API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 24th, 2015
970
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 78.28 KB | None | 0 0
raw download clone embed print report
  1. Sep 24 21:48:25 [IKEv1]IKE Receiver: Packet received on 192.168.2.120:500 from 192.168.2.100:500
  2.  
  3.  
  4. IKEv1 Recv RAW packet dump
  5. c1 99 fe 96 b6 55 28 24 00 00 00 00 00 00 00 00 | .....U($........
  6. 01 10 04 00 00 00 00 00 00 00 02 f8 04 00 01 24 | ...............$
  7. 00 00 00 01 00 00 00 01 00 00 01 18 01 01 00 08 | ................
  8. 03 00 00 24 01 01 00 00 80 0b 00 01 80 0c 0e 10 | ...$............
  9. 80 01 00 07 80 0e 01 00 80 03 fd e9 80 02 00 02 | ................
  10. 80 04 00 02 03 00 00 24 02 01 00 00 80 0b 00 01 | .......$........
  11. 80 0c 0e 10 80 01 00 07 80 0e 00 80 80 03 fd e9 | ................
  12. 80 02 00 02 80 04 00 02 03 00 00 24 03 01 00 00 | ...........$....
  13. 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 0e 01 00 | ................
  14. 80 03 fd e9 80 02 00 01 80 04 00 02 03 00 00 24 | ...............$
  15. 04 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | ................
  16. 80 0e 00 80 80 03 fd e9 80 02 00 01 80 04 00 02 | ................
  17. 03 00 00 20 05 01 00 00 80 0b 00 01 80 0c 0e 10 | ... ............
  18. 80 01 00 05 80 03 fd e9 80 02 00 02 80 04 00 02 | ................
  19. 03 00 00 20 06 01 00 00 80 0b 00 01 80 0c 0e 10 | ... ............
  20. 80 01 00 05 80 03 fd e9 80 02 00 01 80 04 00 02 | ................
  21. 03 00 00 20 07 01 00 00 80 0b 00 01 80 0c 0e 10 | ... ............
  22. 80 01 00 01 80 03 fd e9 80 02 00 02 80 04 00 02 | ................
  23. 00 00 00 20 08 01 00 00 80 0b 00 01 80 0c 0e 10 | ... ............
  24. 80 01 00 01 80 03 fd e9 80 02 00 01 80 04 00 02 | ................
  25. 0a 00 00 84 04 d6 ef a4 7b dc d0 f7 84 2c 6c dc | ........{....,l.
  26. e5 8c 74 0e 98 b4 b7 7f f9 7f 5e f7 cc e3 45 fb | ..t.....^...E.
  27. 8e 4e 3b d1 cd f4 35 b2 bd e8 5f 0b 9b 56 e1 97 | .N;...5..._..V..
  28. ed 4b 29 f8 7c a9 00 5c 58 d3 c8 2f 29 19 4a e1 | .K).|..\X../).J.
  29. c6 8c c1 f9 17 4d 28 d1 28 4b b2 85 dd c9 e9 e0 | .....M(.(K......
  30. ca d9 e0 3d bf d5 26 c2 79 b7 cc 84 03 49 15 0c | ...=..&.y....I..
  31. 31 29 2e 78 07 21 e4 f3 67 29 7b 16 2b 35 48 72 | 1).x.!..g){.+5Hr
  32. 5b 7d 8d 51 ed f7 e3 33 25 76 1a 67 b0 ec 5b db | [}.Q...3%v.g..[.
  33. f2 4f 86 d6 05 00 00 14 9e 84 68 ac 88 f9 bd 6b | .O........h....k
  34. f1 ec 52 80 9e 92 d5 d4 0d 00 00 0c 0b 00 00 00 | ..R.............
  35. 74 65 73 74 0d 00 00 18 40 48 b7 d5 6e bc e8 85 | [email protected]...
  36. 25 e7 de 7f 00 d6 c2 d3 80 00 00 00 0d 00 00 14 | %..............
  37. 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | J.....XE\W(...E/
  38. 0d 00 00 14 4d f3 79 28 e9 fc 4f d1 b3 26 21 70 | ....M.y(..O..&!p
  39. d5 15 c6 62 0d 00 00 14 8f 8d 83 82 6d 24 6b 6f | ...b........m$ko
  40. c7 a8 a6 a4 28 c1 1d e8 0d 00 00 14 43 9b 59 f8 | ....(.......C.Y.
  41. ba 67 6c 4c 77 37 ae 22 ea b8 f5 82 0d 00 00 14 | .glLw7."........
  42. 4d 1e 0e 13 6d ea fa 34 c4 f3 ea 9f 02 ec 72 85 | M...m..4......r.
  43. 0d 00 00 14 80 d0 bb 3d ef 54 56 5e e8 46 45 d4 | .......=.TV^.FE.
  44. c8 5c e3 ee 0d 00 00 14 99 09 b6 4e ed 93 7c 65 | .\.........N..|e
  45. 73 de 52 ac e9 52 fa 6b 0d 00 00 14 7d 94 19 a6 | s.R..R.k....}...
  46. 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 0d 00 00 14 | S..o,....R.V....
  47. cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 | .`FC5.!.|...h..H
  48. 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 | ........>.in.c..
  49. ec 42 7b 1f 0d 00 00 0c 09 00 26 89 df d6 b7 12 | .B{.......&.....
  50. 0d 00 00 14 12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 | ........Eqh.p-..
  51. 74 cc 01 00 00 00 00 14 af ca d7 13 68 a1 f1 c9 | t...........h...
  52. 6b 86 96 fc 77 57 01 00 | k...wW..
  53.  
  54. RECV PACKET from 192.168.2.100
  55. ISAKMP Header
  56. Initiator COOKIE: c1 99 fe 96 b6 55 28 24
  57. Responder COOKIE: 00 00 00 00 00 00 00 00
  58. Next Payload: Security Association
  59. Version: 1.0
  60. Exchange Type: Aggressive Mode
  61. Flags: (none)
  62. MessageID: 00000000
  63. Length: 4160880640
  64. Payload Security Association
  65. Next Payload: Key Exchange
  66. Reserved: 00
  67. Payload Length: 292
  68. DOI: IPsec
  69. Situation:(SIT_IDENTITY_ONLY)
  70. Payload Proposal
  71. Next Payload: None
  72. Reserved: 00
  73. Payload Length: 280
  74. Proposal #: 1
  75. Protocol-Id: PROTO_ISAKMP
  76. SPI Size: 0
  77. # of transforms: 8
  78. Payload Transform
  79. Next Payload: Transform
  80. Reserved: 00
  81. Payload Length: 36
  82. Transform #: 1
  83. Transform-Id: KEY_IKE
  84. Reserved2: 0000
  85. Life Type: seconds
  86. Life Duration (Hex): 0e 10
  87. Encryption Algorithm: AES-CBC
  88. Key Length: 256
  89. Authentication Method: XAUTH_INIT_PRESHRD
  90. Hash Algorithm: SHA1
  91. Group Description: Group 2
  92. Payload Transform
  93. Next Payload: Transform
  94. Reserved: 00
  95. Payload Length: 36
  96. Transform #: 2
  97. Transform-Id: KEY_IKE
  98. Reserved2: 0000
  99. Life Type: seconds
  100. Life Duration (Hex): 0e 10
  101. Encryption Algorithm: AES-CBC
  102. Key Length: 128
  103. Authentication Method: XAUTH_INIT_PRESHRD
  104. Hash Algorithm: SHA1
  105. Group Description: Group 2
  106. Payload Transform
  107. Next Payload: Transform
  108. Reserved: 00
  109. Payload Length: 36
  110. Transform #: 3
  111. Transform-Id: KEY_IKE
  112. Reserved2: 0000
  113. Life Type: seconds
  114. Life Duration (Hex): 0e 10
  115. Encryption Algorithm: AES-CBC
  116. Key Length: 256
  117. Authentication Method: XAUTH_INIT_PRESHRD
  118. Hash Algorithm: MD5
  119. Group Description: Group 2
  120. Payload Transform
  121. Next Payload: Transform
  122. Reserved: 00
  123. Payload Length: 36
  124. Transform #: 4
  125. Transform-Id: KEY_IKE
  126. Reserved2: 0000
  127. Life Type: seconds
  128. Life Duration (Hex): 0e 10
  129. Encryption Algorithm: AES-CBC
  130. Key Length: 128
  131. Authentication Method: XAUTH_INIT_PRESHRD
  132. Hash Algorithm: MD5
  133. Group Description: Group 2
  134. Payload Transform
  135. Next Payload: Transform
  136. Reserved: 00
  137. Payload Length: 32
  138. Transform #: 5
  139. Transform-Id: KEY_IKE
  140. Reserved2: 0000
  141. Life Type: seconds
  142. Life Duration (Hex): 0e 10
  143. Encryption Algorithm: 3DES-CBC
  144. Authentication Method: XAUTH_INIT_PRESHRD
  145. Hash Algorithm: SHA1
  146. Group Description: Group 2
  147. Payload Transform
  148. Next Payload: Transform
  149. Reserved: 00
  150. Payload Length: 32
  151. Transform #: 6
  152. Transform-Id: KEY_IKE
  153. Reserved2: 0000
  154. Life Type: seconds
  155. Life Duration (Hex): 0e 10
  156. Encryption Algorithm: 3DES-CBC
  157. Authentication Method: XAUTH_INIT_PRESHRD
  158. Hash Algorithm: MD5
  159. Group Description: Group 2
  160. Payload Transform
  161. Next Payload: Transform
  162. Reserved: 00
  163. Payload Length: 32
  164. Transform #: 7
  165. Transform-Id: KEY_IKE
  166. Reserved2: 0000
  167. Life Type: seconds
  168. Life Duration (Hex): 0e 10
  169. Encryption Algorithm: DES-CBC
  170. Authentication Method: XAUTH_INIT_PRESHRD
  171. Hash Algorithm: SHA1
  172. Group Description: Group 2
  173. Payload Transform
  174. Next Payload: None
  175. Reserved: 00
  176. Payload Length: 32
  177. Transform #: 8
  178. Transform-Id: KEY_IKE
  179. Reserved2: 0000
  180. Life Type: seconds
  181. Life Duration (Hex): 0e 10
  182. Encryption Algorithm: DES-CBC
  183. Authentication Method: XAUTH_INIT_PRESHRD
  184. Hash Algorithm: MD5
  185. Group Description: Group 2
  186. Payload Key Exchange
  187. Next Payload: Nonce
  188. Reserved: 00
  189. Payload Length: 132
  190. Data:
  191. 04 d6 ef a4 7b dc d0 f7 84 2c 6c dc e5 8c 74 0e
  192. 98 b4 b7 7f f9 7f 5e f7 cc e3 45 fb 8e 4e 3b d1
  193. cd f4 35 b2 bd e8 5f 0b 9b 56 e1 97 ed 4b 29 f8
  194. 7c a9 00 5c 58 d3 c8 2f 29 19 4a e1 c6 8c c1 f9
  195. 17 4d 28 d1 28 4b b2 85 dd c9 e9 e0 ca d9 e0 3d
  196. bf d5 26 c2 79 b7 cc 84 03 49 15 0c 31 29 2e 78
  197. 07 21 e4 f3 67 29 7b 16 2b 35 48 72 5b 7d 8d 51
  198. ed f7 e3 33 25 76 1a 67 b0 ec 5b db f2 4f 86 d6
  199. Payload Nonce
  200. Next Payload: Identification
  201. Reserved: 00
  202. Payload Length: 20
  203. Data:
  204. 9e 84 68 ac 88 f9 bd 6b f1 ec 52 80 9e 92 d5 d4
  205. Payload Identification
  206. Next Payload: Vendor ID
  207. Reserved: 00
  208. Payload Length: 12
  209. ID Type: ID_KEY_ID (11)
  210. Protocol ID (UDP/TCP, etc...): 0
  211. Port: 0
  212. ID Data: test
  213. Payload Vendor ID
  214. Next Payload: Vendor ID
  215. Reserved: 00
  216. Payload Length: 24
  217. Data (In Hex):
  218. 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
  219. 80 00 00 00
  220. Payload Vendor ID
  221. Next Payload: Vendor ID
  222. Reserved: 00
  223. Payload Length: 20
  224. Data (In Hex):
  225. 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
  226. Payload Vendor ID
  227. Next Payload: Vendor ID
  228. Reserved: 00
  229. Payload Length: 20
  230. Data (In Hex):
  231. 4d f3 79 28 e9 fc 4f d1 b3 26 21 70 d5 15 c6 62
  232. Payload Vendor ID
  233. Next Payload: Vendor ID
  234. Reserved: 00
  235. Payload Length: 20
  236. Data (In Hex):
  237. 8f 8d 83 82 6d 24 6b 6f c7 a8 a6 a4 28 c1 1d e8
  238. Payload Vendor ID
  239. Next Payload: Vendor ID
  240. Reserved: 00
  241. Payload Length: 20
  242. Data (In Hex):
  243. 43 9b 59 f8 ba 67 6c 4c 77 37 ae 22 ea b8 f5 82
  244. Payload Vendor ID
  245. Next Payload: Vendor ID
  246. Reserved: 00
  247. Payload Length: 20
  248. Data (In Hex):
  249. 4d 1e 0e 13 6d ea fa 34 c4 f3 ea 9f 02 ec 72 85
  250. Payload Vendor ID
  251. Next Payload: Vendor ID
  252. Reserved: 00
  253. Payload Length: 20
  254. Data (In Hex):
  255. 80 d0 bb 3d ef 54 56 5e e8 46 45 d4 c8 5c e3 ee
  256. Payload Vendor ID
  257. Next Payload: Vendor ID
  258. Reserved: 00
  259. Payload Length: 20
  260. Data (In Hex):
  261. 99 09 b6 4e ed 93 7c 65 73 de 52 ac e9 52 fa 6b
  262. Payload Vendor ID
  263. Next Payload: Vendor ID
  264. Reserved: 00
  265. Payload Length: 20
  266. Data (In Hex):
  267. 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56
  268. Payload Vendor ID
  269. Next Payload: Vendor ID
  270. Reserved: 00
  271. Payload Length: 20
  272. Data (In Hex):
  273. cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48
  274. Payload Vendor ID
  275. Next Payload: Vendor ID
  276. Reserved: 00
  277. Payload Length: 20
  278. Data (In Hex):
  279. 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f
  280. Payload Vendor ID
  281. Next Payload: Vendor ID
  282. Reserved: 00
  283. Payload Length: 12
  284. Data (In Hex): 09 00 26 89 df d6 b7 12
  285. Payload Vendor ID
  286. Next Payload: Vendor ID
