API tools faq
paste
Guest User

Cisco ASA ikev2 debug

a guest
Jul 16th, 2020
67
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 53.56 KB | None | 0 0
raw download clone embed print report
  1. aws-core# debug crypto ikev2 protocol 100
  2. aws-core#
  3. IKEv2-PROTO-4: Received Packet [From <My public IP>:500/To 172.31.39.243:500/VRF i0:f0]
  4. Initiator SPI : 201FAEA82205C336 - Responder SPI : 0000000000000000 Message id: 0
  5. IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: INITIATOR Message id: 0, length: 464
  6. Payload contents:
  7. SA Next payload: KE, reserved: 0x0, length: 48
  8. last proposal: 0x0, reserved: 0x0, length: 44
  9. Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12
  10. type: 1, reserved: 0x0, id: AES-CBC
  11. last transform: 0x3, reserved: 0x0: length: 8
  12. type: 3, reserved: 0x0, id: SHA96
  13. last transform: 0x3, reserved: 0x0: length: 8
  14. type: 2, reserved: 0x0, id: SHA1
  15. last transform: 0x0, reserved: 0x0: length: 8
  16. type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
  17. KE Next payload: N, reserved: 0x0, length: 264
  18. DH group: 14, Reserved: 0x0aws-end-core# debug crypto ikev2 protocol 100
  19. aws-core#
  20. IKEv2-PROTO-4: Received Packet [From <My public IP>:500/To 172.31.39.243:500/VRF i0:f0]
  21. Initiator SPI : 201FAEA82205C336 - Responder SPI : 0000000000000000 Message id: 0
  22. IKEv2 IKE_SA_INIT Exchange REQUESTIKEv2-PROTO-5: Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: INITIATOR Message id: 0, length: 464
  23. Payload contents:
  24. SA Next payload: KE, reserved: 0x0, length: 48
  25. last proposal: 0x0, reserved: 0x0, length: 44
  26. Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12
  27. type: 1, reserved: 0x0, id: AES-CBC
  28. last transform: 0x3, reserved: 0x0: length: 8
  29. type: 3, reserved: 0x0, id: SHA96
  30. last transform: 0x3, reserved: 0x0: length: 8
  31. type: 2, reserved: 0x0, id: SHA1
  32. last transform: 0x0, reserved: 0x0: length: 8
  33. type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
  34. KE Next payload: N, reserved: 0x0, length: 264
  35. DH group: 14, Reserved: 0x0
  36.  
  37. f7 aa 5f fe 94 36 f1 06 30 65 42 8b e4 3b 75 12
  38. c8 d6 9f ca 45 df d2 17 4f 45 9e c6 ab c7 13 c9
  39. 43 86 59 63 bd 2c 6b 15 17 b1 4a ea 4e 71 04 a0
  40. b5 3f 60 42 7c e1 bb 58 0d b9 6f 24 e8 d9 e9 49
  41. 16 0b ee ef e5 d7 8f 5e 07 fd 7a 2d 6c 66 c9 55
  42. cd 48 2d a1 15 b9 90 f7 3f d7 23 88 5b 14 14 29
  43. 7a b6 ae 16 44 06 93 8f 93 9b 77 c7 c0 a8 e6 c3
  44. 8d fa 5c 33 90 c1 8d 24 d4 ab 47 85 60 16 31 5a
  45. dc 67 d8 3f f2 14 4b ea 70 ea 2e 06 bd a1 1d ed
  46. 28 78 3a c3 a9 d2 6e f7 80 30 4b fb 27 8c ba e3
  47. eb 7d f4 90 06 74 b7 74 a2 13 6f c6 49 4b 44 e4
  48. 45 27 cf 42 a7 a5 5d ff c7 95 7b 47 3a 0d a1 47
  49. fb 91 db 70 be 91 e8 aa 0a 0d 0e 05 94 36 44 8b
  50. 7e 8f c5 78 a2 22 00 01 23 4c 86 72 7e fe a5 02
  51. 5b 8c 6c ed 06 34 b0 c3 2c 6e 82 a6 f6 b5 56 1f
  52. 23 1a fc ff 2c 29 78 93 5f e7 b7 a5 18 65 60 e1
  53. N Next payload: NOTIFY, reserved: 0x0, length: 36
  54.  
  55. aa 50 51 09 bb 66 93 4b 5b 80 f8 3f fa 61 46 dc
  56. 29 e0 49 96 d5 1a 4c 69 12 4c 75 2b 17 96 76 99
  57. NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
  58. Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_SOURCE_IP
  59.  
  60. da 99 50 cf 9e 1e 13 4d b0 ff 26 08 5c b8 8f f0
  61. ec 97 4c 5b
  62. NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
  63. Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
  64.  
  65. 9c 05 8f f5 67 9c 59 e2 77 cd a6 cd ab 11 53 11
  66. cf f8 af 02
  67. NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) Next payload: NOTIFY, reserved: 0x0, length: 8
  68. Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED
  69. NOTIFY(Unknown - 16431) Next payload: NOTIFY, reserved: 0x0, length: 16
  70. Security protocol id: Unknown - 0, spi size: 0, type: Unknown - 0
  71.  
  72. 00 02 00 03 00 04 00 05
  73. NOTIFY(REDIRECT_SUPPORTED) Next payload: NONE, reserved: 0x0, length: 8
  74. Security protocol id: Unknown - 0, spi size: 0, type: REDIRECT_SUPPORTED
  75.  
