Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: vpnc: devel

nat-t problem with cisco ios

  

 
vpnc devel RSS feed   Index | Next | Previous | View Threaded


minsuj at electrang

Nov 13, 2004, 8:49 PM

Post #1 of 11 (1631 views)
Permalink
nat-t problem with cisco ios
Hi.


i have tested with nat-t. but failed..
when i tested with "--disable-natt", i could connect to cisco router.
following is my logs..

== vpnc log ==
[root [at] localhos trunk]# ./vpnc
./vpnc: expected xauth packet; rejected: UNEQUAL_PAYLOAD_LENGTHS

== cisco ios log ==
1w3d: ISAKMP (6:11): processing NOTIFY UNEQUAL_PAYLOAD_LENGTHS protocol 1
spi 0, message ID = 715066370, sa = 44836AC8
1w3d: ISAKMP (6:11): peer does not do paranoid keepalives.

1w3d: ISAKMP (6:11): deleting SA reason "recevied fatal informational"
state (R) AG_INIT_EXCH (peer 219.251.175.80) input queue 0

== test environment ==
os : Fedora Core 2
vpnc : svn revison 33
ios version : IOS (tm) RSP Software (RSP-IK9O3SV-M), Version 12.2(15)T14


== cisco ios full log ==
1w3d: ISAKMP (0:0): received packet from 219.251.175.80 dport 500 sport
500 Global (N) NEW SA
1w3d: ISAKMP: Found a peer struct for 219.251.175.80, peer port 500
1w3d: ISAKMP: Locking peer struct 0x44761834, IKE refcount 2 for
crypto_ikmp_config_initialize_sa
1w3d: ISAKMP (0:0): (Re)Setting client xauth list userauthen and state
1w3d: ISAKMP: local port 500, remote port 500
1w3d: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert
sa = 44836AC8
1w3d: ISAKMP (6:11): processing SA payload. message ID = 0
1w3d: ISAKMP (6:11): processing ID payload. message ID = 0
1w3d: ISAKMP (6:11): peer matches xauth profile
1w3d: ISAKMP: Looking for a matching key for 219.251.175.80 in default
1w3d: ISAKMP (6:11): (Re)Setting client xauth list userauthen and state
1w3d: ISAKMP (6:11): processing vendor id payload
1w3d: ISAKMP (6:11): vendor ID seems Unity/DPD but major 242 mismatch
1w3d: ISAKMP (6:11): vendor ID is XAUTH
1w3d: ISAKMP (6:11): processing vendor id payload
1w3d: ISAKMP (6:11): vendor ID is Unity
1w3d: ISAKMP (6:11): processing vendor id payload
1w3d: ISAKMP (6:11): vendor ID seems Unity/DPD but major 123 mismatch
1w3d: ISAKMP (6:11): vendor ID is NAT-T v2
1w3d: ISAKMP (6:11) local preshared key found
1w3d: ISAKMP (6:11) Authentication by xauth preshared
1w3d: ISAKMP (6:11): Checking ISAKMP transform 0 against priority 10 policy
1w3d: ISAKMP: keylength of 256
1w3d: ISAKMP: encryption AES-CBC
1w3d: ISAKMP: hash SHA
1w3d: ISAKMP: auth XAUTHInitPreShared
1w3d: ISAKMP: default group 2
1w3d: ISAKMP: life type in seconds
1w3d: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
1w3d: ISAKMP (6:11): atts are acceptable. Next payload is 3
1w3d: ISAKMP (6:11): processing KE payload. message ID = 0
1w3d: ISAKMP (6:11): processing NONCE payload. message ID = 0
1w3d: ISAKMP (6:11): SKEYID state generated
1w3d: ISAKMP (6:11): processing vendor id payload
1w3d: ISAKMP (6:11): vendor ID seems Unity/DPD but major 242 mismatch
1w3d: ISAKMP (6:11): vendor ID is XAUTH
1w3d: ISAKMP (6:11): processing vendor id payload
1w3d: ISAKMP (6:11): vendor ID is Unity
1w3d: ISAKMP (6:11): processing vendor id payload
1w3d: ISAKMP (6:11): vendor ID seems Unity/DPD but major 123 mismatch
1w3d: ISAKMP (6:11): vendor ID is NAT-T v2
1w3d: ISAKMP (6:11): constructed NAT-T vendor-02 ID
1w3d: ISAKMP (6:11): SA is doing pre-shared key authentication plus
XAUTH using id type ID_IPV4_ADDR
1w3d: ISAKMP (11): ID payload
next-payload : 10
type : 1
addr : 220.71.56.100
protocol : 17
port : 0
length : 8
1w3d: ISAKMP (11): Total payload length: 12
1w3d: ISAKMP (6:11): constructed HIS NAT-D
1w3d: ISAKMP (6:11): constructed MINE NAT-D
1w3d: ISAKMP (6:11): sending packet to 219.251.175.80 my_port 500
peer_port 500 (R) AG_INIT_EXCH
1w3d: ISAKMP (6:11): Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
1w3d: ISAKMP (6:11): Old State = IKE_READY New State = IKE_R_AM2