  287. Reserved: 00
  288. Payload Length: 20
  289. Data (In Hex):
  290. 12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 74 cc 01 00
  291. Payload Vendor ID
  292. Next Payload: None
  293. Reserved: 00
  294. Payload Length: 20
  295. Data (In Hex):
  296. af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
  297. Sep 24 21:48:25 [IKEv1]IP = 192.168.2.100, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 760
  298. Sep 24 21:48:25 [IKEv1 DEBUG]IP = 192.168.2.100, processing SA payload
  299. Sep 24 21:48:25 [IKEv1 DEBUG]IP = 192.168.2.100, processing ke payload
  300. Sep 24 21:48:25 [IKEv1 DEBUG]IP = 192.168.2.100, processing ISA_KE payload
  301. Sep 24 21:48:25 [IKEv1 DEBUG]IP = 192.168.2.100, processing nonce payload
  302. Sep 24 21:48:25 [IKEv1 DEBUG]IP = 192.168.2.100, processing ID payload
  303. Sep 24 21:48:25 [IKEv1 DEBUG]IP = 192.168.2.100, processing VID payload
  304. Sep 24 21:48:25 [IKEv1 DEBUG]IP = 192.168.2.100, Received Fragmentation VID
  305. Sep 24 21:48:25 [IKEv1 DEBUG]IP = 192.168.2.100, IKE Peer included IKE fragmentation capability flags: Main Mode: True Aggressive Mode: False
  306. Sep 24 21:48:25 [IKEv1 DEBUG]IP = 192.168.2.100, processing VID payload
  307. Sep 24 21:48:25 [IKEv1 DEBUG]IP = 192.168.2.100, Received NAT-Traversal RFC VID
  308. Sep 24 21:48:25 [IKEv1 DEBUG]IP = 192.168.2.100, processing VID payload
  309. Sep 24 21:48:25 [IKEv1 DEBUG]IP = 192.168.2.100, processing VID payload
  310. Sep 24 21:48:25 [IKEv1 DEBUG]IP = 192.168.2.100, processing VID payload
  311. Sep 24 21:48:25 [IKEv1 DEBUG]IP = 192.168.2.100, processing VID payload
  312. Sep 24 21:48:25 [IKEv1 DEBUG]IP = 192.168.2.100, processing VID payload
  313. Sep 24 21:48:25 [IKEv1 DEBUG]IP = 192.168.2.100, processing VID payload
  314. Sep 24 21:48:25 [IKEv1 DEBUG]IP = 192.168.2.100, processing VID payload
  315. Sep 24 21:48:25 [IKEv1 DEBUG]IP = 192.168.2.100, Received NAT-Traversal ver 03 VID
  316. Sep 24 21:48:25 [IKEv1 DEBUG]IP = 192.168.2.100, processing VID payload
  317. Sep 24 21:48:25 [IKEv1 DEBUG]IP = 192.168.2.100, processing VID payload
  318. Sep 24 21:48:25 [IKEv1 DEBUG]IP = 192.168.2.100, Received NAT-Traversal ver 02 VID
  319. Sep 24 21:48:25 [IKEv1 DEBUG]IP = 192.168.2.100, processing VID payload
  320. Sep 24 21:48:25 [IKEv1 DEBUG]IP = 192.168.2.100, Received xauth V6 VID
  321. Sep 24 21:48:25 [IKEv1 DEBUG]IP = 192.168.2.100, processing VID payload
  322. Sep 24 21:48:25 [IKEv1 DEBUG]IP = 192.168.2.100, Received Cisco Unity client VID
  323. Sep 24 21:48:25 [IKEv1 DEBUG]IP = 192.168.2.100, processing VID payload
  324. Sep 24 21:48:25 [IKEv1 DEBUG]IP = 192.168.2.100, Received DPD VID
  325. Sep 24 21:48:25 [IKEv1]IP = 192.168.2.100, Connection landed on tunnel_group test
  326. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, processing IKE SA payload
  327. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, IKE SA Proposal # 1, Transform # 1 acceptable Matches global IKE entry # 2
  328. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, constructing ISAKMP SA payload
  329. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, constructing ke payload
  330. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, constructing nonce payload
  331. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, Generating keys for Responder...
  332. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, constructing ID payload
  333. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, constructing hash payload
  334. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, Computing hash for ISAKMP
  335. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, constructing Cisco Unity VID payload
  336. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, constructing xauth V6 VID payload
  337. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, constructing dpd vid payload
  338. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, constructing NAT-Traversal VID ver RFC payload
  339. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, constructing NAT-Discovery payload
  340. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, computing NAT Discovery hash
  341. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, constructing NAT-Discovery payload
  342. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, computing NAT Discovery hash
  343. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, constructing Fragmentation VID + extended capabilities payload
  344. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, constructing VID payload
  345. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
  346. Sep 24 21:48:25 [IKEv1]IP = 192.168.2.100, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + HASH (8) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (20) + NAT-D (20) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 440
  347.  
  348. SENDING PACKET to 192.168.2.100
  349. ISAKMP Header
  350. Initiator COOKIE: c1 99 fe 96 b6 55 28 24
  351. Responder COOKIE: d7 d3 d2 14 e1 39 33 5a
  352. Next Payload: Security Association
  353. Version: 1.0
  354. Exchange Type: Aggressive Mode
  355. Flags: (none)
  356. MessageID: 00000000
  357. Length: 3087073280
  358. Sep 24 21:48:25 [IKEv1]IKE Receiver: Packet received on 192.168.2.120:500 from 192.168.2.100:500
  359.  
  360.  
  361. IKEv1 Recv RAW packet dump
  362. c1 99 fe 96 b6 55 28 24 d7 d3 d2 14 e1 39 33 5a | .....U($.....93Z
  363. 08 10 04 01 00 00 00 00 00 00 00 8c 4a 9f f1 10 | ............J...
  364. fb b1 06 d6 b4 bb 25 5e a3 ca 06 64 eb 85 3d 31 | ......%^...d..=1
  365. cc 66 ea ff 45 c5 e0 ee 9d d9 22 93 37 4b 21 ad | .f..E.....".7K!.
  366. fc 27 99 21 a9 99 c2 e9 2d 04 d5 c4 30 ca 3e 63 | .'.!....-...0.>c
  367. ed 6b 05 55 65 a7 70 12 df 43 22 6b a5 2f 4b 5d | .k.Ue.p..C"k./K]
  368. 3d ce 03 bf e1 8b 4e 97 4c 5f 3c 5f 0c dd 8f 9e | =.....N.L_<_....
  369. 03 0a dd a6 d6 bd c6 b5 68 a7 5d 9e ce 1f 97 27 | ........h.]....'
  370. c4 74 9a 0b 3f c7 2d f7 81 80 ed ee | .t..?.-.....
  371.  
  372. RECV PACKET from 192.168.2.100
  373. ISAKMP Header
  374. Initiator COOKIE: c1 99 fe 96 b6 55 28 24
  375. Responder COOKIE: d7 d3 d2 14 e1 39 33 5a
  376. Next Payload: Hash
  377. Version: 1.0
  378. Exchange Type: Aggressive Mode
  379. Flags: (Encryption)
  380. MessageID: 00000000
  381. Length: 140
  382.  
  383. AFTER DECRYPTION
  384. ISAKMP Header
  385. Initiator COOKIE: c1 99 fe 96 b6 55 28 24
  386. Responder COOKIE: d7 d3 d2 14 e1 39 33 5a
  387. Next Payload: Hash
  388. Version: 1.0
  389. Exchange Type: Aggressive Mode
  390. Flags: (Encryption)
  391. MessageID: 00000000
  392. Length: 140
  393. Payload Hash
  394. Next Payload: NAT-D
  395. Reserved: 00
  396. Payload Length: 24
  397. Data:
  398. 96 71 e9 a9 6f b8 71 ec 9d 8e b1 3c 8a 7e 07 91
  399. fd d4 38 d3
  400. Payload NAT-D
  401. Next Payload: NAT-D
  402. Reserved: 00
  403. Payload Length: 24
  404. Data:
  405. fc 7a 3e 9e 54 aa 3e ab 4e 70 9b c6 db 3d b4 a1
  406. da 3f 77 56
  407. Payload NAT-D
  408. Next Payload: Notification
  409. Reserved: 00
  410. Payload Length: 24
  411. Data:
  412. 42 65 ca b8 7a 56 fe 16 06 21 a3 f2 22 f4 be 5c
  413. c6 8e ce 4c
  414. Payload Notification
  415. Next Payload: None
  416. Reserved: 00
  417. Payload Length: 28
  418. DOI: IPsec
  419. Protocol-ID: PROTO_ISAKMP
  420. Spi Size: 16
  421. Notify Type: STATUS_INITIAL_CONTACT
  422. SPI:
  423. c1 99 fe 96 b6 55 28 24 d7 d3 d2 14 e1 39 33 5a
  424. Sep 24 21:48:25 [IKEv1]IP = 192.168.2.100, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + HASH (8) + NAT-D (20) + NAT-D (20) + NOTIFY (11) + NONE (0) total length : 128
  425. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, processing hash payload
  426. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, Computing hash for ISAKMP
  427. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, processing NAT-Discovery payload
  428. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, computing NAT Discovery hash
  429. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, processing NAT-Discovery payload
  430. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, computing NAT Discovery hash
  431. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, processing notify payload
  432. Sep 24 21:48:25 [IKEv1]Group = test, IP = 192.168.2.100, Automatic NAT Detection Status: Remote end is NOT behind a NAT device This end is NOT behind a NAT device
  433. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, constructing blank hash payload
  434. Sep 24 21:48:25 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, constructing qm hash payload
  435. Sep 24 21:48:25 [IKEv1]IP = 192.168.2.100, IKE_DECODE SENDING Message (msgid=d27a0bff) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 72
  436.  
  437. BEFORE ENCRYPTION
  438. RAW PACKET DUMP on SEND
  439. c1 99 fe 96 b6 55 28 24 d7 d3 d2 14 e1 39 33 5a | .....U($.....93Z
  440. 08 10 06 00 ff 0b 7a d2 1c 00 00 00 0e 00 00 18 | ......z.........
  441. 3c 0b d6 4d d4 83 4b 35 87 a2 01 07 e0 1f 9e 50 | <..M..K5.......P
  442. fb bb d8 6a 00 00 00 14 01 00 00 00 c0 88 00 00 | ...j............
  443. 40 89 00 00 40 8a 00 00 | @...@...
  444.  
  445. ISAKMP Header
  446. Initiator COOKIE: c1 99 fe 96 b6 55 28 24
  447. Responder COOKIE: d7 d3 d2 14 e1 39 33 5a
  448. Next Payload: Hash
  449. Version: 1.0
  450. Exchange Type: Transaction
  451. Flags: (none)
  452. MessageID: D27A0BFF
  453. Length: 28
  454. Payload Hash
  455. Next Payload: Attributes
  456. Reserved: 00
  457. Payload Length: 24
  458. Data:
  459. 3c 0b d6 4d d4 83 4b 35 87 a2 01 07 e0 1f 9e 50
  460. fb bb d8 6a
  461. Payload Attributes
  462. Next Payload: None
  463. Reserved: 00
  464. Payload Length: 20
  465. type: ISAKMP_CFG_REQUEST
  466. Reserved: 00
  467. Identifier: 0000
  468. XAUTH Type: Generic
  469. XAUTH User Name: (empty)
  470. XAUTH User Password: (empty)
  471. Sep 24 21:48:32 [IKEv1]IKE Receiver: Packet received on 192.168.2.120:500 from 192.168.2.100:500
  472.  
  473.  
  474. IKEv1 Recv RAW packet dump
  475. c1 99 fe 96 b6 55 28 24 d7 d3 d2 14 e1 39 33 5a | .....U($.....93Z
  476. 08 10 06 01 d2 7a 0b ff 00 00 00 5c 09 25 f9 1d | .....z.....\.%..
  477. e4 b4 eb d0 80 d0 c0 f5 5f 4f 8b a5 ab d5 87 d9 | ........_O......
  478. 50 36 67 a1 c2 00 87 2a 94 d6 6e 94 a3 d0 e0 bf | P6g....*..n.....
  479. 45 16 8d 56 3a f2 0c 7d c0 3b c5 7b 16 2d 4e 4f | E..V:..}.;.{.-NO
  480. 29 53 e3 49 93 01 b5 1a a2 25 8c aa | )S.I.....%..
  481.  
  482. RECV PACKET from 192.168.2.100
  483. ISAKMP Header
  484. Initiator COOKIE: c1 99 fe 96 b6 55 28 24
  485. Responder COOKIE: d7 d3 d2 14 e1 39 33 5a
  486. Next Payload: Hash
  487. Version: 1.0
  488. Exchange Type: Transaction
  489. Flags: (Encryption)
  490. MessageID: D27A0BFF
  491. Length: 92
  492.  
