x00000042, refcnt 1, tuncnt 0
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, IKE SA MM:d8870fa5 terminating: flags 0x01000002, refcnt 0, tuncnt 0
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, sending delete/delete with reason message
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, constructing blank hash payload
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, constructing IKE delete payload
Apr 17 22:48:21 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = 209.171.88.81, constructing qm hash payload
Apr 17 22:48:21 [IKEv1]IP = 209.171.88.81, IKE_DECODE SENDING Message (msgid=232654dc) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Apr 17 22:48:21 [IKEv1]Group = DefaultRAGroup, IP = 209.171.88.81, Session is being torn down. Reason: Phase 2 Mismatch
I am new to this so I don't know what I should do next. ThanksHere it is. Thanks.
CL-T179-12IH# show run crypto
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA ESP-DES-SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-SHA-TRANS ESP-DES-SHA-TRANS
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint vpn
enrollment self
subject-name CN=174.142.90.17
crl configure
crypto ca trustpool policy
crypto ca certificate chain vpn
certificate 2d181c55
308201ff 30820168 a0030201 0202042d 181c5530 0d06092a 864886f7 0d010105
05003044 31163014 06035504 03130d31 37342e31 34322e39 302e3137 312a3028
06092a86 4886f70d 01090216 1b434c2d 54313739 2d313249 482e7072 69766174
65646e73 2e636f6d 301e170d 31353034 31363033 31393439 5a170d32 35303431
33303331 3934395a 30443116 30140603 55040313 0d313734 2e313432 2e39302e
3137312a 30280609 2a864886 f70d0109 02161b43 4c2d5431 37392d31 3249482e
70726976 61746564 6e732e63 6f6d3081 9f300d06 092a8648 86f70d01 01010500
03818d00 30818902 818100bf 797d1cc1 cfffc634 8c3b2a4b ce27b1c9 3fc3e026
4f6cd8f4 c9675aca b5176cef 7f3df142 35ba4e15 2613d34c 91bb5da3 14b34b6c
71e4ff44 f129046f 7f91e73f 2c9d42f9 93001559 ea6c71c1 1a848073 15da79f7
a41081ee b4cd3cc3 baa7a272 3a5fb32d 66dedee6 5994d4b2 ad9d7489 44ec9eb9
44038a2a 817e935f 1bb7ad02 03010001 300d0609 2a864886 f70d0101 05050003
8181002c 6cee9ae7 a037698a 5690aca1 f01c87db 04d9cbc6 65bda6dc a17fc4b6
b1fd419e 56df108f b06edfe6 ab5a5eb3 5474a7fe 58970da3 23e6bc6e 36ab8f62
d5c442bf 43581eb3 26b8cf26 6a667a8b ddd25a73 a094f0d0 65092ff8 d2a644d8
3d7da7ca efeb9e2f 84807fdf 0cf3d75e bcb65ba4 7b51cb49 f912f516 f95b5d86
da0e01
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside client-services port 443
crypto ikev2 remote-access trustpoint vpn
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
Maybe you are looking for
-
How can I resize my iTunes window if it's stuck?
Hi, Ever since I switched to the 15-inch Macbook Pro, my iTunes window doesn't fit in the actual screen and cuts off half way, showing only half of iTunes at a time. Because of this, I can't use the bottom-right corner to adjust it to the size I want
-
Change Location of Database at Runtime for Report based on a Command
Post Author: srr CA Forum: Crystal Reports I am using Crystal Reports Developer XI 11.5.8.826 - My database is MS Access 2003 I have created a report definition that is based on a query of multiple tables in the database, which is saved in Crystal Re
-
Hi I do have a strange problem. At F.01 whenever I run the report for Chart of Accounts ABCD,company code ABC & income statement CC02 the result is good.We can see the groupings and at the end of the summary there is income/loss for the company. But
-
Document Evaluations - Usage value MC45
Hi We are on R/3 Enterprise 470 and I am trying to get the Usage Value MC45 to give me valid results as we are using MC40 ABC to drive cycle counting. We seem to have OMJJ set up correctly against each movement type so as to update data for Document
-
Adobe Acrobat XI: Error Adobe Acrobat is not activated. Cannot create PDF File.
After installing Acrobat XI Pro on Windows 7 Ent. w/Office 2010. From MS Word, select Save as PDF, I recieve "Adobe Acrobat is not activated. Cannot create PDF file." Any and all troubleshooting has failed. Uninstall Acrobat, language packs, re-insta