1w3d: ISAKMP (6:11): received packet from 219.251.175.80 dport 4500
sport 4500 Global (R) AG_INIT_EXCH
1w3d: ISAKMP (6:11): processing HASH payload. message ID = 0
1w3d: ISAKMP (6:11): processing NOTIFY INITIAL_CONTACT protocol 1
spi 0, message ID = 0, sa = 44836AC8
1w3d: ISAKMP (6:11): Process initial contact,
bring down existing phase 1 and 2 SA's with local 220.71.56.100 remote
219.251.175.80 remote port 4500
1w3d: ISAKMP (6:11): returning IP addr to the address pool: 172.31.100.39
1w3d: ISAKMP (6:11): returning address 172.31.100.39 to pool
1w3d: ISAKMP (6:11): processing vendor id payload
1w3d: ISAKMP (6:11): vendor ID seems Unity/DPD but major 75 mismatch
1w3d: ISAKMP (6:11): processing vendor id payload
1w3d: ISAKMP (6:11): vendor ID is Unity
1w3d: ISAKMP:received payload type 0
1w3d: ISAKMP (6:11): Unknown Input: state = IKE_R_AM2, major, minor =
IKE_MESG_FROM_PEER, IKE_AM_EXCH

1w3d: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed
with peer at 219.251.175.80
1w3d: IPSEC(key_engine): got a queue event...
1w3d: ISAKMP (6:11): received packet from 219.251.175.80 dport 4500
sport 4500 Global (R) AG_INIT_EXCH
1w3d: ISAKMP (6:11): phase 1 packet is a duplicate of a previous packet.
1w3d: ISAKMP (6:11): retransmitting due to retransmit phase 1
1w3d: ISAKMP (6:11): retransmitting phase 1 AG_INIT_EXCH...
1w3d: ISAKMP (6:11): retransmitting phase 1 AG_INIT_EXCH...
1w3d: ISAKMP (6:11): incrementing error counter on sa: retransmit phase 1
1w3d: ISAKMP (6:11): retransmitting phase 1 AG_INIT_EXCH
1w3d: ISAKMP (6:11): sending packet to 219.251.175.80 my_port 4500
peer_port 4500 (R) AG_INIT_EXCH
1w3d: ISAKMP (6:11): received packet from 219.251.175.80 dport 4500
sport 4500 Global (R) AG_INIT_EXCH
1w3d: ISAKMP: set new node 715066370 to CONF_XAUTH
1w3d: ISAKMP (6:11): processing HASH payload. message ID = 715066370
1w3d: ISAKMP (6:11): processing NOTIFY UNEQUAL_PAYLOAD_LENGTHS protocol 1
spi 0, message ID = 715066370, sa = 44836AC8
1w3d: ISAKMP (6:11): peer does not do paranoid keepalives.