  493. AFTER DECRYPTION
  494. ISAKMP Header
  495. Initiator COOKIE: c1 99 fe 96 b6 55 28 24
  496. Responder COOKIE: d7 d3 d2 14 e1 39 33 5a
  497. Next Payload: Hash
  498. Version: 1.0
  499. Exchange Type: Transaction
  500. Flags: (Encryption)
  501. MessageID: D27A0BFF
  502. Length: 92
  503. Payload Hash
  504. Next Payload: Attributes
  505. Reserved: 00
  506. Payload Length: 24
  507. Data:
  508. be ec 0f 73 bb 42 60 8a 19 1e 58 8d a0 c5 fd fd
  509. 23 89 87 91
  510. Payload Attributes
  511. Next Payload: None
  512. Reserved: 00
  513. Payload Length: 28
  514. type: ISAKMP_CFG_REPLY
  515. Reserved: 00
  516. Identifier: 0000
  517. XAUTH User Name: (data not displayed)
  518. XAUTH User Password: (data not displayed)
  519. Sep 24 21:48:32 [IKEv1]IP = 192.168.2.100, IKE_DECODE RECEIVED Message (msgid=d27a0bff) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 80
  520. Sep 24 21:48:32 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, process_attr(): Enter!
  521. Sep 24 21:48:32 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, Processing MODE_CFG Reply attributes.
  522.  
  523. RADIUS packet decode (authentication request)
  524.  
  525. --------------------------------------
  526. Raw packet data (length = 251).....
  527. 01 33 00 fb ff ee 1c 4f 66 fb ca 35 59 1f 82 35 | .3.....Of..5Y..5
  528. 39 47 04 77 01 0a 6b 61 72 73 74 65 6e 73 02 12 | 9G.w..karstens..
  529. 0c a0 50 11 dc 28 79 28 b6 c4 00 d7 5c 1e e1 2c | ..P..(y(....\..,
  530. 05 06 00 07 f0 00 06 06 00 00 00 02 07 06 00 00 | ................
  531. 00 01 1e 0f 31 39 32 2e 31 36 38 2e 32 2e 31 32 | ....192.168.2.12
  532. 30 1f 0f 31 39 32 2e 31 36 38 2e 32 2e 31 30 30 | 0..192.168.2.100
  533. 3d 06 00 00 00 05 42 0f 31 39 32 2e 31 36 38 2e | =.....B.192.168.
  534. 32 2e 31 30 30 04 06 c0 a8 02 78 1a 31 00 00 00 | 2.100.....x.1...
  535. 09 01 2b 61 75 64 69 74 2d 73 65 73 73 69 6f 6e | ..+audit-session
  536. 2d 69 64 3d 30 61 30 61 30 31 30 31 30 30 30 37 | -id=0a0a01010007
  537. 66 30 30 30 35 36 30 34 36 66 61 39 1a 22 00 00 | f00056046fa9."..
  538. 00 09 01 1c 69 70 3a 73 6f 75 72 63 65 2d 69 70 | ....ip:source-ip
  539. 3d 31 39 32 2e 31 36 38 2e 32 2e 31 30 30 1a 0c | =192.168.2.100..
  540. 00 00 0c 04 92 06 74 65 73 74 1a 0c 00 00 0c 04 | ......test......
  541. 96 06 00 00 00 01 1a 15 00 00 00 09 01 0f 63 6f | ..............co
  542. 61 2d 70 75 73 68 3d 74 72 75 65 | a-push=true
  543.  
  544. Parsed packet data.....
  545. Radius: Code = 1 (0x01)
  546. Radius: Identifier = 51 (0x33)
  547. Radius: Length = 251 (0x00FB)
  548. Radius: Vector: FFEE1C4F66FBCA35591F823539470477
  549. Radius: Type = 1 (0x01) User-Name
  550. Radius: Length = 10 (0x0A)
  551. Radius: Value (String) =
  552. 6b 61 72 73 74 65 6e 73 | karstens
  553. Radius: Type = 2 (0x02) User-Password
  554. Radius: Length = 18 (0x12)
  555. Radius: Value (String) =
  556. 0c a0 50 11 dc 28 79 28 b6 c4 00 d7 5c 1e e1 2c | ..P..(y(....\..,
  557. Radius: Type = 5 (0x05) NAS-Port
  558. Radius: Length = 6 (0x06)
  559. Radius: Value (Hex) = 0x7F000
  560. Radius: Type = 6 (0x06) Service-Type
  561. Radius: Length = 6 (0x06)
  562. Radius: Value (Hex) = 0x2
  563. Radius: Type = 7 (0x07) Framed-Protocol
  564. Radius: Length = 6 (0x06)
  565. Radius: Value (Hex) = 0x1
  566. Radius: Type = 30 (0x1E) Called-Station-Id
  567. Radius: Length = 15 (0x0F)
  568. Radius: Value (String) =
  569. 31 39 32 2e 31 36 38 2e 32 2e 31 32 30 | 192.168.2.120
  570. Radius: Type = 31 (0x1F) Calling-Station-Id
  571. Radius: Length = 15 (0x0F)
  572. Radius: Value (String) =
  573. 31 39 32 2e 31 36 38 2e 32 2e 31 30 30 | 192.168.2.100
  574. Radius: Type = 61 (0x3D) NAS-Port-Type
  575. Radius: Length = 6 (0x06)
  576. Radius: Value (Hex) = 0x5
  577. Radius: Type = 66 (0x42) Tunnel-Client-Endpoint
  578. Radius: Length = 15 (0x0F)
  579. Radius: Value (String) =
  580. 31 39 32 2e 31 36 38 2e 32 2e 31 30 30 | 192.168.2.100
  581. Radius: Type = 4 (0x04) NAS-IP-Address
  582. Radius: Length = 6 (0x06)
  583. Radius: Value (IP Address) = 192.168.2.120 (0xC0A80278)
  584. Radius: Type = 26 (0x1A) Vendor-Specific
  585. Radius: Length = 49 (0x31)
  586. Radius: Vendor ID = 9 (0x00000009)
  587. Radius: Type = 1 (0x01) Cisco-AV-pair
  588. Radius: Length = 43 (0x2B)
  589. Radius: Value (String) =
  590. 61 75 64 69 74 2d 73 65 73 73 69 6f 6e 2d 69 64 | audit-session-id
  591. 3d 30 61 30 61 30 31 30 31 30 30 30 37 66 30 30 | =0a0a01010007f00
  592. 30 35 36 30 34 36 66 61 39 | 056046fa9
  593. Radius: Type = 26 (0x1A) Vendor-Specific
  594. Radius: Length = 34 (0x22)
  595. Radius: Vendor ID = 9 (0x00000009)
  596. Radius: Type = 1 (0x01) Cisco-AV-pair
  597. Radius: Length = 28 (0x1C)
  598. Radius: Value (String) =
  599. 69 70 3a 73 6f 75 72 63 65 2d 69 70 3d 31 39 32 | ip:source-ip=192
  600. 2e 31 36 38 2e 32 2e 31 30 30 | .168.2.100
  601. Radius: Type = 26 (0x1A) Vendor-Specific
  602. Radius: Length = 12 (0x0C)
  603. Radius: Vendor ID = 3076 (0x00000C04)
  604. Radius: Type = 146 (0x92) Tunnel-Group-Name
  605. Radius: Length = 6 (0x06)
  606. Radius: Value (String) =
  607. 74 65 73 74 | test
  608. Radius: Type = 26 (0x1A) Vendor-Specific
  609. Radius: Length = 12 (0x0C)
  610. Radius: Vendor ID = 3076 (0x00000C04)
  611. Radius: Type = 150 (0x96) Client-Type
  612. Radius: Length = 6 (0x06)
  613. Radius: Value (Integer) = 1 (0x0001)
  614. Radius: Type = 26 (0x1A) Vendor-Specific
  615. Radius: Length = 21 (0x15)
  616. Radius: Vendor ID = 9 (0x00000009)
  617. Radius: Type = 1 (0x01) Cisco-AV-pair
  618. Radius: Length = 15 (0x0F)
  619. Radius: Value (String) =
  620. 63 6f 61 2d 70 75 73 68 3d 74 72 75 65 | coa-push=true
  621.  
  622. RADIUS packet decode (response)
  623.  
  624. --------------------------------------
  625. Raw packet data (length = 53).....
  626. 0b 33 00 35 bb 4d a1 35 01 a1 35 a1 0b ea 87 c7 | .3.5.M.5..5.....
  627. f8 9b a7 87 07 06 00 00 00 01 0d 06 00 00 00 01 | ................
  628. 12 09 54 6f 6b 65 6e 20 31 12 09 54 6f 6b 65 6e | ..Token 1..Token
  629. 20 32 18 03 30 | 2..0
  630.  
  631. Parsed packet data.....
  632. Radius: Code = 11 (0x0B)
  633. Radius: Identifier = 51 (0x33)
  634. Radius: Length = 53 (0x0035)
  635. Radius: Vector: BB4DA13501A135A10BEA87C7F89BA787
  636. Radius: Type = 7 (0x07) Framed-Protocol
  637. Radius: Length = 6 (0x06)
  638. Radius: Value (Hex) = 0x1
  639. Radius: Type = 13 (0x0D) Framed-Compression
  640. Radius: Length = 6 (0x06)
  641. Radius: Value (Hex) = 0x1
  642. Radius: Type = 18 (0x12) Reply-Message
  643. Radius: Length = 9 (0x09)
  644. Radius: Value (String) =
  645. 54 6f 6b 65 6e 20 31 | Token 1
  646. Radius: Type = 18 (0x12) Reply-Message
  647. Radius: Length = 9 (0x09)
  648. Radius: Value (String) =
  649. 54 6f 6b 65 6e 20 32 | Token 2
  650. Radius: Type = 24 (0x18) State
  651. Radius: Length = 3 (0x03)
  652. Radius: Value (String) =
  653. 30 | 0
  654. Sep 24 21:48:40 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, Received challenge status!
  655. Sep 24 21:48:40 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, constructing blank hash payload
  656. Sep 24 21:48:40 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, constructing qm hash payload
  657. Sep 24 21:48:40 [IKEv1]IP = 192.168.2.100, IKE_DECODE SENDING Message (msgid=4807f8c0) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 79
  658.  
  659. BEFORE ENCRYPTION
  660. RAW PACKET DUMP on SEND
  661. c1 99 fe 96 b6 55 28 24 d7 d3 d2 14 e1 39 33 5a | .....U($.....93Z
  662. 08 10 06 00 c0 f8 07 48 1c 00 00 00 0e 00 00 18 | .......H........
  663. 55 d1 bc 2f 69 05 3b fd 4b 17 4a 4f cb c7 2c e6 | U../i.;.K.JO..,.
  664. 99 70 cf 61 00 00 00 1b 01 00 00 00 c0 88 00 00 | .p.a............
  665. 40 8a 00 00 40 8c 00 07 54 6f 6b 65 6e 20 31 | @[email protected] 1
  666.  
  667. ISAKMP Header
  668. Initiator COOKIE: c1 99 fe 96 b6 55 28 24
  669. Responder COOKIE: d7 d3 d2 14 e1 39 33 5a
  670. Next Payload: Hash
  671. Version: 1.0
  672. Exchange Type: Transaction
  673. Flags: (none)
  674. MessageID: 4807F8C0
  675. Length: 28
  676. Payload Hash
  677. Next Payload: Attributes
  678. Reserved: 00
  679. Payload Length: 24
  680. Data:
  681. 55 d1 bc 2f 69 05 3b fd 4b 17 4a 4f cb c7 2c e6
  682. 99 70 cf 61
  683. Payload Attributes
  684. Next Payload: None
  685. Reserved: 00
  686. Payload Length: 27
  687. type: ISAKMP_CFG_REQUEST
  688. Reserved: 00
  689. Identifier: 0000
  690. XAUTH Type: Generic
  691. XAUTH User Password: (empty)
  692. XAUTH Message: (data not displayed)
  693. Sep 24 21:48:46 [IKEv1]IKE Receiver: Packet received on 192.168.2.120:500 from 192.168.2.100:500
  694.  
  695.  
  696. IKEv1 Recv RAW packet dump
  697. c1 99 fe 96 b6 55 28 24 d7 d3 d2 14 e1 39 33 5a | .....U($.....93Z
  698. 08 10 06 01 48 07 f8 c0 00 00 00 4c 34 22 83 58 | ....H......L4".X
  699. 8f 3f c1 4e e8 72 5d 76 81 e4 a0 d5 44 08 42 c3 | .?.N.r]v....D.B.
  700. ba 6a b5 4d fb a3 6d c7 c5 25 73 2e e2 f7 73 30 | .j.M..m..%s...s0
  701. 6e a2 46 2c be 20 fc 44 e3 3f 3e 28 | n.F,. .D.?>(
  702.  
  703. RECV PACKET from 192.168.2.100
  704. ISAKMP Header
  705. Initiator COOKIE: c1 99 fe 96 b6 55 28 24
  706. Responder COOKIE: d7 d3 d2 14 e1 39 33 5a
  707. Next Payload: Hash
  708. Version: 1.0
  709. Exchange Type: Transaction
  710. Flags: (Encryption)
  711. MessageID: 4807F8C0
  712. Length: 76
  713.  