  76. Decrypted packet:Data: 464 bytes
  77. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: IDLE Event: EV_RECV_INIT
  78. IKEv2-PROTO-4: (1202): Checking NAT discovery
  79. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_REDIRECT
  80. IKEv2-PROTO-7: (1202): Redirect check is not needed, skipping it
  81. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_CAC
  82. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_COOKIE
  83. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK4_COOKIE_NOTIFY
  84. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_INIT Event: EV_VERIFY_MSG
  85. IKEv2-PROTO-4: (1202): Verify SA init message
  86. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_INIT Event: EV_INSERT_SA
  87. IKEv2-PROTO-4: (1202): Insert SA
  88. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_INIT Event: EV_GET_IKE_POLICY
  89. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_INIT Event: EV_PROC_MSG
  90. IKEv2-PROTO-4: (1202): Processing IKE_SA_INIT message
  91. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_INIT Event: EV_DETECT_NAT
  92. IKEv2-PROTO-7: (1202): Process NAT discovery notify
  93. IKEv2-PROTO-7: (1202): Processing nat detect src notify
  94. IKEv2-PROTO-7: (1202): Remote address not matched
  95. IKEv2-PROTO-7: (1202): Processing nat detect dst notify
  96. IKEv2-PROTO-7: (1202): Local address not matched
  97. IKEv2-PROTO-7: (1202): Host is located NAT inside
  98. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_INIT Event: EV_CHK_CONFIG_MODE
  99. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_SET_POLICY
  100. IKEv2-PROTO-7: (1202): Setting configured policies
  101. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_CHK_AUTH4PKI
  102. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_PKI_SESH_OPEN
  103. IKEv2-PROTO-7: (1202): Opening a PKI session
  104. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_KEY
  105. IKEv2-PROTO-4: (1202): [IKEv2 -> Crypto Engine] Computing DH public key, DH Group 14
  106. IKEv2-PROTO-4: (1202): Request queued for computation of DH key
  107. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT
  108. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP
  109. IKEv2-PROTO-7: (1202): Action: Action_Null
  110. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_SECRET
  111. IKEv2-PROTO-4: (1202): [IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 14
  112. IKEv2-PROTO-4: (1202): Request queued for computation of DH secret
  113. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT
  114. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_SECRET_RESP
  115. IKEv2-PROTO-7: (1202): Action: Action_Null
  116. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_SKEYID
  117. IKEv2-PROTO-7: (1202): Generate skeyid
  118. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GET_CONFIG_MODE
  119. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_BLD_MSG
  120. IKEv2-PROTO-4: (1202): Generating IKE_SA_INIT message
  121. IKEv2-PROTO-4: (1202): IKE Proposal: 1, SPI size: 0 (initial negotiation),
  122. Num. transforms: 4
  123. (1202): AES-CBC(1202): SHA1(1202): SHA96(1202): DH_GROUP_2048_MODP/Group 14(1202):
  124. IKEv2-PROTO-4: (1202): Sending Packet [To <My public IP>:500/From 172.31.39.243:500/VRF i0:f0]
  125. (1202): Initiator SPI : 201FAEA82205C336 - Responder SPI : B7A99A694307DA53 Message id: 0
  126. (1202): IKEv2 IKE_SA_INIT Exchange RESPONSEIKEv2-PROTO-5: (1202): Next payload: SA, version: 2.0 (1202): Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE (1202): Message id: 0, length: 599(1202):
  127. Payload contents:
  128. (1202): SA(1202): Next payload: KE, reserved: 0x0, length: 48
  129. (1202): last proposal: 0x0, reserved: 0x0, length: 44
  130. Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4(1202): last transform: 0x3, reserved: 0x0: length: 12
  131. type: 1, reserved: 0x0, id: AES-CBC
  132. (1202): last transform: 0x3, reserved: 0x0: length: 8
  133. type: 2, reserved: 0x0, id: SHA1
  134. (1202): last transform: 0x3, reserved: 0x0: length: 8
  135. type: 3, reserved: 0x0, id: SHA96
  136. (1202): last transform: 0x0, reserved: 0x0: length: 8
  137. type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
  138. (1202): KE(1202): Next payload: N, reserved: 0x0, length: 264
  139. (1202): DH group: 14, Reserved: 0x0
  140. (1202):
  141. (1202): e0 18 3f bd 61 40 06 9e b3 db 0c 1d 38 8c 72 96
  142. (1202): 31 70 b3 b7 57 02 d6 f9 dd ca 5a 28 5d cc 67 32
  143. (1202): 48 20 b9 5b 74 f0 f5 13 e3 46 0a 7e 62 e1 f6 94
  144. (1202): ed 9d c1 11 f3 82 af d7 ab bf 39 8c 0c d0 42 b5
  145. (1202): b9 b4 fb 8f 4d bb 7e c3 07 c9 e1 3e 7a f6 8a cc
  146. (1202): a7 cf 69 8b 75 3b 6e 81 fd ba 5c 5f 6a 75 9a 08
  147. (1202): c0 74 4e 8a 06 11 f6 0f 14 4d 5e 09 80 ef f3 f3
  148. (1202): 15 1c 7a 6a 6e 39 22 5e 19 91 99 9d 0f de 0f 03
  149. (1202): 1a 09 92 85 bd e3 77 52 91 df 32 f3 ac db 85 8b
  150. (1202): f6 2e ab 5a 1b ee 48 64 ac d1 bc 76 b3 02 43 91
  151. (1202): 11 28 4a a1 d5 9f 8c 35 31 d8 27 be a1 6d 29 32
  152. (1202): b9 29 45 2e 77 8b 1a b4 f6 c9 44 41 aa 60 3a 57
  153. (1202): 50 81 be 3a 94 d5 f6 03 9d c9 c6 5e af 8c 85 a4
  154. (1202): f3 d1 e6 06 1c 37 f1 8d 29 10 66 36 f8 da 68 09
  155. (1202): 26 c1 be ff 48 34 a8 f0 07 dd df db 3b f3 bb 01
  156. (1202): c7 22 56 3e 19 6f c0 76 1f 05 1f d3 e1 6f f9 7d
  157. (1202): N(1202): Next payload: VID, reserved: 0x0, length: 68
  158. (1202):
  159. (1202): 21 93 af f9 1a 95 c5 07 1c da 73 e5 8b 31 38 3a
  160. (1202): 4c 43 a9 02 35 f2 89 88 f0 aa 0f 1a 0c 29 53 cd
  161. (1202): 4b dc 33 d6 a8 1b 09 44 c0 c4 cb 4e 69 25 80 1b
  162. (1202): ee d7 a3 91 27 98 1f 19 16 ec 05 73 b5 52 b2 62
  163. (1202): VID(1202): Next payload: VID, reserved: 0x0, length: 23
  164. (1202):
  165. (1202): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
  166. (1202): 53 4f 4e
  167. (1202): VID(1202): Next payload: NOTIFY, reserved: 0x0, length: 59
  168. (1202):
  169. (1202): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
  170. (1202): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
  171. (1202): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
  172. (1202): 73 2c 20 49 6e 63 2e
  173. (1202): NOTIFY(NAT_DETECTION_SOURCE_IP)(1202): Next payload: NOTIFY, reserved: 0x0, length: 28
  174. (1202): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
  175. (1202):
  176. (1202): d1 54 d0 18 f7 75 e1 7e 48 8b 6a ba 95 73 6d 06
  177. (1202): ba d3 f1 80
  178. (1202): NOTIFY(NAT_DETECTION_DESTINATION_IP)(1202): Next payload: CERTREQ, reserved: 0x0, length: 28
  179. (1202): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
  180. (1202):
  181. (1202): 29 4b 5f 92 54 e7 6e 62 eb 50 9a cf ef 17 bd 09
  182. (1202): f9 1c 3c 44
  183. (1202): CERTREQ(1202): Next payload: NOTIFY, reserved: 0x0, length: 25
  184. (1202): Cert encoding X.509 Certificate - signature
  185. (1202): CertReq data: 20 bytes
  186. (1202): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(1202): Next payload: VID, reserved: 0x0, length: 8
  187. (1202): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED
  188. (1202): VID(1202): Next payload: NONE, reserved: 0x0, length: 20
  189. (1202):
  190. (1202): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
  191. (1202):
  192. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_DONE
  193. IKEv2-PROTO-4: (1202): IETF Fragmentation is enabled
  194. IKEv2-PROTO-4: (1202): Completed SA init exchange
  195. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_CHK4_ROLE
  196. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_START_TMR
  197. IKEv2-PROTO-4: (1202): Starting timer (30 sec) to wait for auth message
  198. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_WAIT_AUTH Event: EV_NO_EVENT
  199. IKEv2-PROTO-7: (1202): Request has mess_id 1; expected 1 through 1
  200.  