1w3d: ISAKMP (6:11): deleting SA reason "recevied fatal informational"
state (R) AG_INIT_EXCH (peer 219.251.175.80) input queue 0
1w3d: ISAKMP (6:11): deleting node 715066370 error FALSE reason
"informational (in) state 1"
1w3d: ISAKMP (6:11): Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
1w3d: ISAKMP (6:11): Old State = IKE_R_AM2 New State = IKE_R_AM2

1w3d: ISAKMP (6:11): received packet from 219.251.175.80 dport 4500
sport 4500 Global (R) AG_INIT_EXCH
1w3d: ISAKMP (6:11): deleting SA reason "recevied fatal informational"
state (R) AG_INIT_EXCH (peer 219.251.175.80) input queue 0
1w3d: ISAKMP: set new node 1731749945 to CONF_XAUTH
1w3d: ISAKMP (6:11): sending packet to 219.251.175.80 my_port 4500
peer_port 4500 (R) MM_NO_STATE
1w3d: ISAKMP (6:11): purging node 1731749945
1w3d: ISAKMP (6:11): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
1w3d: ISAKMP (6:11): Old State = IKE_R_AM2 New State = IKE_DEST_SA


massar at unix-ag

Nov 13, 2004, 9:36 PM

Post #2 of 11 (1487 views)
Permalink
nat-t problem with cisco ios [In reply to]
hi,

On Sun, Nov 14, 2004 at 04:49:27AM +0900, Ju min su wrote:
> i have tested with nat-t. but failed..
> when i tested with "--disable-natt", i could connect to cisco router.
> following is my logs..
>
> == vpnc log ==
> [root [at] localhos trunk]# ./vpnc
> ./vpnc: expected xauth packet; rejected: UNEQUAL_PAYLOAD_LENGTHS

seems like vpnc did not understand a packet send from ios.
can you send me a level 3 debug log from vpnc too?

cu
maurice


minsuj at electrang

Nov 13, 2004, 9:48 PM

Post #3 of 11 (1481 views)
Permalink
nat-t problem with cisco ios [In reply to]
Maurice Massar ? ?:

>hi,
>
>On Sun, Nov 14, 2004 at 04:49:27AM +0900, Ju min su wrote:
>
>
>>i have tested with nat-t. but failed..
>>when i tested with "--disable-natt", i could connect to cisco router.
>>following is my logs..
>>
>>== vpnc log ==
>>[root [at] localhos trunk]# ./vpnc
>>./vpnc: expected xauth packet; rejected: UNEQUAL_PAYLOAD_LENGTHS
>>
>>
>
>seems like vpnc did not understand a packet send from ios.
>can you send me a level 3 debug log from vpnc too?
>
>cu
>maurice
>_______________________________________________
>vpnc-devel mailing list
>vpnc-devel [at] unix-ag
>http://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
>http://www.unix-ag.uni-kl.de/~massar/vpnc/
>
>
here is level 99(?) debug log..

[root [at] localhos trunk]# ./vpnc --debug 99
WARNING! active debug level is >= 99, output includes username and
password (hex encoded)
WARNING! active debug level is >= 99, output includes username and
password (hex encoded)
hex_test: 00010203
vpnc version 0.3.1
S1
S2
S3
using interface tun0
S4
S4.1
i_cookie: 193944b1 3c24901a
i_nonce: 47616a6b 8b9afd12 76521fce 1af04531 8eff4fe8
S4.2
dh_public:
1cf6d251 356e56e9 10ea3c6d 705e3037 cbbd8824 2ea0a2e6 c092b64f e6d18612
e58b0548 cbce99a3 664e485c 362198bd 34682308 a17584a7 d6a53120 428972f1
b6cee39d bfeba25e 6d958530 1a6dc6fc 345ad79e 25d58ac0 5e843889 2e32b607
a25efe58 0254516a 5e6f033c b0cf539f 15cb2203 73719d1e 3ec6fd33 e3060100
S4.3