  714. AFTER DECRYPTION
  715. ISAKMP Header
  716. Initiator COOKIE: c1 99 fe 96 b6 55 28 24
  717. Responder COOKIE: d7 d3 d2 14 e1 39 33 5a
  718. Next Payload: Hash
  719. Version: 1.0
  720. Exchange Type: Transaction
  721. Flags: (Encryption)
  722. MessageID: 4807F8C0
  723. Length: 76
  724. Payload Hash
  725. Next Payload: Attributes
  726. Reserved: 00
  727. Payload Length: 24
  728. Data:
  729. 0c 85 42 ef f8 ee 92 32 15 7a 33 bf df fa 8f b0
  730. 64 20 bd 26
  731. Payload Attributes
  732. Next Payload: None
  733. Reserved: 00
  734. Payload Length: 18
  735. type: ISAKMP_CFG_REPLY
  736. Reserved: 00
  737. Identifier: 0000
  738. XAUTH User Password: (data not displayed)
  739. Sep 24 21:48:46 [IKEv1]IP = 192.168.2.100, IKE_DECODE RECEIVED Message (msgid=4807f8c0) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 70
  740. Sep 24 21:48:46 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, process_attr(): Enter!
  741. Sep 24 21:48:46 [IKEv1 DEBUG]Group = test, IP = 192.168.2.100, Processing MODE_CFG Reply attributes.
  742.  
  743. RADIUS packet decode (authentication request)
  744.  
  745. --------------------------------------
  746. Raw packet data (length = 254).....
  747. 01 35 00 fe 03 70 6a 0f c9 5c e6 c1 83 8d b2 08 | .5...pj..\......
  748. e2 13 8d d0 01 0a 6b 61 72 73 74 65 6e 73 02 12 | ......karstens..
  749. 82 58 36 50 b5 5c 57 58 2f cf 97 a0 69 80 65 8a | .X6P.\WX/...i.e.
  750. 05 06 00 07 f0 00 06 06 00 00 00 02 07 06 00 00 | ................
  751. 00 01 18 03 30 1e 0f 31 39 32 2e 31 36 38 2e 32 | ....0..192.168.2
  752. 2e 31 32 30 1f 0f 31 39 32 2e 31 36 38 2e 32 2e | .120..192.168.2.
  753. 31 30 30 3d 06 00 00 00 05 42 0f 31 39 32 2e 31 | 100=.....B.192.1
  754. 36 38 2e 32 2e 31 30 30 04 06 c0 a8 02 78 1a 31 | 68.2.100.....x.1
  755. 00 00 00 09 01 2b 61 75 64 69 74 2d 73 65 73 73 | .....+audit-sess
  756. 69 6f 6e 2d 69 64 3d 30 61 30 61 30 31 30 31 30 | ion-id=0a0a01010
  757. 30 30 37 66 30 30 30 35 36 30 34 36 66 61 39 1a | 007f00056046fa9.
  758. 22 00 00 00 09 01 1c 69 70 3a 73 6f 75 72 63 65 | "......ip:source
  759. 2d 69 70 3d 31 39 32 2e 31 36 38 2e 32 2e 31 30 | -ip=192.168.2.10
  760. 30 1a 0c 00 00 0c 04 92 06 74 65 73 74 1a 0c 00 | 0........test...
  761. 00 0c 04 96 06 00 00 00 01 1a 15 00 00 00 09 01 | ................
  762. 0f 63 6f 61 2d 70 75 73 68 3d 74 72 75 65 | .coa-push=true
  763.  
  764. Parsed packet data.....
  765. Radius: Code = 1 (0x01)
  766. Radius: Identifier = 53 (0x35)
  767. Radius: Length = 254 (0x00FE)
  768. Radius: Vector: 03706A0FC95CE6C1838DB208E2138DD0
  769. Radius: Type = 1 (0x01) User-Name
  770. Radius: Length = 10 (0x0A)
  771. Radius: Value (String) =
  772. 6b 61 72 73 74 65 6e 73 | karstens
  773. Radius: Type = 2 (0x02) User-Password
  774. Radius: Length = 18 (0x12)
  775. Radius: Value (String) =
  776. 82 58 36 50 b5 5c 57 58 2f cf 97 a0 69 80 65 8a | .X6P.\WX/...i.e.
  777. Radius: Type = 5 (0x05) NAS-Port
  778. Radius: Length = 6 (0x06)
  779. Radius: Value (Hex) = 0x7F000
  780. Radius: Type = 6 (0x06) Service-Type
  781. Radius: Length = 6 (0x06)
  782. Radius: Value (Hex) = 0x2
  783. Radius: Type = 7 (0x07) Framed-Protocol
  784. Radius: Length = 6 (0x06)
  785. Radius: Value (Hex) = 0x1
  786. Radius: Type = 24 (0x18) State
  787. Radius: Length = 3 (0x03)
  788. Radius: Value (String) =
  789. 30 | 0
  790. Radius: Type = 30 (0x1E) Called-Station-Id
  791. Radius: Length = 15 (0x0F)
  792. Radius: Value (String) =
  793. 31 39 32 2e 31 36 38 2e 32 2e 31 32 30 | 192.168.2.120
  794. Radius: Type = 31 (0x1F) Calling-Station-Id
  795. Radius: Length = 15 (0x0F)
  796. Radius: Value (String) =
  797. 31 39 32 2e 31 36 38 2e 32 2e 31 30 30 | 192.168.2.100
  798. Radius: Type = 61 (0x3D) NAS-Port-Type
  799. Radius: Length = 6 (0x06)
  800. Radius: Value (Hex) = 0x5
  801. Radius: Type = 66 (0x42) Tunnel-Client-Endpoint
  802. Radius: Length = 15 (0x0F)
  803. Radius: Value (String) =
  804. 31 39 32 2e 31 36 38 2e 32 2e 31 30 30 | 192.168.2.100
  805. Radius: Type = 4 (0x04) NAS-IP-Address
  806. Radius: Length = 6 (0x06)
  807. Radius: Value (IP Address) = 192.168.2.120 (0xC0A80278)
  808. Radius: Type = 26 (0x1A) Vendor-Specific
  809. Radius: Length = 49 (0x31)
  810. Radius: Vendor ID = 9 (0x00000009)
  811. Radius: Type = 1 (0x01) Cisco-AV-pair
  812. Radius: Length = 43 (0x2B)
  813. Radius: Value (String) =
  814. 61 75 64 69 74 2d 73 65 73 73 69 6f 6e 2d 69 64 | audit-session-id
  815. 3d 30 61 30 61 30 31 30 31 30 30 30 37 66 30 30 | =0a0a01010007f00
  816. 30 35 36 30 34 36 66 61 39 | 056046fa9
  817. Radius: Type = 26 (0x1A) Vendor-Specific
  818. Radius: Length = 34 (0x22)
  819. Radius: Vendor ID = 9 (0x00000009)
  820. Radius: Type = 1 (0x01) Cisco-AV-pair
  821. Radius: Length = 28 (0x1C)
  822. Radius: Value (String) =
  823. 69 70 3a 73 6f 75 72 63 65 2d 69 70 3d 31 39 32 | ip:source-ip=192
  824. 2e 31 36 38 2e 32 2e 31 30 30 | .168.2.100
  825. Radius: Type = 26 (0x1A) Vendor-Specific
  826. Radius: Length = 12 (0x0C)
  827. Radius: Vendor ID = 3076 (0x00000C04)
  828. Radius: Type = 146 (0x92) Tunnel-Group-Name
  829. Radius: Length = 6 (0x06)
  830. Radius: Value (String) =
  831. 74 65 73 74 | test
  832. Radius: Type = 26 (0x1A) Vendor-Specific
  833. Radius: Length = 12 (0x0C)
  834. Radius: Vendor ID = 3076 (0x00000C04)
  835. Radius: Type = 150 (0x96) Client-Type
  836. Radius: Length = 6 (0x06)
  837. Radius: Value (Integer) = 1 (0x0001)
  838. Radius: Type = 26 (0x1A) Vendor-Specific
  839. Radius: Length = 21 (0x15)
  840. Radius: Vendor ID = 9 (0x00000009)
  841. Radius: Type = 1 (0x01) Cisco-AV-pair
  842. Radius: Length = 15 (0x0F)
  843. Radius: Value (String) =
  844. 63 6f 61 2d 70 75 73 68 3d 74 72 75 65 | coa-push=true
  845.  
  846. RADIUS packet decode (response)
  847.  
  848. --------------------------------------
  849. Raw packet data (length = 32).....
  850. 02 35 00 20 9c 50 42 e8 63 90 39 a1 06 51 51 a1 | .5. .PB.c.9..QQ.
  851. df b6 48 92 07 06 00 00 00 01 0d 06 00 00 00 01 | ..H.............
  852.  
  853. Parsed packet data.....
  854. Radius: Code = 2 (0x02)
  855. Radius: Identifier = 53 (0x35)
  856. Radius: Length = 32 (0x0020)
  857. Radius: Vector: 9C5042E8639039A1065151A1DFB64892
  858. Radius: Type = 7 (0x07) Framed-Protocol
  859. Radius: Length = 6 (0x06)
  860. Radius: Value (Hex) = 0x1
  861. Radius: Type = 13 (0x0D) Framed-Compression
  862. Radius: Length = 6 (0x06)
  863. Radius: Value (Hex) = 0x1
  864. Sep 24 21:48:47 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, IKEGetUserAttributes: primary DNS = cleared
  865. Sep 24 21:48:47 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, IKEGetUserAttributes: secondary DNS = cleared
  866. Sep 24 21:48:47 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, IKEGetUserAttributes: primary WINS = cleared
  867. Sep 24 21:48:47 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, IKEGetUserAttributes: secondary WINS = cleared
  868. Sep 24 21:48:47 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, IKEGetUserAttributes: IP Compression = disabled
  869. Sep 24 21:48:47 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, IKEGetUserAttributes: Split Tunneling Policy = Disabled
  870. Sep 24 21:48:47 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, IKEGetUserAttributes: Browser Proxy Setting = no-modify
  871. Sep 24 21:48:47 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, IKEGetUserAttributes: Browser Proxy Bypass Local = disable
  872. Sep 24 21:48:47 [IKEv1]Group = test, Username = karstens, IP = 192.168.2.100, User (karstens) authenticated.
  873. Sep 24 21:48:47 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, constructing blank hash payload
  874. Sep 24 21:48:47 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, constructing qm hash payload
  875. Sep 24 21:48:47 [IKEv1]IP = 192.168.2.100, IKE_DECODE SENDING Message (msgid=3d3f34bb) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 64
  876.  
  877. BEFORE ENCRYPTION
  878. RAW PACKET DUMP on SEND
  879. c1 99 fe 96 b6 55 28 24 d7 d3 d2 14 e1 39 33 5a | .....U($.....93Z
  880. 08 10 06 00 bb 34 3f 3d 1c 00 00 00 0e 00 00 18 | .....4?=........
  881. e5 45 de 9f 91 84 36 18 8a 98 50 d1 38 3f 56 81 | .E....6...P.8?V.
  882. e3 5f 5e 92 00 00 00 0c 03 00 00 00 c0 8f 00 01 | ._^.............
  883.  
  884. ISAKMP Header
  885. Initiator COOKIE: c1 99 fe 96 b6 55 28 24
  886. Responder COOKIE: d7 d3 d2 14 e1 39 33 5a
  887. Next Payload: Hash
  888. Version: 1.0
  889. Exchange Type: Transaction
  890. Flags: (none)
  891. MessageID: 3D3F34BB
  892. Length: 28
  893. Payload Hash
  894. Next Payload: Attributes
  895. Reserved: 00
  896. Payload Length: 24
  897. Data:
  898. e5 45 de 9f 91 84 36 18 8a 98 50 d1 38 3f 56 81
  899. e3 5f 5e 92
  900. Payload Attributes
  901. Next Payload: None
  902. Reserved: 00
  903. Payload Length: 12
  904. type: ISAKMP_CFG_SET
  905. Reserved: 00
  906. Identifier: 0000
  907. XAUTH Status: Pass
  908. Sep 24 21:48:48 [IKEv1]IKE Receiver: Packet received on 192.168.2.120:500 from 192.168.2.100:500
  909.  
  910.  
  911. IKEv1 Recv RAW packet dump
  912. c1 99 fe 96 b6 55 28 24 d7 d3 d2 14 e1 39 33 5a | .....U($.....93Z
  913. 08 10 06 01 3d 3f 34 bb 00 00 00 4c 00 13 a8 92 | ....=?4....L....
  914. 30 98 e8 98 40 28 49 4a 74 39 46 96 31 f5 eb 0a | 0...@(IJt9F.1...
  915. be 59 67 1e f2 1d 29 0b d4 c2 5e 7e 88 b2 fc 8e | .Yg...)...^~....
  916. 00 4d 73 a0 b5 19 ba bd cd 47 44 21 | .Ms......GD!
  917.  
  918. RECV PACKET from 192.168.2.100
  919. ISAKMP Header
  920. Initiator COOKIE: c1 99 fe 96 b6 55 28 24
  921. Responder COOKIE: d7 d3 d2 14 e1 39 33 5a
  922. Next Payload: Hash
  923. Version: 1.0
  924. Exchange Type: Transaction
  925. Flags: (Encryption)
  926. MessageID: 3D3F34BB
  927. Length: 76
  928.  