  201. (1202):
  202. IKEv2-PROTO-4: (1202): Received Packet [From <My public IP>:33167/To 172.31.39.243:500/VRF i0:f0]
  203. (1202): Initiator SPI : 201FAEA82205C336 - Responder SPI : B7A99A694307DA53 Message id: 1
  204. (1202): IKEv2 IKE_AUTH Exchange REQUESTIKEv2-PROTO-5: (1202): Next payload: ENCR, version: 2.0 (1202): Exchange type: IKE_AUTH, flags: INITIATOR (1202): Message id: 1, length: 252(1202):
  205. Payload contents:
  206. (1202):
  207. (1202): Decrypted packet:(1202): Data: 252 bytes
  208. (1202): REAL Decrypted packet:(1202): Data: 179 bytes
  209. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_RECV_AUTH
  210. IKEv2-PROTO-4: (1202): Stopping timer to wait for auth message
  211. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_NAT_T
  212. IKEv2-PROTO-4: (1202): Checking NAT discovery
  213. IKEv2-PROTO-4: (1202): NAT INSIDE found
  214. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHG_NAT_T_PORT
  215. IKEv2-PROTO-4: (1202): NAT detected float to init port 33167, resp port 4500
  216. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_PROC_ID
  217. IKEv2-PROTO-7: (1202): Received valid parameteres in process id
  218. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_IF_PEER_CERT_NEEDS_TO_BE_FETCHED_FOR_PROF_SEL
  219. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_GET_POLICY_BY_PEERID
  220. IKEv2-PROTO-4: (1202): Searching policy based on peer's identity 'pfsense-tg' of type 'key ID'
  221. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_SET_POLICY
  222. IKEv2-PROTO-7: (1202): Setting configured policies
  223. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_VERIFY_POLICY_BY_PEERID