sending: ========================>

BEGIN_PARSE
i_cookie: 193944b1 3c24901a
r_cookie: 00000000 00000000
payload: 01
isakmp_version: 10
exchange_type: 04
flags: 00
message_id: 00000000
len: 00000249
PARSING PAYLOAD type: 01
next_type: 04
length: 014c
sa.doi: 00000001
sa.situation: 00000001
PARSING PAYLOAD type: 02
next_type: 00
length: 0140
p.number: 00
p.prot_id: 01
p.spi_size: 00
length: 08
p.spi:
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 00
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 0100
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0002
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 01
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 0100
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0001
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 02
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 00c0
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0002
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 03
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 00c0
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0001
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 04
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 0080
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0002
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 05
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 0080
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0001
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0024
t.number: 06
t.id: 01
t.attributes.type: 0001
t.attributes.u.attr_16: 0005
t.attributes.type: 0002
t.attributes.u.attr_16: 0002
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 00
length: 0024
t.number: 07
t.id: 01
t.attributes.type: 0001
t.attributes.u.attr_16: 0005
t.attributes.type: 0002
t.attributes.u.attr_16: 0001
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 01
PARSING PAYLOAD type: 04
next_type: 0a
length: 0084
ke.data:
1cf6d251 356e56e9 10ea3c6d 705e3037 cbbd8824 2ea0a2e6 c092b64f e6d18612
e58b0548 cbce99a3 664e485c 362198bd 34682308 a17584a7 d6a53120 428972f1
b6cee39d bfeba25e 6d958530 1a6dc6fc 345ad79e 25d58ac0 5e843889 2e32b607
a25efe58 0254516a 5e6f033c b0cf539f 15cb2203 73719d1e 3ec6fd33 e3060100
DONE PARSING PAYLOAD type: 04
PARSING PAYLOAD type: 0a
next_type: 05
length: 0018
ke.data: 47616a6b 8b9afd12 76521fce 1af04531 8eff4fe8
DONE PARSING PAYLOAD type: 0a
PARSING PAYLOAD type: 05
next_type: 0d
length: 0011
id.type: 0b
id.protocol: 11
id.port: f401
id.data: 76706e63 6c69656e 74
DONE PARSING PAYLOAD type: 05
PARSING PAYLOAD type: 0d
next_type: 0d
length: 000c
ke.data: 09002689 dfd6b712
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 0d
length: 0014
ke.data: 12f5f28c 457168a9 702d9fe2 74cc0100
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 00
length: 0014
ke.data: 90cb8091 3ebb696e 086381b5 ec427b1f
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 00
PARSE_OK