  929. AFTER DECRYPTION
  930. ISAKMP Header
  931. Initiator COOKIE: c1 99 fe 96 b6 55 28 24
  932. Responder COOKIE: d7 d3 d2 14 e1 39 33 5a
  933. Next Payload: Hash
  934. Version: 1.0
  935. Exchange Type: Transaction
  936. Flags: (Encryption)
  937. MessageID: 3D3F34BB
  938. Length: 76
  939. Payload Hash
  940. Next Payload: Attributes
  941. Reserved: 00
  942. Payload Length: 24
  943. Data:
  944. 11 87 a5 16 eb ae 38 6f 70 af 06 47 fb eb e1 f5
  945. 78 f7 4f a7
  946. Payload Attributes
  947. Next Payload: None
  948. Reserved: 00
  949. Payload Length: 12
  950. type: ISAKMP_CFG_ACK
  951. Reserved: 00
  952. Identifier: 0000
  953. XAUTH Status: Fail
  954. Sep 24 21:48:48 [IKEv1]IP = 192.168.2.100, IKE_DECODE RECEIVED Message (msgid=3d3f34bb) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 64
  955. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, process_attr(): Enter!
  956. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, Processing cfg ACK attributes
  957. Sep 24 21:48:48 [IKEv1]IKE Receiver: Packet received on 192.168.2.120:500 from 192.168.2.100:500
  958.  
  959.  
  960. IKEv1 Recv RAW packet dump
  961. c1 99 fe 96 b6 55 28 24 d7 d3 d2 14 e1 39 33 5a | .....U($.....93Z
  962. 08 10 06 01 9e 44 57 83 00 00 00 ac a7 49 33 28 | .....DW......I3(
  963. a4 4b ae b2 39 e2 b0 9e 7b 3f 2d fd ab 96 d2 ec | .K..9...{?-.....
  964. e5 ef 7b 3d 2e 68 b3 6a 26 f3 5e b4 6d e4 28 15 | ..{=.h.j&.^.m.(.
  965. 47 f6 13 c0 27 88 ed de 28 0d 24 49 4d dd 61 3d | G...'...(.$IM.a=
  966. d6 8b c0 cf da 9e e8 a9 06 71 13 0c 76 4a 0b 2f | .........q..vJ./
  967. 9f ef 55 0b 1f 1b 68 76 20 74 06 c2 c7 6f ee eb | ..U...hv t...o..
  968. 50 42 ac 84 8c 0b 34 a9 0c e3 96 f3 2b d5 0c c9 | PB....4.....+...
  969. 5f f5 b6 d0 78 e7 39 01 f4 0b 04 b8 d5 9e 26 c5 | _...x.9.......&.
  970. 48 91 cf 16 2e 2f 14 f4 f2 ea 8f a0 8b 70 75 f9 | H..../.......pu.
  971. cc 75 3c 30 3f d3 f1 ee c6 ba 66 61 | .u<0?.....fa
  972.  
  973. RECV PACKET from 192.168.2.100
  974. ISAKMP Header
  975. Initiator COOKIE: c1 99 fe 96 b6 55 28 24
  976. Responder COOKIE: d7 d3 d2 14 e1 39 33 5a
  977. Next Payload: Hash
  978. Version: 1.0
  979. Exchange Type: Transaction
  980. Flags: (Encryption)
  981. MessageID: 9E445783
  982. Length: 172
  983.  
  984. AFTER DECRYPTION
  985. ISAKMP Header
  986. Initiator COOKIE: c1 99 fe 96 b6 55 28 24
  987. Responder COOKIE: d7 d3 d2 14 e1 39 33 5a
  988. Next Payload: Hash
  989. Version: 1.0
  990. Exchange Type: Transaction
  991. Flags: (Encryption)
  992. MessageID: 9E445783
  993. Length: 172
  994. Payload Hash
  995. Next Payload: Attributes
  996. Reserved: 00
  997. Payload Length: 24
  998. Data:
  999. d6 bc 27 80 97 27 3d 1f 5f f1 45 45 2d fa d2 de
  1000. 93 2c 30 a1
  1001. Payload Attributes
  1002. Next Payload: None
  1003. Reserved: 00
  1004. Payload Length: 113
  1005. type: ISAKMP_CFG_REQUEST
  1006. Reserved: 00
  1007. Identifier: 11FB
  1008. IPv4 Address: (empty)
  1009. IPv4 Netmask: (empty)
  1010. IPv4 DNS: (empty)
  1011. IPv4 NBNS (WINS): (empty)
  1012. Address Expiry: (empty)
  1013. Application Version:
  1014. 43 69 73 63 6f 20 53 79 73 74 65 6d 73 20 56 50
  1015. 4e 20 43 6c 69 65 6e 74 20 31 30 2e 31 30 2e 35
  1016. 3a 4d 61 63 20 4f 53 20 58
  1017. Cisco extension: Banner: (empty)
  1018. Cisco extension: Default Domain Name: (empty)
  1019. Cisco extension: Split DNS Name: (empty)
  1020. Cisco extension: Split Include: (empty)
  1021. Cisco extension: Include Local LAN: (empty)
  1022. Cisco extension: Do PFS: (empty)
  1023. Cisco extension: Save PWD: (empty)
  1024. Cisco extension: Firewall Type: (empty)
  1025. Cisco extension: Backup Servers: (empty)
  1026. Cisco extension: Browser Proxy: (empty)
  1027. Sep 24 21:48:48 [IKEv1]IP = 192.168.2.100, IKE_DECODE RECEIVED Message (msgid=9e445783) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 165
  1028. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, process_attr(): Enter!
  1029. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, Processing cfg Request attributes
  1030. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, MODE_CFG: Received request for IPV4 address!
  1031. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, MODE_CFG: Received request for IPV4 net mask!
  1032. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, MODE_CFG: Received request for DNS server address!
  1033. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, MODE_CFG: Received request for WINS server address!
  1034. Sep 24 21:48:48 [IKEv1]Group = test, Username = karstens, IP = 192.168.2.100, Received unsupported transaction mode attribute: 5
  1035. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, MODE_CFG: Received request for Application Version!
  1036. Sep 24 21:48:48 [IKEv1]Group = test, Username = karstens, IP = 192.168.2.100, Client Type: Mac OS X Client Application Version: 10.10.5
  1037. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, MODE_CFG: Received request for Banner!
  1038. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, MODE_CFG: Received request for Default Domain Name!
  1039. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, MODE_CFG: Received request for Split DNS!
  1040. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, MODE_CFG: Received request for Split Tunnel List!
  1041. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, MODE_CFG: Received request for Local LAN Include!
  1042. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, MODE_CFG: Received request for PFS setting!
  1043. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, MODE_CFG: Received request for Save PW setting!
  1044. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, MODE_CFG: Received request for FWTYPE!
  1045. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, MODE_CFG: Received request for backup ip-sec peer list!
  1046. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, MODE_CFG: Received request for Client Browser Proxy Setting!
  1047. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, Obtained IP addr (10.10.1.10) prior to initiating Mode Cfg (XAuth enabled)
  1048. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, Sending subnet mask (255.255.255.0) to remote client
  1049. Sep 24 21:48:48 [IKEv1]Group = test, Username = karstens, IP = 192.168.2.100, Assigned private IP address 10.10.1.10 to remote user
  1050. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, constructing blank hash payload
  1051. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, Send Client Browser Proxy Attributes!
  1052. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, Browser Proxy set to No-Modify. Browser Proxy data will NOT be included in the mode-cfg reply
  1053. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, constructing qm hash payload
  1054. Sep 24 21:48:48 [IKEv1]IP = 192.168.2.100, IKE_DECODE SENDING Message (msgid=9e445783) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 170
  1055.  
  1056. BEFORE ENCRYPTION
  1057. RAW PACKET DUMP on SEND
  1058. c1 99 fe 96 b6 55 28 24 d7 d3 d2 14 e1 39 33 5a | .....U($.....93Z
  1059. 08 10 06 00 83 57 44 9e 1c 00 00 00 0e 00 00 18 | .....WD.........
  1060. 8a 37 6b fb 30 14 68 a2 7f 59 dd b1 0b 50 38 65 | .7k.0.h.Y...P8e
  1061. 86 0a 0e c9 00 00 00 76 02 00 00 00 00 01 00 04 | .......v........
  1062. 0a 0a 01 0a 00 02 00 04 ff ff ff 00 f0 01 00 00 | ................
  1063. f0 07 00 00 00 07 00 52 43 69 73 63 6f 20 53 79 | .......RCisco Sy
  1064. 73 74 65 6d 73 2c 20 49 6e 63 20 41 53 41 35 35 | stems, Inc ASA55
  1065. 30 35 20 56 65 72 73 69 6f 6e 20 39 2e 32 28 34 | 05 Version 9.2(4
  1066. 29 20 62 75 69 6c 74 20 62 79 20 62 75 69 6c 64 | ) built by build
  1067. 65 72 73 20 6f 6e 20 54 75 65 20 31 34 2d 4a 75 | ers on Tue 14-Ju
  1068. 6c 2d 31 35 20 32 32 3a 31 39 | l-15 22:19
  1069.  
  1070. ISAKMP Header
  1071. Initiator COOKIE: c1 99 fe 96 b6 55 28 24
  1072. Responder COOKIE: d7 d3 d2 14 e1 39 33 5a
  1073. Next Payload: Hash
  1074. Version: 1.0
  1075. Exchange Type: Transaction
  1076. Flags: (none)
  1077. MessageID: 9E445783
  1078. Length: 28
  1079. Payload Hash
  1080. Next Payload: Attributes
  1081. Reserved: 00
  1082. Payload Length: 24
  1083. Data:
  1084. 8a 37 6b fb 30 14 68 a2 7f 59 dd b1 0b 50 38 65
  1085. 86 0a 0e c9
  1086. Payload Attributes
  1087. Next Payload: None
  1088. Reserved: 00
  1089. Payload Length: 118
  1090. type: ISAKMP_CFG_REPLY
  1091. Reserved: 00
  1092. Identifier: 0000
  1093. IPv4 Address: 10.10.1.10
  1094. IPv4 Netmask: 255.255.255.0
  1095. Cisco extension: Save PWD: No
  1096. Cisco extension: Do PFS: No
  1097. Application Version:
  1098. 43 69 73 63 6f 20 53 79 73 74 65 6d 73 2c 20 49
  1099. 6e 63 20 41 53 41 35 35 30 35 20 56 65 72 73 69
  1100. 6f 6e 20 39 2e 32 28 34 29 20 62 75 69 6c 74 20
  1101. 62 79 20 62 75 69 6c 64 65 72 73 20 6f 6e 20 54
  1102. 75 65 20 31 34 2d 4a 75 6c 2d 31 35 20 32 32 3a
  1103. 31 39
  1104. Sep 24 21:48:48 [IKEv1]IKE Receiver: Packet received on 192.168.2.120:500 from 192.168.2.100:500
  1105.  
  1106.  
  1107. IKEv1 Recv RAW packet dump
  1108. c1 99 fe 96 b6 55 28 24 d7 d3 d2 14 e1 39 33 5a | .....U($.....93Z
  1109. 08 10 20 01 c5 cb 0b 9a 00 00 01 2c 63 cf 01 52 | .. ........,c..R
  1110. 4e 3f c8 03 ce 78 6e 4f d1 7f 5f 50 e0 0b 82 28 | N?...xnO._P...(
  1111. 86 7c a6 de a4 e9 2a 68 36 45 43 d4 5d 34 27 d5 | .|....*h6EC.]4'.
  1112. ee 0e 83 bb 7d fd fc 62 b6 bb ad 4c 60 48 1a ca | ....}..b...L`H..
  1113. eb 4d 40 1f f7 17 d9 31 1d d0 b1 e2 db f0 94 7d | [email protected].......}
  1114. 9b b3 23 23 8d 7e 74 46 38 0e 87 e8 70 17 bf e0 | ..##.~tF8...p...
  1115. f5 e2 04 a9 85 e2 a7 ca 05 8d a9 5a f9 e9 79 82 | ...........Z..y.
  1116. 88 1c e8 90 c9 d4 50 c3 bb 31 ad a4 ca 4b 9e b9 | ......P..1...K..
  1117. 40 a8 7d a3 d6 b3 1e b7 b3 05 78 2f 4d d9 7a a1 | @.}.......x/M.z.
  1118. 0a 04 31 20 34 6a 32 ad ac 27 0c 3b bd 2b 24 30 | ..1 4j2..'.;.+$0
  1119. f0 b4 ba a8 0f 7e 3a 5f 40 b2 06 31 2e ad 31 a1 | .....~:[email protected].
  1120. 20 eb 7f 26 7f d0 f7 73 e1 69 88 a2 98 57 79 83 | .&..s.i...Wy.
  1121. 2d 82 f7 09 c4 90 11 7e bc e7 5a dd 4e 62 11 eb | -......~..Z.Nb..
  1122. de ca a0 b3 47 f5 ac a8 da 03 e2 09 4b 42 13 19 | ....G.......KB..
  1123. 1b 4e c4 ab e8 1b 9a 9e 73 3c 6c b4 88 e6 f6 30 | .N......s<l....0
  1124. 8a bd c5 85 d6 fb c4 2c a6 46 f8 b3 26 41 57 6e | .......,.F..&AWn
  1125. f5 7c 82 ae cc dd c9 66 4d 54 50 aa 7c 6a d3 51 | .|.....fMTP.|j.Q
  1126. 5f e7 81 43 f6 4f f6 a8 06 ff b1 b6 | _..C.O......
  1127.  