  224. IKEv2-PROTO-4: (1202): Verify peer's policy
  225. IKEv2-PROTO-4: (1202): Peer's policy verified
  226. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_AUTH4EAP
  227. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_POLREQEAP
  228. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_CHK_AUTH_TYPE
  229. IKEv2-PROTO-4: (1202): Get peer's authentication method
  230. IKEv2-PROTO-4: (1202): Peer's authentication method is 'PSK'
  231. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_GET_PRESHR_KEY
  232. IKEv2-PROTO-4: (1202): Get peer's preshared key for pfsense-tg
  233. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_VERIFY_AUTH
  234. IKEv2-PROTO-4: (1202): Verify peer's authentication data
  235. IKEv2-PROTO-4: (1202): Use preshared key for id pfsense-tg, key len 20
  236. IKEv2-PROTO-4: (1202): Verification of peer's authenctication data PASSED
  237. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_CHK4_IC
  238. IKEv2-PROTO-4: (1202): Processing INITIAL_CONTACT
  239. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_CHK_REDIRECT
  240. IKEv2-PROTO-4: (1202): Redirect check with platform for load-balancing
  241. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_NOTIFY_AUTH_DONE
  242. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_CHK_CONFIG_MODE
  243. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_GET_CONFIG_MODE
  244. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_PROC_SA_TS
  245. IKEv2-PROTO-4: (1202): Processing IKE_AUTH message
  246. IKEv2-PROTO-2: (1202): Failed to find a matching policy
  247. IKEv2-PROTO-2: (1202): Received Policies:
  248. IKEv2-PROTO-2: (1202): Failed to find a matching policy
  249. IKEv2-PROTO-2: (1202): Expected Policies:
  250. IKEv2-PROTO-7: (1202): Failed to verify the proposed policies
  251. IKEv2-PROTO-2: (1202): Failed to find a matching policy
  252. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_NO_PROP_CHOSEN
  253. IKEv2-PROTO-4: (1202): Sending no proposal chosen notify
  254. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_MY_AUTH_METHOD
  255. IKEv2-PROTO-4: (1202): Get my authentication method
  256. IKEv2-PROTO-4: (1202): My authentication method is 'PSK'
  257. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_GET_PRESHR_KEY
  258. IKEv2-PROTO-4: (1202): Get peer's preshared key for pfsense-tg
  259. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_GEN_AUTH
  260. IKEv2-PROTO-4: (1202): Generate my authentication data
  261. IKEv2-PROTO-4: (1202): Use preshared key for id 172.31.39.243, key len 20
  262. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_CHK4_SIGN
  263. IKEv2-PROTO-4: (1202): Get my authentication method
  264. IKEv2-PROTO-4: (1202): My authentication method is 'PSK'
  265. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_OK_AUTH_GEN
  266. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_SEND_AUTH
  267. IKEv2-PROTO-4: (1202): Generating IKE_AUTH message
  268. IKEv2-PROTO-4: (1202): Constructing IDr payload: '172.31.39.243' of type 'IPv4 address'
  269. IKEv2-PROTO-4: (1202): Building packet for encryption.
  270. (1202):
  271. Payload contents:
  272. (1202): VID(1202): Next payload: IDr, reserved: 0x0, length: 20
  273. (1202):
  274. (1202): b5 a9 9b 69 50 30 29 14 78 7b 19 43 c3 45 9b ae
  275. (1202): IDr(1202): Next payload: AUTH, reserved: 0x0, length: 12
  276. (1202): Id type: IPv4 address, Reserved: 0x0 0x0
  277. (1202):
  278. (1202): ac 1f 27 f3
  279. (1202): AUTH(1202): Next payload: NOTIFY, reserved: 0x0, length: 28
  280. (1202): Auth method PSK, reserved: 0x0, reserved 0x0
  281. (1202): Auth data: 20 bytes
  282. (1202): NOTIFY(NO_PROPOSAL_CHOSEN)(1202): Next payload: NONE, reserved: 0x0, length: 8
  283. (1202): Security protocol id: IKE, spi size: 0, type: NO_PROPOSAL_CHOSEN
  284. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_ENCRYPT_MSG
  285. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_NO_EVENT
  286. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_OK_ENCRYPT_RESP
  287. IKEv2-PROTO-7: (1202): Action: Action_Null
  288. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_TRYSEND
  289. (1202):
  290. IKEv2-PROTO-4: (1202): Sending Packet [To <My public IP>:33167/From 172.31.39.243:4500/VRF i0:f0]
  291. (1202): Initiator SPI : 201FAEA82205C336 - Responder SPI : B7A99A694307DA53 Message id: 1
  292. (1202): IKEv2 IKE_AUTH Exchange RESPONSEIKEv2-PROTO-5: (1202): Next payload: ENCR, version: 2.0 (1202): Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE (1202): Message id: 1, length: 140(1202):
  293. Payload contents:
  294. (1202): ENCR(1202): Next payload: VID, reserved: 0x0, length: 112
  295. (1202): Encrypted data: 108 bytes
  296. (1202):
  297. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_CHK_AUTH_FAIL
  298. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_OK
  299. IKEv2-PROTO-7: (1202): Action: Action_Null
  300. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_UPDATE_CAC_STATS
  301. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_INSERT_IKE
  302. IKEv2-PROTO-4: (1202): IKEV2 SA created; inserting SA into database. SA lifetime timer (43200 sec) started
  303. IKEv2-PROTO-4: (1202): Set NAT keepalive timer 1800
  304. IKEv2-PROTO-4: (1202): Session with IKE ID PAIR (pfsense-tg, 172.31.39.243) is UP
  305. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_REGISTER_SESSION
  306. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_NO_EVENT
  307. IKEv2-PROTO-4: (1202): Initializing DPD, configured for 10 seconds
  308. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_RECD_REGISTER_SESSION_RESP
  309. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_CHECK_DUPE
  310. IKEv2-PROTO-4: (1202): Checking for duplicate IKEv2 SA
  311. IKEv2-PROTO-4: (1202): No duplicate IKEv2 SA found
  312. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_CHK4_ROLE
  313. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: READY Event: EV_R_OK
  314. IKEv2-PROTO-4: (1202): Starting timer (8 sec) to delete negotiation context
  315. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: READY Event: EV_NO_EVENT
  316. IKEv2-PROTO-7: (1202): Request has mess_id 2; expected 2 through 2
  317.  
  318. (1202):
  319. IKEv2-PROTO-4: (1202): Received Packet [From <My public IP>:33167/To 172.31.39.243:4500/VRF i0:f0]
  320. (1202): Initiator SPI : 201FAEA82205C336 - Responder SPI : B7A99A694307DA53 Message id: 2
  321. (1202): IKEv2 INFORMATIONAL Exchange REQUESTIKEv2-PROTO-5: (1202): Next payload: ENCR, version: 2.0 (1202): Exchange type: INFORMATIONAL, flags: INITIATOR (1202): Message id: 2, length: 76(1202):
  322. Payload contents:
  323. (1202):
  324. (1202): Decrypted packet:(1202): Data: 76 bytes
  325. (1202): REAL Decrypted packet:(1202): Data: 8 bytes
  326. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000002 CurState: READY Event: EV_RECV_INFO_REQ
  327. IKEv2-PROTO-7: (1202): Action: Action_Null
  328. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000002 CurState: INFO_R Event: EV_RECV_INFO_REQ
  329. IKEv2-PROTO-4: (1202): Building packet for encryption.
  330. (1202):
  331. Payload contents:
  332. (1202): DELETE(1202): Next payload: NONE, reserved: 0x0, length: 8
  333. (1202): Security protocol id: IKE, spi size: 0, num of spi: 0
  334. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000002 CurState: INFO_R Event: EV_ENCRYPT_MSG
  335. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000002 CurState: INFO_R Event: EV_NO_EVENT
  336. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000002 CurState: INFO_R Event: EV_OK_ENCRYPT_RESP
  337. IKEv2-PROTO-7: (1202): Action: Action_Null
  338. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000002 CurState: INFO_R Event: EV_TRYSEND
  339. (1202):
  340. IKEv2-PROTO-4: (1202): Sending Packet [To <My public IP>:33167/From 172.31.39.243:4500/VRF i0:f0]
  341. (1202): Initiator SPI : 201FAEA82205C336 - Responder SPI : B7A99A694307DA53 Message id: 2
  342. (1202): IKEv2 INFORMATIONAL Exchange RESPONSEIKEv2-PROTO-5: (1202): Next payload: ENCR, version: 2.0 (1202): Exchange type: INFORMATIONAL, flags: RESPONDER MSG-RESPONSE (1202): Message id: 2, length: 76(1202):
  343. Payload contents:
  344. (1202): ENCR(1202): Next payload: DELETE, reserved: 0x0, length: 48
  345. (1202): Encrypted data: 44 bytes
  346. (1202):
  347. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000002 CurState: INFO_R Event: EV_CHK_INFO_TYPE
  348. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000002 CurState: INFO_R Event: EV_RECV_DEL
  349. IKEv2-PROTO-4: (1202): Process delete request from peer
  350. IKEv2-PROTO-4: (1202): Processing DELETE INFO message for IKEv2 SA [ISPI: 0x201FAEA82205C336 RSPI: 0xB7A99A694307DA53]
  351. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000002 CurState: INFO_R Event: EV_CHK4_ACTIVE_SA
  352. IKEv2-PROTO-4: (1202): Check for existing active SA
  353. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000002 CurState: INFO_R Event: EV_STOP_ACCT
  354. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000002 CurState: INFO_R Event: EV_IPSEC_DEL
  355. IKEv2-PROTO-4: (1202): Delete all IKE SAs
  356. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000002 CurState: INFO_R Event: EV_START_DEL_NEG_TMR
  357. IKEv2-PROTO-7: (1202): Action: Action_Null
  358. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000002 CurState: EXIT Event: EV_CHK_PENDING
  359. IKEv2-PROTO-7: (1202): Sent response with message id 2, Requests can be accepted from range 3 to 3
  360. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000002 CurState: EXIT Event: EV_NO_EVENT
  361. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (I) MsgID = 00000001 CurState: READY Event: EV_RECV_DEL
  362. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (I) MsgID = 00000001 CurState: DELETE Event: EV_FREE_SA
  363. IKEv2-PROTO-4: (1202): Deleting SA
  364.  