  1128. RECV PACKET from 192.168.2.100
  1129. ISAKMP Header
  1130. Initiator COOKIE: c1 99 fe 96 b6 55 28 24
  1131. Responder COOKIE: d7 d3 d2 14 e1 39 33 5a
  1132. Next Payload: Hash
  1133. Version: 1.0
  1134. Exchange Type: Quick Mode
  1135. Flags: (Encryption)
  1136. MessageID: C5CB0B9A
  1137. Length: 300
  1138. Sep 24 21:48:48 [IKEv1 DECODE]IP = 192.168.2.100, IKE Responder starting QM: msg id = c5cb0b9a
  1139. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, Delay Quick Mode processing, Cert/Trans Exch/RM DSID in progress
  1140. Sep 24 21:48:48 [IKEv1]Group = test, Username = karstens, IP = 192.168.2.100, Gratuitous ARP sent for 10.10.1.10
  1141. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, Resume Quick Mode processing, Cert/Trans Exch/RM DSID completed
  1142. Sep 24 21:48:48 [IKEv1]Group = test, Username = karstens, IP = 192.168.2.100, PHASE 1 COMPLETED
  1143. Sep 24 21:48:48 [IKEv1]IP = 192.168.2.100, Keep-alive type for this connection: DPD
  1144. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, Starting P1 rekey timer: 3420 seconds.
  1145.  
  1146. AFTER DECRYPTION
  1147. ISAKMP Header
  1148. Initiator COOKIE: c1 99 fe 96 b6 55 28 24
  1149. Responder COOKIE: d7 d3 d2 14 e1 39 33 5a
  1150. Next Payload: Hash
  1151. Version: 1.0
  1152. Exchange Type: Quick Mode
  1153. Flags: (Encryption)
  1154. MessageID: C5CB0B9A
  1155. Length: 300
  1156. Payload Hash
  1157. Next Payload: Security Association
  1158. Reserved: 00
  1159. Payload Length: 24
  1160. Data:
  1161. 50 19 bb 66 65 3c 4c 32 92 30 93 59 62 ae 74 05
  1162. 6d 5e 77 28
  1163. Payload Security Association
  1164. Next Payload: Nonce
  1165. Reserved: 00
  1166. Payload Length: 184
  1167. DOI: IPsec
  1168. Situation:(SIT_IDENTITY_ONLY)
  1169. Payload Proposal
  1170. Next Payload: None
  1171. Reserved: 00
  1172. Payload Length: 172
  1173. Proposal #: 1
  1174. Protocol-Id: PROTO_IPSEC_ESP
  1175. SPI Size: 4
  1176. # of transforms: 6
  1177. SPI: 01 cc bd 97
  1178. Payload Transform
  1179. Next Payload: Transform
  1180. Reserved: 00
  1181. Payload Length: 28
  1182. Transform #: 1
  1183. Transform-Id: ESP_AES
  1184. Reserved2: 0000
  1185. Life Type: Seconds
  1186. Life Duration (Hex): 0e 10
  1187. Encapsulation Mode: Tunnel
  1188. Key Length: 256
  1189. Authentication Algorithm: SHA1
  1190. Payload Transform
  1191. Next Payload: Transform
  1192. Reserved: 00
  1193. Payload Length: 28
  1194. Transform #: 2
  1195. Transform-Id: ESP_AES
  1196. Reserved2: 0000
  1197. Life Type: Seconds
  1198. Life Duration (Hex): 0e 10
  1199. Encapsulation Mode: Tunnel
  1200. Key Length: 256
  1201. Authentication Algorithm: MD5
  1202. Payload Transform
  1203. Next Payload: Transform
  1204. Reserved: 00
  1205. Payload Length: 28
  1206. Transform #: 3
  1207. Transform-Id: ESP_AES
  1208. Reserved2: 0000
  1209. Life Type: Seconds
  1210. Life Duration (Hex): 0e 10
  1211. Encapsulation Mode: Tunnel
  1212. Key Length: 128
  1213. Authentication Algorithm: SHA1
  1214. Payload Transform
  1215. Next Payload: Transform
  1216. Reserved: 00
  1217. Payload Length: 28
  1218. Transform #: 4
  1219. Transform-Id: ESP_AES
  1220. Reserved2: 0000
  1221. Life Type: Seconds
  1222. Life Duration (Hex): 0e 10
  1223. Encapsulation Mode: Tunnel
  1224. Key Length: 128
  1225. Authentication Algorithm: MD5
  1226. Payload Transform
  1227. Next Payload: Transform
  1228. Reserved: 00
  1229. Payload Length: 24
  1230. Transform #: 5
  1231. Transform-Id: ESP_3DES
  1232. Reserved2: 0000
  1233. Life Type: Seconds
  1234. Life Duration (Hex): 0e 10
  1235. Encapsulation Mode: Tunnel
  1236. Authentication Algorithm: SHA1
  1237. Payload Transform
  1238. Next Payload: None
  1239. Reserved: 00
  1240. Payload Length: 24
  1241. Transform #: 6
  1242. Transform-Id: ESP_3DES
  1243. Reserved2: 0000
  1244. Life Type: Seconds
  1245. Life Duration (Hex): 0e 10
  1246. Encapsulation Mode: Tunnel
  1247. Authentication Algorithm: MD5
  1248. Payload Nonce
  1249. Next Payload: Identification
  1250. Reserved: 00
  1251. Payload Length: 20
  1252. Data:
  1253. f2 ce 03 08 c9 96 85 20 5e fe 14 51 c1 95 69 e9
  1254. Payload Identification
  1255. Next Payload: Identification
  1256. Reserved: 00
  1257. Payload Length: 12
  1258. ID Type: IPv4 Address (1)
  1259. Protocol ID (UDP/TCP, etc...): 0
  1260. Port: 0
  1261. ID Data: 10.10.1.10
  1262. Payload Identification
  1263. Next Payload: None
  1264. Reserved: 00
  1265. Payload Length: 16
  1266. ID Type: IPv4 Subnet (4)
  1267. Protocol ID (UDP/TCP, etc...): 0
  1268. Port: 0
  1269. ID Data: 0.0.0.0/0.0.0.0
  1270. Sep 24 21:48:48 [IKEv1]IP = 192.168.2.100, IKE_DECODE RECEIVED Message (msgid=c5cb0b9a) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NONE (0) total length : 284
  1271. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, processing hash payload
  1272. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, processing SA payload
  1273. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, processing nonce payload
  1274. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, processing ID payload
  1275. Sep 24 21:48:48 [IKEv1 DECODE]Group = test, Username = karstens, IP = 192.168.2.100, ID_IPV4_ADDR ID received
  1276. 10.10.1.10
  1277. Sep 24 21:48:48 [IKEv1]Group = test, Username = karstens, IP = 192.168.2.100, Received remote Proxy Host data in ID Payload: Address 10.10.1.10, Protocol 0, Port 0
  1278. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, processing ID payload
  1279. Sep 24 21:48:48 [IKEv1 DECODE]Group = test, Username = karstens, IP = 192.168.2.100, ID_IPV4_ADDR_SUBNET ID received--0.0.0.0--0.0.0.0
  1280. Sep 24 21:48:48 [IKEv1]Group = test, Username = karstens, IP = 192.168.2.100, Received local IP Proxy Subnet data in ID Payload: Address 0.0.0.0, Mask 0.0.0.0, Protocol 0, Port 0
  1281. Sep 24 21:48:48 [IKEv1]Group = test, Username = karstens, IP = 192.168.2.100, QM IsRekeyed old sa not found by addr
  1282. Sep 24 21:48:48 [IKEv1]Group = test, Username = karstens, IP = 192.168.2.100, Static Crypto Map check, map SYSTEM_DEFAULT_CRYPTO_MAP, seq = 65535 is a successful match
  1283. Sep 24 21:48:48 [IKEv1]Group = test, Username = karstens, IP = 192.168.2.100, IKE Remote Peer configured for crypto map: SYSTEM_DEFAULT_CRYPTO_MAP
  1284. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, processing IPSec SA payload
  1285. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, IPSec SA Proposal # 1, Transform # 3 acceptable Matches global IPSec SA entry # 65535
  1286. Sep 24 21:48:48 [IKEv1]Group = test, Username = karstens, IP = 192.168.2.100, IKE: requesting SPI!
  1287. IPSEC: Received a PFKey message from IKE
  1288. IPSEC: Parsing PFKey GETSPI message
  1289. IPSEC: Creating IPsec SA
  1290. IPSEC: Getting the inbound SPI
  1291. IPSEC: New embryonic SA created @ 0xccf245e8,
  1292. SCB: 0xCDDA8E80,
  1293. Direction: inbound
  1294. SPI : 0x7A59C06E
  1295. Session ID: 0x0007F000
  1296. VPIF num : 0x00000003
  1297. Tunnel type: ra
  1298. Protocol : esp
  1299. Lifetime : 240 seconds
  1300. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, IKE got SPI from key engine: SPI = 0x7a59c06e
  1301. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, oakley constucting quick mode
  1302. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, constructing blank hash payload
  1303. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, constructing IPSec SA payload
  1304. Sep 24 21:48:48 [IKEv1]Group = test, Username = karstens, IP = 192.168.2.100, Overriding Initiator's IPSec rekeying duration from 0 to 4608000 Kbs
  1305. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, constructing IPSec nonce payload
  1306. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, constructing proxy ID
  1307. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, Transmitting Proxy Id:
  1308. Remote host: 10.10.1.10 Protocol 0 Port 0
  1309. Local subnet: 0.0.0.0 mask 0.0.0.0 Protocol 0 Port 0
  1310. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, Sending RESPONDER LIFETIME notification to Initiator
  1311. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, constructing qm hash payload
  1312. Sep 24 21:48:48 [IKEv1 DECODE]Group = test, Username = karstens, IP = 192.168.2.100, IKE Responder sending 2nd QM pkt: msg id = c5cb0b9a
  1313. Sep 24 21:48:48 [IKEv1]IP = 192.168.2.100, IKE_DECODE SENDING Message (msgid=c5cb0b9a) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NOTIFY (11) + NONE (0) total length : 184
  1314.  
  1315. BEFORE ENCRYPTION
  1316. RAW PACKET DUMP on SEND
  1317. c1 99 fe 96 b6 55 28 24 d7 d3 d2 14 e1 39 33 5a | .....U($.....93Z
  1318. 08 10 20 00 9a 0b cb c5 1c 00 00 00 01 00 00 18 | .. .............
  1319. 4d c1 0f af ef 20 d9 d8 01 3f bf 29 95 1f d4 7f | M.... ...?.)...
  1320. 3d d3 c2 ce 0a 00 00 34 00 00 00 01 00 00 00 01 | =......4........
  1321. 00 00 00 28 01 03 04 01 7a 59 c0 6e 00 00 00 1c | ...(....zY.n....
  1322. 01 0c 00 00 80 01 00 01 80 02 0e 10 80 04 00 01 | ................
  1323. 80 05 00 02 80 06 00 80 05 00 00 18 da 02 b3 e7 | ................
  1324. 72 8b 5c 14 5a d9 c5 9c 46 13 e9 2a 7e ec 41 97 | r.\.Z...F..*~.A.
  1325. 05 00 00 0c 01 00 00 00 0a 0a 01 0a 0b 00 00 10 | ................
  1326. 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1c | ................
  1327. 00 00 00 01 03 04 60 00 7a 59 c0 6e 80 01 00 02 | ......`.zY.n....
  1328. 00 02 00 04 00 46 50 00 | .....FP.
  1329.  
  1330. ISAKMP Header
  1331. Initiator COOKIE: c1 99 fe 96 b6 55 28 24
  1332. Responder COOKIE: d7 d3 d2 14 e1 39 33 5a
  1333. Next Payload: Hash
  1334. Version: 1.0
  1335. Exchange Type: Quick Mode
  1336. Flags: (none)
  1337. MessageID: C5CB0B9A
  1338. Length: 28
  1339. Payload Hash
  1340. Next Payload: Security Association
  1341. Reserved: 00
  1342. Payload Length: 24
  1343. Data:
  1344. 4d c1 0f af ef 20 d9 d8 01 3f bf 29 95 1f d4 7f
  1345. 3d d3 c2 ce
  1346. Payload Security Association
  1347. Next Payload: Nonce
  1348. Reserved: 00
  1349. Payload Length: 52
  1350. DOI: IPsec
  1351. Situation:(SIT_IDENTITY_ONLY)
  1352. Payload Proposal
  1353. Next Payload: None
  1354. Reserved: 00
  1355. Payload Length: 40
  1356. Proposal #: 1
  1357. Protocol-Id: PROTO_IPSEC_ESP
  1358. SPI Size: 4
  1359. # of transforms: 1
  1360. SPI: 7a 59 c0 6e
  1361. Payload Transform
  1362. Next Payload: None
  1363. Reserved: 00
  1364. Payload Length: 28
  1365. Transform #: 1
  1366. Transform-Id: ESP_AES
  1367. Reserved2: 0000
  1368. Life Type: Seconds
  1369. Life Duration (Hex): 0e 10
  1370. Encapsulation Mode: Tunnel
  1371. Authentication Algorithm: SHA1
  1372. Key Length: 128
  1373. Payload Nonce
  1374. Next Payload: Identification
  1375. Reserved: 00
  1376. Payload Length: 24
  1377. Data:
  1378. da 02 b3 e7 72 8b 5c 14 5a d9 c5 9c 46 13 e9 2a
  1379. 7e ec 41 97
  1380. Payload Identification
  1381. Next Payload: Identification
  1382. Reserved: 00
  1383. Payload Length: 12
  1384. ID Type: IPv4 Address (1)
  1385. Protocol ID (UDP/TCP, etc...): 0
  1386. Port: 0
  1387. ID Data: 10.10.1.10
  1388. Payload Identification
  1389. Next Payload: Notification
  1390. Reserved: 00
  1391. Payload Length: 16
  1392. ID Type: IPv4 Subnet (4)
  1393. Protocol ID (UDP/TCP, etc...): 0
  1394. Port: 0
  1395. ID Data: 0.0.0.0/0.0.0.0
  1396. Payload Notification
  1397. Next Payload: None
  1398. Reserved: 00
  1399. Payload Length: 28
  1400. DOI: IPsec
  1401. Protocol-ID: PROTO_IPSEC_ESP
  1402. Spi Size: 4
  1403. Notify Type: STATUS_RESP_LIFETIME
  1404. SPI: 7a 59 c0 6e
  1405. Data: 80 01 00 02 00 02 00 04 00 46 50 00
  1406. Sep 24 21:48:48 [IKEv1]IKE Receiver: Packet received on 192.168.2.120:500 from 192.168.2.100:500
  1407.  
  1408.  
  1409. IKEv1 Recv RAW packet dump
  1410. c1 99 fe 96 b6 55 28 24 d7 d3 d2 14 e1 39 33 5a | .....U($.....93Z
  1411. 08 10 20 01 c5 cb 0b 9a 00 00 00 3c 78 81 b5 a0 | .. ........<x...
  1412. 2d 19 33 d6 a8 97 30 95 fe e1 39 af 61 ba a3 c1 | -.3...0...9.a...
  1413. 95 85 02 43 57 7d 18 d2 b1 2a 23 b8 | ...CW}...*#.
  1414.  
  1415. RECV PACKET from 192.168.2.100
  1416. ISAKMP Header
  1417. Initiator COOKIE: c1 99 fe 96 b6 55 28 24
  1418. Responder COOKIE: d7 d3 d2 14 e1 39 33 5a
  1419. Next Payload: Hash
  1420. Version: 1.0
  1421. Exchange Type: Quick Mode
  1422. Flags: (Encryption)
  1423. MessageID: C5CB0B9A
  1424. Length: 60
  1425.  
  1426. AFTER DECRYPTION
  1427. ISAKMP Header
  1428. Initiator COOKIE: c1 99 fe 96 b6 55 28 24
  1429. Responder COOKIE: d7 d3 d2 14 e1 39 33 5a
  1430. Next Payload: Hash
  1431. Version: 1.0
  1432. Exchange Type: Quick Mode
  1433. Flags: (Encryption)
  1434. MessageID: C5CB0B9A
  1435. Length: 60
  1436. Payload Hash
  1437. Next Payload: None
  1438. Reserved: 00
  1439. Payload Length: 24
  1440. Data:
  1441. 55 e0 a4 ae 2d 6e d7 a8 35 a0 42 fe e8 fe ba ec
  1442. b0 d4 0a a6
  1443. Sep 24 21:48:48 [IKEv1]IP = 192.168.2.100, IKE_DECODE RECEIVED Message (msgid=c5cb0b9a) with payloads : HDR + HASH (8) + NONE (0) total length : 52
  1444. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, processing hash payload
  1445. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, loading all IPSEC SAs
  1446. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, Generating Quick Mode Key!
  1447. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, NP encrypt rule look up for crypto map SYSTEM_DEFAULT_CRYPTO_MAP 65535 matching ACL Unknown: returned cs_id=ccd2a7c8; encrypt_rule=00000000; tunnelFlow_rule=00000000
  1448. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, Generating Quick Mode Key!
  1449. IPSEC: Received a PFKey message from IKE
  1450. IPSEC: Parsing PFKey ADD message
  1451. IPSEC: Creating IPsec SA
  1452. IPSEC: Adding the outbound SA, SPI: 0x01CCBD97
  1453. IPSEC: New embryonic SA created @ 0xccee4d80,
  1454. SCB: 0xCDDA8FC0,
  1455. Direction: outbound
  1456. SPI : 0x01CCBD97
  1457. Session ID: 0x0007F000
  1458. VPIF num : 0x00000003
  1459. Tunnel type: ra
  1460. Protocol : esp
  1461. Lifetime : 240 seconds
  1462. IPSEC: Completed host OBSA update, SPI 0x01CCBD97
  1463. IPSEC: Creating outbound VPN context, SPI 0x01CCBD97
  1464. Flags: 0x00000005
  1465. SA : 0xccee4d80
  1466. SPI : 0x01CCBD97
  1467. MTU : 1500 bytes
  1468. VCID : 0x00000000
  1469. Peer : 0x00000000
  1470. SCB : 0xBAF026E3
  1471. Channel: 0xc8422d20
  1472. IPSEC: Increment SA NP ref counter for outbound SPI 0x01CCBD97, old value: 0, new value: 1, (ctm_ipsec_create_vpn_context:7112)
  1473. IPSEC: Completed outbound VPN context, SPI 0x01CCBD97
  1474. VPN handle: 0x0019cb6c
  1475. IPSEC: New outbound encrypt rule, SPI 0x01CCBD97
  1476. Src addr: 0.0.0.0
  1477. Src mask: 0.0.0.0
  1478. Dst addr: 10.10.1.10
  1479. Dst mask: 255.255.255.255
  1480. Src ports
  1481. Upper: 0
  1482. Lower: 0
  1483. Op : ignore
  1484. Dst ports
  1485. Upper: 0
  1486. Lower: 0
  1487. Op : ignore
  1488. Protocol: 0
  1489. Use protocol: false
  1490. SPI: 0x00000000
  1491. Use SPI: false
  1492. IPSEC: Increment SA NP ref counter for outbound SPI 0x01CCBD97, old value: 1, new value: 2, (ctm_ipsec_create_acl_entry:6095)
  1493. IPSEC: Completed outbound encrypt rule, SPI 0x01CCBD97
  1494. Rule ID: 0xccd97368
  1495. IPSEC: Decrement SA NP ref counter for outbound SPI 0x01CCBD97, old value: 2, new value: 1, (ctm_ipsec_create_acl_cb:5189)
  1496. IPSEC: New outbound permit rule, SPI 0x01CCBD97
  1497. Src addr: 192.168.2.120
  1498. Src mask: 255.255.255.255
  1499. Dst addr: 192.168.2.100
  1500. Dst mask: 255.255.255.255
  1501. Src ports
  1502. Upper: 0
  1503. Lower: 0
  1504. Op : ignore
  1505. Dst ports
  1506. Upper: 0
  1507. Lower: 0
  1508. Op : ignore
  1509. Protocol: 50
  1510. Use protocol: true
  1511. SPI: 0x01CCBD97
  1512. Use SPI: true
  1513. IPSEC: Increment SA NP ref counter for outbound SPI 0x01CCBD97, old value: 1, new value: 2, (ctm_ipsec_create_acl_entry:6237)
  1514. IPSEC: Completed outbound permit rule, SPI 0x01CCBD97
  1515. Rule ID: 0xcbf2d440
  1516. IPSEC: Decrement SA NP ref counter for outbound SPI 0x01CCBD97, old value: 2, new value: 1, (ctm_ipsec_create_acl_cb:5189)
  1517. IPSEC: Decrement SA NP ref counter for outbound SPI 0x01CCBD97, old value: 1, new value: 0, (ctm_np_vpn_context_cb:10892)
  1518. IPSEC: Increment SA HW ref counter for outbound SPI 0x01CCBD97, old value: 0, new value: 1, (ctm_nlite_ipsec_create_hw_obsa:1174)
  1519. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, NP encrypt rule look up for crypto map SYSTEM_DEFAULT_CRYPTO_MAP 65535 matching ACL Unknown: returned cs_id=ccd2a7c8; encrypt_rule=00000000; tunnelFlow_rule=00000000
  1520. Sep 24 21:48:48 [IKEv1]Group = test, Username = karstens, IP = 192.168.2.100, Security negotiation complete for User (karstens) Responder, Inbound SPI = 0x7a59c06e, Outbound SPI = 0x01ccbd97
  1521. IPSEC: Decrement SA HW ref counter for outbound SPI 0x01CCBD97, old value: 1, new value: 0, (ctm_nlite_outbound_callback:4175)
  1522. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, IKE got a KEY_ADD msg for SA: SPI = 0x01ccbd97
  1523. IPSEC: Received a PFKey message from IKE
  1524. IPSEC: Parsing PFKey UPDATE message
  1525. IPSEC: Creating IPsec SA
  1526. IPSEC: Updating the inbound SA, SPI: 0x7A59C06E
  1527. IPSEC: New embryonic SA created @ 0xccf245e8,
  1528. SCB: 0xCDDA8E80,
  1529. Direction: inbound
  1530. SPI : 0x7A59C06E
  1531. Session ID: 0x0007F000
  1532. VPIF num : 0x00000003
  1533. Tunnel type: ra
  1534. Protocol : esp
  1535. Lifetime : 240 seconds
  1536. IPSEC: Completed host IBSA update, SPI 0x7A59C06E
  1537. IPSEC: Creating inbound VPN context, SPI 0x7A59C06E
  1538. Flags: 0x00000006
  1539. SA : 0xccf245e8
  1540. SPI : 0x7A59C06E
  1541. MTU : 0 bytes
  1542. VCID : 0x00000000
  1543. Peer : 0x0019CB6C
  1544. SCB : 0xBAEEEF55
  1545. Channel: 0xc8422d20
  1546. IPSEC: Increment SA NP ref counter for inbound SPI 0x7A59C06E, old value: 0, new value: 1, (ctm_ipsec_create_vpn_context:7026)
  1547. IPSEC: Completed inbound VPN context, SPI 0x7A59C06E
  1548. VPN handle: 0x001a0c2c
  1549. IPSEC: Updating outbound VPN context 0x0019CB6C, SPI 0x01CCBD97
  1550. Flags: 0x00000005
  1551. SA : 0xccee4d80
  1552. SPI : 0x01CCBD97
  1553. MTU : 1500 bytes
  1554. VCID : 0x00000000
  1555. Peer : 0x001A0C2C
  1556. SCB : 0xBAF026E3
  1557. Channel: 0xc8422d20
  1558. IPSEC: Increment SA NP ref counter for outbound SPI 0x01CCBD97, old value: 0, new value: 1, (ctm_ipsec_create_vpn_context:7099)
  1559. IPSEC: Completed outbound VPN context, SPI 0x01CCBD97
  1560. VPN handle: 0x0019cb6c
  1561. IPSEC: Completed outbound inner rule, SPI 0x01CCBD97
  1562. Rule ID: 0xccd97368
  1563. IPSEC: Completed outbound outer SPD rule, SPI 0x01CCBD97
  1564. Rule ID: 0xcbf2d440
  1565. IPSEC: Decrement SA NP ref counter for outbound SPI 0x01CCBD97, old value: 1, new value: 0, (ctm_np_vpn_context_cb:10892)
  1566. IPSEC: New inbound tunnel flow rule, SPI 0x7A59C06E
  1567. Src addr: 10.10.1.10
  1568. Src mask: 255.255.255.255
  1569. Dst addr: 0.0.0.0
  1570. Dst mask: 0.0.0.0
  1571. Src ports
  1572. Upper: 0
  1573. Lower: 0
  1574. Op : ignore
  1575. Dst ports
  1576. Upper: 0
  1577. Lower: 0
  1578. Op : ignore
  1579. Protocol: 0
  1580. Use protocol: false
  1581. SPI: 0x00000000
  1582. Use SPI: false
  1583. IPSEC: Increment SA NP ref counter for inbound SPI 0x7A59C06E, old value: 1, new value: 2, (ctm_ipsec_create_acl_entry:5773)
  1584. IPSEC: Completed inbound tunnel flow rule, SPI 0x7A59C06E
  1585. Rule ID: 0xcdda9e10
  1586. IPSEC: Decrement SA NP ref counter for inbound SPI 0x7A59C06E, old value: 2, new value: 1, (ctm_ipsec_create_acl_cb:5189)
  1587. IPSEC: New inbound decrypt rule, SPI 0x7A59C06E
  1588. Src addr: 192.168.2.100
  1589. Src mask: 255.255.255.255
  1590. Dst addr: 192.168.2.120
  1591. Dst mask: 255.255.255.255
  1592. Src ports
  1593. Upper: 0
  1594. Lower: 0
  1595. Op : ignore
  1596. Dst ports
  1597. Upper: 0
  1598. Lower: 0
  1599. Op : ignore
  1600. Protocol: 50
  1601. Use protocol: true
  1602. SPI: 0x7A59C06E
  1603. Use SPI: true
  1604. IPSEC: Increment SA NP ref counter for inbound SPI 0x7A59C06E, old value: 1, new value: 2, (ctm_ipsec_create_acl_entry:5896)
  1605. IPSEC: Completed inbound decrypt rule, SPI 0x7A59C06E
  1606. Rule ID: 0xcdda9eb8
  1607. IPSEC: Decrement SA NP ref counter for inbound SPI 0x7A59C06E, old value: 2, new value: 1, (ctm_ipsec_create_acl_cb:5189)
  1608. IPSEC: New inbound permit rule, SPI 0x7A59C06E
  1609. Src addr: 192.168.2.100
  1610. Src mask: 255.255.255.255
  1611. Dst addr: 192.168.2.120
  1612. Dst mask: 255.255.255.255
  1613. Src ports
  1614. Upper: 0
  1615. Lower: 0
  1616. Op : ignore
  1617. Dst ports
  1618. Upper: 0
  1619. Lower: 0
  1620. Op : ignore
  1621. Protocol: 50
  1622. Use protocol: true
  1623. SPI: 0x7A59C06E
  1624. Use SPI: true
  1625. IPSEC: Increment SA NP ref counter for inbound SPI 0x7A59C06E, old value: 1, new value: 2, (ctm_ipsec_create_acl_entry:5896)
  1626. IPSEC: Completed inbound permit rule, SPI 0x7A59C06E
  1627. Rule ID: 0xcdda9f60
  1628. IPSEC: Decrement SA NP ref counter for inbound SPI 0x7A59C06E, old value: 2, new value: 1, (ctm_ipsec_create_acl_cb:5189)
  1629. IPSEC: Decrement SA NP ref counter for inbound SPI 0x7A59C06E, old value: 1, new value: 0, (ctm_np_vpn_context_cb:10892)
  1630. IPSEC: Increment SA HW ref counter for inbound SPI 0x7A59C06E, old value: 0, new value: 1, (ctm_nlite_ipsec_create_hw_ibsa:747)
  1631. IPSEC: Decrement SA HW ref counter for inbound SPI 0x7A59C06E, old value: 1, new value: 0, (ctm_nlite_inbound_callback:3022)
  1632. IPSEC: Added SA to last received DB, SPI: 0x7A59C06E, user: karstens, peer: 192.168.2.100, SessionID: 0x0007F000
  1633. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, Pitcher: received KEY_UPDATE, spi 0x7a59c06e
  1634. Sep 24 21:48:48 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, Starting P2 rekey timer: 3420 seconds.
  1635. Sep 24 21:48:48 [IKEv1]Group = test, Username = karstens, IP = 192.168.2.100, Adding static route for client address: 10.10.1.10
  1636. Sep 24 21:48:48 [IKEv1]Group = test, Username = karstens, IP = 192.168.2.100, PHASE 2 COMPLETED (msgid=c5cb0b9a)
  1637. Sep 24 21:48:50 [IKEv1]IKE Receiver: Packet received on 192.168.2.120:500 from 192.168.2.100:500
  1638.  