  365. f7 aa 5f fe 94 36 f1 06 30 65 42 8b e4 3b 75 12
  366. c8 d6 9f ca 45 df d2 17 4f 45 9e c6 ab c7 13 c9
  367. 43 86 59 63 bd 2c 6b 15 17 b1 4a ea 4e 71 04 a0
  368. b5 3f 60 42 7c e1 bb 58 0d b9 6f 24 e8 d9 e9 49
  369. 16 0b ee ef e5 d7 8f 5e 07 fd 7a 2d 6c 66 c9 55
  370. cd 48 2d a1 15 b9 90 f7 3f d7 23 88 5b 14 14 29
  371. 7a b6 ae 16 44 06 93 8f 93 9b 77 c7 c0 a8 e6 c3
  372. 8d fa 5c 33 90 c1 8d 24 d4 ab 47 85 60 16 31 5a
  373. dc 67 d8 3f f2 14 4b ea 70 ea 2e 06 bd a1 1d ed
  374. 28 78 3a c3 a9 d2 6e f7 80 30 4b fb 27 8c ba e3
  375. eb 7d f4 90 06 74 b7 74 a2 13 6f c6 49 4b 44 e4
  376. 45 27 cf 42 a7 a5 5d ff c7 95 7b 47 3a 0d a1 47
  377. fb 91 db 70 be 91 e8 aa 0a 0d 0e 05 94 36 44 8b
  378. 7e 8f c5 78 a2 22 00 01 23 4c 86 72 7e fe a5 02
  379. 5b 8c 6c ed 06 34 b0 c3 2c 6e 82 a6 f6 b5 56 1f
  380. 23 1a fc ff 2c 29 78 93 5f e7 b7 a5 18 65 60 e1
  381. N Next payload: NOTIFY, reserved: 0x0, length: 36
  382.  
  383. aa 50 51 09 bb 66 93 4b 5b 80 f8 3f fa 61 46 dc
  384. 29 e0 49 96 d5 1a 4c 69 12 4c 75 2b 17 96 76 99
  385. NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
  386. Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_SOURCE_IP
  387.  
  388. da 99 50 cf 9e 1e 13 4d b0 ff 26 08 5c b8 8f f0
  389. ec 97 4c 5b
  390. NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
  391. Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
  392.  
  393. 9c 05 8f f5 67 9c 59 e2 77 cd a6 cd ab 11 53 11
  394. cf f8 af 02
  395. NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) Next payload: NOTIFY, reserved: 0x0, length: 8
  396. Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED
  397. NOTIFY(Unknown - 16431) Next payload: NOTIFY, reserved: 0x0, length: 16
  398. Security protocol id: Unknown - 0, spi size: 0, type: Unknown - 0
  399.  
  400. 00 02 00 03 00 04 00 05
  401. NOTIFY(REDIRECT_SUPPORTED) Next payload: NONE, reserved: 0x0, length: 8
  402. Security protocol id: Unknown - 0, spi size: 0, type: REDIRECT_SUPPORTED
  403.  
  404. Decrypted packet:Data: 464 bytes
  405. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: IDLE Event: EV_RECV_INIT
  406. IKEv2-PROTO-4: (1202): Checking NAT discovery
  407. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_REDIRECT
  408. IKEv2-PROTO-7: (1202): Redirect check is not needed, skipping it
  409. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_CAC
  410. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK_COOKIE
  411. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: IDLE Event: EV_CHK4_COOKIE_NOTIFY
  412. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_INIT Event: EV_VERIFY_MSG
  413. IKEv2-PROTO-4: (1202): Verify SA init message
  414. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_INIT Event: EV_INSERT_SA
  415. IKEv2-PROTO-4: (1202): Insert SA
  416. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_INIT Event: EV_GET_IKE_POLICY
  417. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_INIT Event: EV_PROC_MSG
  418. IKEv2-PROTO-4: (1202): Processing IKE_SA_INIT message
  419. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_INIT Event: EV_DETECT_NAT
  420. IKEv2-PROTO-7: (1202): Process NAT discovery notify
  421. IKEv2-PROTO-7: (1202): Processing nat detect src notify
  422. IKEv2-PROTO-7: (1202): Remote address not matched
  423. IKEv2-PROTO-7: (1202): Processing nat detect dst notify
  424. IKEv2-PROTO-7: (1202): Local address not matched
  425. IKEv2-PROTO-7: (1202): Host is located NAT inside
  426. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_INIT Event: EV_CHK_CONFIG_MODE
  427. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_SET_POLICY
  428. IKEv2-PROTO-7: (1202): Setting configured policies
  429. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_CHK_AUTH4PKI
  430. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_PKI_SESH_OPEN
  431. IKEv2-PROTO-7: (1202): Opening a PKI session
  432. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_KEY
  433. IKEv2-PROTO-4: (1202): [IKEv2 -> Crypto Engine] Computing DH public key, DH Group 14
  434. IKEv2-PROTO-4: (1202): Request queued for computation of DH key
  435. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT
  436. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_PUBKEY_RESP
  437. IKEv2-PROTO-7: (1202): Action: Action_Null
  438. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_DH_SECRET
  439. IKEv2-PROTO-4: (1202): [IKEv2 -> Crypto Engine] Computing DH secret key, DH Group 14
  440. IKEv2-PROTO-4: (1202): Request queued for computation of DH secret
  441. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_NO_EVENT
  442. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_OK_RECD_DH_SECRET_RESP
  443. IKEv2-PROTO-7: (1202): Action: Action_Null
  444. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GEN_SKEYID
  445. IKEv2-PROTO-7: (1202): Generate skeyid
  446. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_GET_CONFIG_MODE
  447. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_BLD_INIT Event: EV_BLD_MSG
  448. IKEv2-PROTO-4: (1202): Generating IKE_SA_INIT message
  449. IKEv2-PROTO-4: (1202): IKE Proposal: 1, SPI size: 0 (initial negotiation),
  450. Num. transforms: 4
  451. (1202): AES-CBC(1202): SHA1(1202): SHA96(1202): DH_GROUP_2048_MODP/Group 14(1202):
  452. IKEv2-PROTO-4: (1202): Sending Packet [To <My public IP>:500/From 172.31.39.243:500/VRF i0:f0]
  453. (1202): Initiator SPI : 201FAEA82205C336 - Responder SPI : B7A99A694307DA53 Message id: 0
  454. (1202): IKEv2 IKE_SA_INIT Exchange RESPONSEIKEv2-PROTO-5: (1202): Next payload: SA, version: 2.0 (1202): Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE (1202): Message id: 0, length: 599(1202):
  455. Payload contents:
  456. (1202): SA(1202): Next payload: KE, reserved: 0x0, length: 48
  457. (1202): last proposal: 0x0, reserved: 0x0, length: 44
  458. Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4(1202): last transform: 0x3, reserved: 0x0: length: 12
  459. type: 1, reserved: 0x0, id: AES-CBC
  460. (1202): last transform: 0x3, reserved: 0x0: length: 8
  461. type: 2, reserved: 0x0, id: SHA1
  462. (1202): last transform: 0x3, reserved: 0x0: length: 8
  463. type: 3, reserved: 0x0, id: SHA96
  464. (1202): last transform: 0x0, reserved: 0x0: length: 8
  465. type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
  466. (1202): KE(1202): Next payload: N, reserved: 0x0, length: 264
  467. (1202): DH group: 14, Reserved: 0x0
  468. (1202):
  469. (1202): e0 18 3f bd 61 40 06 9e b3 db 0c 1d 38 8c 72 96
  470. (1202): 31 70 b3 b7 57 02 d6 f9 dd ca 5a 28 5d cc 67 32
  471. (1202): 48 20 b9 5b 74 f0 f5 13 e3 46 0a 7e 62 e1 f6 94
  472. (1202): ed 9d c1 11 f3 82 af d7 ab bf 39 8c 0c d0 42 b5
  473. (1202): b9 b4 fb 8f 4d bb 7e c3 07 c9 e1 3e 7a f6 8a cc
  474. (1202): a7 cf 69 8b 75 3b 6e 81 fd ba 5c 5f 6a 75 9a 08
  475. (1202): c0 74 4e 8a 06 11 f6 0f 14 4d 5e 09 80 ef f3 f3
  476. (1202): 15 1c 7a 6a 6e 39 22 5e 19 91 99 9d 0f de 0f 03
  477. (1202): 1a 09 92 85 bd e3 77 52 91 df 32 f3 ac db 85 8b
  478. (1202): f6 2e ab 5a 1b ee 48 64 ac d1 bc 76 b3 02 43 91
  479. (1202): 11 28 4a a1 d5 9f 8c 35 31 d8 27 be a1 6d 29 32
  480. (1202): b9 29 45 2e 77 8b 1a b4 f6 c9 44 41 aa 60 3a 57
  481. (1202): 50 81 be 3a 94 d5 f6 03 9d c9 c6 5e af 8c 85 a4
  482. (1202): f3 d1 e6 06 1c 37 f1 8d 29 10 66 36 f8 da 68 09
  483. (1202): 26 c1 be ff 48 34 a8 f0 07 dd df db 3b f3 bb 01
  484. (1202): c7 22 56 3e 19 6f c0 76 1f 05 1f d3 e1 6f f9 7d
  485. (1202): N(1202): Next payload: VID, reserved: 0x0, length: 68
  486. (1202):
  487. (1202): 21 93 af f9 1a 95 c5 07 1c da 73 e5 8b 31 38 3a
  488. (1202): 4c 43 a9 02 35 f2 89 88 f0 aa 0f 1a 0c 29 53 cd
  489. (1202): 4b dc 33 d6 a8 1b 09 44 c0 c4 cb 4e 69 25 80 1b
  490. (1202): ee d7 a3 91 27 98 1f 19 16 ec 05 73 b5 52 b2 62
  491. (1202): VID(1202): Next payload: VID, reserved: 0x0, length: 23
  492. (1202):
  493. (1202): 43 49 53 43 4f 2d 44 45 4c 45 54 45 2d 52 45 41
  494. (1202): 53 4f 4e
  495. (1202): VID(1202): Next payload: NOTIFY, reserved: 0x0, length: 59
  496. (1202):
  497. (1202): 43 49 53 43 4f 28 43 4f 50 59 52 49 47 48 54 29
  498. (1202): 26 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32
  499. (1202): 30 30 39 20 43 69 73 63 6f 20 53 79 73 74 65 6d
  500. (1202): 73 2c 20 49 6e 63 2e
  501. (1202): NOTIFY(NAT_DETECTION_SOURCE_IP)(1202): Next payload: NOTIFY, reserved: 0x0, length: 28
  502. (1202): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_SOURCE_IP
  503. (1202):
  504. (1202): d1 54 d0 18 f7 75 e1 7e 48 8b 6a ba 95 73 6d 06
  505. (1202): ba d3 f1 80
  506. (1202): NOTIFY(NAT_DETECTION_DESTINATION_IP)(1202): Next payload: CERTREQ, reserved: 0x0, length: 28
  507. (1202): Security protocol id: IKE, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
  508. (1202):
  509. (1202): 29 4b 5f 92 54 e7 6e 62 eb 50 9a cf ef 17 bd 09
  510. (1202): f9 1c 3c 44
  511. (1202): CERTREQ(1202): Next payload: NOTIFY, reserved: 0x0, length: 25
  512. (1202): Cert encoding X.509 Certificate - signature
  513. (1202): CertReq data: 20 bytes
  514. (1202): NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED)(1202): Next payload: VID, reserved: 0x0, length: 8
  515. (1202): Security protocol id: Unknown - 0, spi size: 0, type: IKEV2_FRAGMENTATION_SUPPORTED
  516. (1202): VID(1202): Next payload: NONE, reserved: 0x0, length: 20
  517. (1202):
  518. (1202): 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
  519. (1202):
  520. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_DONE
  521. IKEv2-PROTO-4: (1202): IETF Fragmentation is enabled
  522. IKEv2-PROTO-4: (1202): Completed SA init exchange
  523. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_CHK4_ROLE
  524. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: INIT_DONE Event: EV_START_TMR
  525. IKEv2-PROTO-4: (1202): Starting timer (30 sec) to wait for auth message
  526. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000000 CurState: R_WAIT_AUTH Event: EV_NO_EVENT
  527. IKEv2-PROTO-7: (1202): Request has mess_id 1; expected 1 through 1
  528.  