  1639.  
  1640. IKEv1 Recv RAW packet dump
  1641. c1 99 fe 96 b6 55 28 24 d7 d3 d2 14 e1 39 33 5a | .....U($.....93Z
  1642. 08 10 05 01 ca 03 5f 6a 00 00 00 4c 86 e1 ce d3 | ......_j...L....
  1643. 38 f4 81 c3 c3 3c a9 92 49 75 c2 09 1b 1b a1 98 | 8....<..Iu......
  1644. 68 37 8d 5e cd 2b 3f e3 9f 8d c1 7a a6 bc b3 c3 | h7.^.+?....z....
  1645. 40 79 09 91 7d d3 f7 1f 5e 4c ad 9c | @y..}...^L..
  1646.  
  1647. RECV PACKET from 192.168.2.100
  1648. ISAKMP Header
  1649. Initiator COOKIE: c1 99 fe 96 b6 55 28 24
  1650. Responder COOKIE: d7 d3 d2 14 e1 39 33 5a
  1651. Next Payload: Hash
  1652. Version: 1.0
  1653. Exchange Type: Informational
  1654. Flags: (Encryption)
  1655. MessageID: CA035F6A
  1656. Length: 76
  1657.  
  1658. AFTER DECRYPTION
  1659. ISAKMP Header
  1660. Initiator COOKIE: c1 99 fe 96 b6 55 28 24
  1661. Responder COOKIE: d7 d3 d2 14 e1 39 33 5a
  1662. Next Payload: Hash
  1663. Version: 1.0
  1664. Exchange Type: Informational
  1665. Flags: (Encryption)
  1666. MessageID: CA035F6A
  1667. Length: 76
  1668. Payload Hash
  1669. Next Payload: Delete
  1670. Reserved: 00
  1671. Payload Length: 24
  1672. Data:
  1673. 1d 51 3b f8 81 b1 d2 7d f6 56 3d b4 75 87 49 f0
  1674. d3 6d ed 86
  1675. Payload Delete
  1676. Next Payload: None
  1677. Reserved: 00
  1678. Payload Length: 16
  1679. DOI: IPsec
  1680. Protocol-ID: PROTO_IPSEC_ESP
  1681. Spi Size: 4
  1682. # of SPIs: 1
  1683. SPI (Hex dump): 01 cc bd 97
  1684. Sep 24 21:48:50 [IKEv1]IP = 192.168.2.100, IKE_DECODE RECEIVED Message (msgid=ca035f6a) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 68
  1685. Sep 24 21:48:50 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, processing hash payload
  1686. Sep 24 21:48:50 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, processing delete
  1687. Sep 24 21:48:50 [IKEv1]Group = test, Username = karstens, IP = 192.168.2.100, Connection terminated for peer karstens. Reason: Peer Terminate Remote Proxy 10.10.1.10, Local Proxy 0.0.0.0
  1688. Sep 24 21:48:50 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, Active unit receives a delete event for remote peer 192.168.2.100.
  1689.  
  1690. Sep 24 21:48:50 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, IKE Deleting SA: Remote Proxy 10.10.1.10, Local Proxy 0.0.0.0
  1691. Sep 24 21:48:50 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, IKE SA AM:14d2d3d7 rcv'd Terminate: state AM_ACTIVE flags 0x0861d041, refcnt 1, tuncnt 0
  1692. Sep 24 21:48:50 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, IKE SA AM:14d2d3d7 terminating: flags 0x0961d001, refcnt 0, tuncnt 0
  1693. Sep 24 21:48:50 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, sending delete/delete with reason message
  1694. IPSEC: Received a PFKey message from IKE
  1695. IPSEC: Destroy current outbound SPI: 0x01CCBD97
  1696. IPSEC: Increment SA NP ref counter for outbound SPI 0x01CCBD97, old value: 0, new value: 1, (ctm_ipsec_delete_acl_entry:6666)
  1697. IPSEC: Deleted outbound encrypt rule, SPI 0x01CCBD97
  1698. Rule ID: 0xccd97368
  1699. IPSEC: Decrement SA NP ref counter for outbound SPI 0x01CCBD97, old value: 1, new value: 0, (ctm_ipsec_delete_acl_cb:5293)
  1700. IPSEC: Increment SA NP ref counter for outbound SPI 0x01CCBD97, old value: 0, new value: 1, (ctm_ipsec_delete_acl_entry:6666)
  1701. IPSEC: Deleted outbound permit rule, SPI 0x01CCBD97
  1702. Rule ID: 0xcbf2d440
  1703. IPSEC: Decrement SA NP ref counter for outbound SPI 0x01CCBD97, old value: 1, new value: 0, (ctm_ipsec_delete_acl_cb:5293)
  1704. IPSEC: Increment SA NP ref counter for outbound SPI 0x01CCBD97, old value: 0, new value: 1, (ctm_ipsec_free_sa:8461)
  1705. IPSEC: Deleted outbound VPN context, SPI 0x01CCBD97
  1706. VPN handle: 0x0019cb6c
  1707. IPSEC: Decrement SA NP ref counter for outbound SPI 0x01CCBD97, old value: 1, new value: 0, (ctm_np_vpn_delete_cb:10952)
  1708. IPSEC: Destroy current inbound SPI: 0x7A59C06E
  1709. IPSEC: Increment SA NP ref counter for inbound SPI 0x7A59C06E, old value: 0, new value: 1, (ctm_ipsec_delete_acl_entry:6666)
  1710. IPSEC: Deleted inbound decrypt rule, SPI 0x7A59C06E
  1711. Rule ID: 0xcdda9eb8
  1712. IPSEC: Decrement SA NP ref counter for inbound SPI 0x7A59C06E, old value: 1, new value: 0, (ctm_ipsec_delete_acl_cb:5293)
  1713. IPSEC: Increment SA NP ref counter for inbound SPI 0x7A59C06E, old value: 0, new value: 1, (ctm_ipsec_delete_acl_entry:6666)
  1714. IPSEC: Deleted inbound permit rule, SPI 0x7A59C06E
  1715. Rule ID: 0xcdda9f60
  1716. IPSEC: Decrement SA NP ref counter for inbound SPI 0x7A59C06E, old value: 1, new value: 0, (ctm_ipsec_delete_acl_cb:5293)
  1717. IPSEC: Increment SA NP ref counter for inbound SPI 0x7A59C06E, old value: 0, new value: 1, (ctm_ipsec_delete_acl_entry:6666)
  1718. IPSEC: Deleted inbound tunnel flow rule, SPI 0x7A59C06E
  1719. Rule ID: 0xcdda9e10
  1720. IPSEC: Decrement SA NP ref counter for inbound SPI 0x7A59C06E, old value: 1, new value: 0, (ctm_ipsec_delete_acl_cb:5293)
  1721. IPSEC: Increment SA NP ref counter for inbound SPI 0x7A59C06E, old value: 0, new value: 1, (ctm_ipsec_free_sa:8461)
  1722. IPSEC: Deleted inbound VPN context, SPI 0x7A59C06E
  1723. VPN handle: 0x001a0c2c
  1724. IPSEC: Decrement SA NP ref counter for inbound SPI 0x7A59C06E, old value: 1, new value: 0, (ctm_np_vpn_delete_cb:10952)
  1725. IPSEC: Removed SA from last received DB, SPI: 0x7A59C06E, user: karstens, peer: 192.168.2.100, SessionID: 0x0007F000
  1726. Sep 24 21:48:50 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, constructing blank hash payload
  1727. Sep 24 21:48:50 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, constructing IKE delete payload
  1728. Sep 24 21:48:50 [IKEv1 DEBUG]Group = test, Username = karstens, IP = 192.168.2.100, constructing qm hash payload
  1729. Sep 24 21:48:50 [IKEv1]IP = 192.168.2.100, IKE_DECODE SENDING Message (msgid=4e0490ff) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
  1730.  
  1731. BEFORE ENCRYPTION
  1732. RAW PACKET DUMP on SEND
  1733. c1 99 fe 96 b6 55 28 24 d7 d3 d2 14 e1 39 33 5a | .....U($.....93Z
  1734. 08 10 05 00 ff 90 04 4e 1c 00 00 00 0c 00 00 18 | .......N........
  1735. 93 d7 66 18 9c bf b8 b3 ce 13 18 ee 9a b7 93 9a | ..f.............
  1736. 13 6f 74 c8 00 00 00 1c 00 00 00 01 01 10 00 01 | .ot.............
  1737. c1 99 fe 96 b6 55 28 24 d7 d3 d2 14 e1 39 33 5a | .....U($.....93Z
  1738.  
  1739. ISAKMP Header
  1740. Initiator COOKIE: c1 99 fe 96 b6 55 28 24
  1741. Responder COOKIE: d7 d3 d2 14 e1 39 33 5a
  1742. Next Payload: Hash
  1743. Version: 1.0
  1744. Exchange Type: Informational
  1745. Flags: (none)
  1746. MessageID: 4E0490FF
  1747. Length: 28
  1748. Payload Hash
  1749. Next Payload: Delete
  1750. Reserved: 00
  1751. Payload Length: 24
  1752. Data:
  1753. 93 d7 66 18 9c bf b8 b3 ce 13 18 ee 9a b7 93 9a
  1754. 13 6f 74 c8
  1755. Payload Delete
  1756. Next Payload: None
  1757. Reserved: 00
  1758. Payload Length: 28
  1759. DOI: IPsec
  1760. Protocol-ID: PROTO_ISAKMP
  1761. Spi Size: 16
  1762. # of SPIs: 1
  1763. SPI (Hex dump):
  1764. c1 99 fe 96 b6 55 28 24 d7 d3 d2 14 e1 39 33 5a
  1765.  
  1766. ISAKMP Header
  1767. Initiator COOKIE: c1 99 fe 96 b6 55 28 24
  1768. Responder COOKIE: d7 d3 d2 14 e1 39 33 5a
  1769. Next Payload: Hash
  1770. Version: 1.0
  1771. Exchange Type: Informational
  1772. Flags: (Encryption)
  1773. MessageID: 4E0490FF
  1774. Length: 92
  1775. Sep 24 21:48:50 [IKEv1 DEBUG]Pitcher: received key delete msg, spi 0x7a59c06e
  1776. Sep 24 21:48:50 [IKEv1 DEBUG]Pitcher: received key delete msg, spi 0x7a59c06e
  1777. Sep 24 21:48:50 [IKEv1]Group = test, Username = karstens, IP = 192.168.2.100, Session is being torn down. Reason: User Requested
  1778. Sep 24 21:48:50 [IKEv1]Group = test, Username = karstens, IP = 192.168.2.100, Deleting static route for client address: 10.10.1.10
  1779. Sep 24 21:48:50 [IKEv1]Ignoring msg to mark SA with dsID 520192 dead because SA deleted
  1780. Sep 24 21:48:50 [IKEv1]IKE Receiver: Packet received on 192.168.2.120:500 from 192.168.2.100:500
  1781.  
  1782.  
  1783. IKEv1 Recv RAW packet dump
  1784. c1 99 fe 96 b6 55 28 24 d7 d3 d2 14 e1 39 33 5a | .....U($.....93Z
  1785. 08 10 05 01 c5 87 ef 90 00 00 00 5c fd d1 dd 17 | ...........\....
  1786. 60 18 d6 29 d2 36 de 56 c3 83 16 53 31 39 b6 80 | `..).6.V...S19..
  1787. 44 b1 bb fe 34 10 8f 22 ac 01 cb 3b 4b 47 73 7c | D...4.."...;KGs|
  1788. 33 a0 15 51 29 ee 7f 6e 92 8e d5 92 34 54 46 43 | 3..Q).n....4TFC
  1789. 6b 9f 4c f1 76 9e 27 46 18 fa bd a0 | k.L.v.'F....
  1790.  
  1791. RECV PACKET from 192.168.2.100
  1792. ISAKMP Header
  1793. Initiator COOKIE: c1 99 fe 96 b6 55 28 24
  1794. Responder COOKIE: d7 d3 d2 14 e1 39 33 5a
  1795. Next Payload: Hash
  1796. Version: 1.0
  1797. Exchange Type: Informational
  1798. Flags: (Encryption)
  1799. MessageID: C587EF90
  1800. Length: 92
  1801. Sep 24 21:48:50 [IKEv1]IP = 192.168.2.100, Received encrypted packet with no matching SA, dropping
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!