  529. (1202):
  530. IKEv2-PROTO-4: (1202): Received Packet [From <My public IP>:33167/To 172.31.39.243:500/VRF i0:f0]
  531. (1202): Initiator SPI : 201FAEA82205C336 - Responder SPI : B7A99A694307DA53 Message id: 1
  532. (1202): IKEv2 IKE_AUTH Exchange REQUESTIKEv2-PROTO-5: (1202): Next payload: ENCR, version: 2.0 (1202): Exchange type: IKE_AUTH, flags: INITIATOR (1202): Message id: 1, length: 252(1202):
  533. Payload contents:
  534. (1202):
  535. (1202): Decrypted packet:(1202): Data: 252 bytes
  536. (1202): REAL Decrypted packet:(1202): Data: 179 bytes
  537. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_RECV_AUTH
  538. IKEv2-PROTO-4: (1202): Stopping timer to wait for auth message
  539. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_NAT_T
  540. IKEv2-PROTO-4: (1202): Checking NAT discovery
  541. IKEv2-PROTO-4: (1202): NAT INSIDE found
  542. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHG_NAT_T_PORT
  543. IKEv2-PROTO-4: (1202): NAT detected float to init port 33167, resp port 4500
  544. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_PROC_ID
  545. IKEv2-PROTO-7: (1202): Received valid parameteres in process id
  546. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_IF_PEER_CERT_NEEDS_TO_BE_FETCHED_FOR_PROF_SEL
  547. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_GET_POLICY_BY_PEERID
  548. IKEv2-PROTO-4: (1202): Searching policy based on peer's identity 'pfsense-tg' of type 'key ID'
  549. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_SET_POLICY
  550. IKEv2-PROTO-7: (1202): Setting configured policies
  551. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_VERIFY_POLICY_BY_PEERID
  552. IKEv2-PROTO-4: (1202): Verify peer's policy
  553. IKEv2-PROTO-4: (1202): Peer's policy verified
  554. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_AUTH4EAP
  555. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_WAIT_AUTH Event: EV_CHK_POLREQEAP
  556. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_CHK_AUTH_TYPE
  557. IKEv2-PROTO-4: (1202): Get peer's authentication method
  558. IKEv2-PROTO-4: (1202): Peer's authentication method is 'PSK'
  559. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_GET_PRESHR_KEY
  560. IKEv2-PROTO-4: (1202): Get peer's preshared key for pfsense-tg
  561. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_VERIFY_AUTH
  562. IKEv2-PROTO-4: (1202): Verify peer's authentication data
  563. IKEv2-PROTO-4: (1202): Use preshared key for id pfsense-tg, key len 20
  564. IKEv2-PROTO-4: (1202): Verification of peer's authenctication data PASSED
  565. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_CHK4_IC
  566. IKEv2-PROTO-4: (1202): Processing INITIAL_CONTACT
  567. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_CHK_REDIRECT
  568. IKEv2-PROTO-4: (1202): Redirect check with platform for load-balancing
  569. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_NOTIFY_AUTH_DONE
  570. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_CHK_CONFIG_MODE
  571. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_GET_CONFIG_MODE
  572. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_PROC_SA_TS
  573. IKEv2-PROTO-4: (1202): Processing IKE_AUTH message
  574. IKEv2-PROTO-2: (1202): Failed to find a matching policy
  575. IKEv2-PROTO-2: (1202): Received Policies:
  576. IKEv2-PROTO-2: (1202): Failed to find a matching policy
  577. IKEv2-PROTO-2: (1202): Expected Policies:
  578. IKEv2-PROTO-7: (1202): Failed to verify the proposed policies
  579. IKEv2-PROTO-2: (1202): Failed to find a matching policy
  580. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_VERIFY_AUTH Event: EV_NO_PROP_CHOSEN
  581. IKEv2-PROTO-4: (1202): Sending no proposal chosen notify
  582. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_MY_AUTH_METHOD
  583. IKEv2-PROTO-4: (1202): Get my authentication method
  584. IKEv2-PROTO-4: (1202): My authentication method is 'PSK'
  585. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_GET_PRESHR_KEY
  586. IKEv2-PROTO-4: (1202): Get peer's preshared key for pfsense-tg
  587. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_GEN_AUTH
  588. IKEv2-PROTO-4: (1202): Generate my authentication data
  589. IKEv2-PROTO-4: (1202): Use preshared key for id 172.31.39.243, key len 20
  590. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_CHK4_SIGN
  591. IKEv2-PROTO-4: (1202): Get my authentication method
  592. IKEv2-PROTO-4: (1202): My authentication method is 'PSK'
  593. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_OK_AUTH_GEN
  594. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_SEND_AUTH
  595. IKEv2-PROTO-4: (1202): Generating IKE_AUTH message
  596. IKEv2-PROTO-4: (1202): Constructing IDr payload: '172.31.39.243' of type 'IPv4 address'
  597. IKEv2-PROTO-4: (1202): Building packet for encryption.
  598. (1202):
  599. Payload contents:
  600. (1202): VID(1202): Next payload: IDr, reserved: 0x0, length: 20
  601. (1202):
  602. (1202): b5 a9 9b 69 50 30 29 14 78 7b 19 43 c3 45 9b ae
  603. (1202): IDr(1202): Next payload: AUTH, reserved: 0x0, length: 12
  604. (1202): Id type: IPv4 address, Reserved: 0x0 0x0
  605. (1202):
  606. (1202): ac 1f 27 f3
  607. (1202): AUTH(1202): Next payload: NOTIFY, reserved: 0x0, length: 28
  608. (1202): Auth method PSK, reserved: 0x0, reserved 0x0
  609. (1202): Auth data: 20 bytes
  610. (1202): NOTIFY(NO_PROPOSAL_CHOSEN)(1202): Next payload: NONE, reserved: 0x0, length: 8
  611. (1202): Security protocol id: IKE, spi size: 0, type: NO_PROPOSAL_CHOSEN
  612. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_ENCRYPT_MSG
  613. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_NO_EVENT
  614. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_OK_ENCRYPT_RESP
  615. IKEv2-PROTO-7: (1202): Action: Action_Null
  616. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_TRYSEND
  617. (1202):
  618. IKEv2-PROTO-4: (1202): Sending Packet [To <My public IP>:33167/From 172.31.39.243:4500/VRF i0:f0]
  619. (1202): Initiator SPI : 201FAEA82205C336 - Responder SPI : B7A99A694307DA53 Message id: 1
  620. (1202): IKEv2 IKE_AUTH Exchange RESPONSEIKEv2-PROTO-5: (1202): Next payload: ENCR, version: 2.0 (1202): Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE (1202): Message id: 1, length: 140(1202):
  621. Payload contents:
  622. (1202): ENCR(1202): Next payload: VID, reserved: 0x0, length: 112
  623. (1202): Encrypted data: 108 bytes
  624. (1202):
  625. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: R_BLD_AUTH Event: EV_CHK_AUTH_FAIL
  626. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_OK
  627. IKEv2-PROTO-7: (1202): Action: Action_Null
  628. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_UPDATE_CAC_STATS
  629. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_INSERT_IKE
  630. IKEv2-PROTO-4: (1202): IKEV2 SA created; inserting SA into database. SA lifetime timer (43200 sec) started
  631. IKEv2-PROTO-4: (1202): Set NAT keepalive timer 1800
  632. IKEv2-PROTO-4: (1202): Session with IKE ID PAIR (pfsense-tg, 172.31.39.243) is UP
  633. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_REGISTER_SESSION
  634. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_NO_EVENT
  635. IKEv2-PROTO-4: (1202): Initializing DPD, configured for 10 seconds
  636. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_RECD_REGISTER_SESSION_RESP
  637. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_CHECK_DUPE
  638. IKEv2-PROTO-4: (1202): Checking for duplicate IKEv2 SA
  639. IKEv2-PROTO-4: (1202): No duplicate IKEv2 SA found
  640. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: AUTH_DONE Event: EV_CHK4_ROLE
  641. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: READY Event: EV_R_OK
  642. IKEv2-PROTO-4: (1202): Starting timer (8 sec) to delete negotiation context
  643. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000001 CurState: READY Event: EV_NO_EVENT
  644. IKEv2-PROTO-7: (1202): Request has mess_id 2; expected 2 through 2
  645.  
  646. (1202):
  647. IKEv2-PROTO-4: (1202): Received Packet [From <My public IP>:33167/To 172.31.39.243:4500/VRF i0:f0]
  648. (1202): Initiator SPI : 201FAEA82205C336 - Responder SPI : B7A99A694307DA53 Message id: 2
  649. (1202): IKEv2 INFORMATIONAL Exchange REQUESTIKEv2-PROTO-5: (1202): Next payload: ENCR, version: 2.0 (1202): Exchange type: INFORMATIONAL, flags: INITIATOR (1202): Message id: 2, length: 76(1202):
  650. Payload contents:
  651. (1202):
  652. (1202): Decrypted packet:(1202): Data: 76 bytes
  653. (1202): REAL Decrypted packet:(1202): Data: 8 bytes
  654. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000002 CurState: READY Event: EV_RECV_INFO_REQ
  655. IKEv2-PROTO-7: (1202): Action: Action_Null
  656. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000002 CurState: INFO_R Event: EV_RECV_INFO_REQ
  657. IKEv2-PROTO-4: (1202): Building packet for encryption.
  658. (1202):
  659. Payload contents:
  660. (1202): DELETE(1202): Next payload: NONE, reserved: 0x0, length: 8
  661. (1202): Security protocol id: IKE, spi size: 0, num of spi: 0
  662. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000002 CurState: INFO_R Event: EV_ENCRYPT_MSG
  663. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000002 CurState: INFO_R Event: EV_NO_EVENT
  664. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000002 CurState: INFO_R Event: EV_OK_ENCRYPT_RESP
  665. IKEv2-PROTO-7: (1202): Action: Action_Null
  666. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000002 CurState: INFO_R Event: EV_TRYSEND
  667. (1202):
  668. IKEv2-PROTO-4: (1202): Sending Packet [To <My public IP>:33167/From 172.31.39.243:4500/VRF i0:f0]
  669. (1202): Initiator SPI : 201FAEA82205C336 - Responder SPI : B7A99A694307DA53 Message id: 2
  670. (1202): IKEv2 INFORMATIONAL Exchange RESPONSEIKEv2-PROTO-5: (1202): Next payload: ENCR, version: 2.0 (1202): Exchange type: INFORMATIONAL, flags: RESPONDER MSG-RESPONSE (1202): Message id: 2, length: 76(1202):
  671. Payload contents:
  672. (1202): ENCR(1202): Next payload: DELETE, reserved: 0x0, length: 48
  673. (1202): Encrypted data: 44 bytes
  674. (1202):
  675. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000002 CurState: INFO_R Event: EV_CHK_INFO_TYPE
  676. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000002 CurState: INFO_R Event: EV_RECV_DEL
  677. IKEv2-PROTO-4: (1202): Process delete request from peer
  678. IKEv2-PROTO-4: (1202): Processing DELETE INFO message for IKEv2 SA [ISPI: 0x201FAEA82205C336 RSPI: 0xB7A99A694307DA53]
  679. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000002 CurState: INFO_R Event: EV_CHK4_ACTIVE_SA
  680. IKEv2-PROTO-4: (1202): Check for existing active SA
  681. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000002 CurState: INFO_R Event: EV_STOP_ACCT
  682. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000002 CurState: INFO_R Event: EV_IPSEC_DEL
  683. IKEv2-PROTO-4: (1202): Delete all IKE SAs
  684. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000002 CurState: INFO_R Event: EV_START_DEL_NEG_TMR
  685. IKEv2-PROTO-7: (1202): Action: Action_Null
  686. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000002 CurState: EXIT Event: EV_CHK_PENDING
  687. IKEv2-PROTO-7: (1202): Sent response with message id 2, Requests can be accepted from range 3 to 3
  688. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (R) MsgID = 00000002 CurState: EXIT Event: EV_NO_EVENT
  689. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (I) MsgID = 00000001 CurState: READY Event: EV_RECV_DEL
  690. IKEv2-PROTO-7: (1202): SM Trace-> SA: I_SPI=201FAEA82205C336 R_SPI=B7A99A694307DA53 (I) MsgID = 00000001 CurState: DELETE Event: EV_FREE_SA
  691. IKEv2-PROTO-4: (1202): Deleting SA
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!