S4.4

BEGIN_PARSE
i_cookie: 193944b1 3c24901a
r_cookie: f35cb79e d9c2da08
payload: 01
isakmp_version: 10
exchange_type: 04
flags: 00
message_id: 00000000
len: 000001a4
PARSING PAYLOAD type: 01
next_type: 0d
length: 003c
sa.doi: 00000001
sa.situation: 00000001
PARSING PAYLOAD type: 02
next_type: 00
length: 0030
p.number: 01
p.prot_id: 01
p.spi_size: 00
length: 01
p.spi:
PARSING PAYLOAD type: 03
next_type: 00
length: 0028
t.number: 01
t.id: 01
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 000e
t.attributes.u.attr_16: 0100
t.attributes.type: 0002
t.attributes.u.attr_16: 0002
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 01
PARSING PAYLOAD type: 0d
next_type: 0d
length: 0014
ke.data: 12f5f28c 457168a9 702d9fe2 74cc0100
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 0d
length: 0014
ke.data: afcad713 68a1f1c9 6b8696fc 77570100
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 0d
length: 0014
ke.data: 069b1083 d9c3da08 de815e83 c391bfe5
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 0d
length: 000c
ke.data: 09002689 dfd6b712
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 04
length: 0014
ke.data: 90cb8091 3ebb696e 086381b5 ec427b1f
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 04
next_type: 05
length: 0084
ke.data:
24ba7066 8a21955a 6d3e6cc2 6acfcdb2 288743dd 0e32c540 c8370b89 af52beed
5d45b37e 5b85aee2 fb974170 024beac7 d845d25e 2d1dc7b1 0fcf8f0b 6fa9c7c0
5afa9d56 b7a8f9e5 fb1bfc94 f3bf4e24 ea810cff ec02a3c7 c4348a8c 4a844d61
4a88ee1a 68146d60 ae48093f c0740e84 b8e98bf6 24897c4c 0bac0ab9 077bc55a
DONE PARSING PAYLOAD type: 04
PARSING PAYLOAD type: 05
next_type: 0a
length: 000c
id.type: 01
id.protocol: 11
id.port: 0000
id.data: dc473864
DONE PARSING PAYLOAD type: 05
PARSING PAYLOAD type: 0a
next_type: 08
length: 0018
ke.data: 6eb25c69 83752786 23dc58f5 7dc6c794 745b8dee
DONE PARSING PAYLOAD type: 0a
PARSING PAYLOAD type: 08
next_type: 82
length: 0018
ke.data: 9b5e59ff 183ebe12 03c747e7 8f16315b 73ff4d01
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 82
next_type: 82
length: 0018
ke.data: 33565a1c 91d7da6a 29673595 0109abab 1cff06bc
DONE PARSING PAYLOAD type: 82
PARSING PAYLOAD type: 82
next_type: 00
length: 0018
ke.data: e3c99397 9704ba5d 35934495 711d72d6 1f7ef6c0
DONE PARSING PAYLOAD type: 82
PARSING PAYLOAD type: 00
PARSE_OK

IKE SA selected aes256-sha1
skeyid: bd78f1db 5455aa5e d8617759 64de6934 be098d9e
returned_hash: f6600eb0 a5618dfb 4dc14571 f96760e2 5e42d2c1
dh_shared_secret:
2617110f d005c384 c4ef5002 d603e4c8 644bad55 949d675a 5abf767e 2e4474b4
7b827eb7 8ca6a514 82280b20 2d0ab127 d6cfc1ca 17672aa1 34ccba96 1b168eb5
15e05626 ba5c5b70 8a631935 c1b38f66 57623f1d 8c66597a 0838bb7b e1f4cdf4
6abdb76e 8f1eedea 53a87ca4 e2109e1f 74f26b68 5d5294e2 957ddb1b 62d8d762
skeyid_d: e6d9e683 59ee4792 512dd5fb a8d26188 c7d2f635
skeyid_a: f13a2864 c30dd743 bcd516c1 9faf8876 a4eddf3d
skeyid_e: 837c88f0 783661bf e69149f8 2ea8951b a7e2dd78
enc-key: a0d14cf1 fb92637b f95fcc8b def132de c8635de8 4f27f38f 844630fe
4659888c
current_iv: 5ad4cfbc f7942e35 b196ee21 20a83361
S4.5
NAT status: this end behind NAT? YES -- remote end behind NAT? no
size = 140, blksz = 16, padding = 4

sending: ========================>

BEGIN_PARSE
i_cookie: 193944b1 3c24901a
r_cookie: f35cb79e d9c2da08
payload: 08
isakmp_version: 10
exchange_type: 04
flags: 01
message_id: 00000000
len: 000000ac
PARSING PAYLOAD type: 08
next_type: 0b
length: 0018
ke.data: f6600eb0 a5618dfb 4dc14571 f96760e2 5e42d2c1
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0b
next_type: 0d
length: 001c
n.doi: 00000001
n.protocol: 01
n.spi_length: 10
n.type: 6002
n.spi: 193944b1 3c24901a f35cb79e d9c2da08
n.data:
DONE PARSING PAYLOAD type: 0b
PARSING PAYLOAD type: 0d
next_type: 0d
length: 0014
ke.data: 126e1f57 7291153b 20485f7f 155b4bc8
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 0f
length: 0014
ke.data: 12f5f28c 457168a9 702d9fe2 74cc0100
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0f
next_type: 0f
length: 0018
ke.data: e3c99397 9704ba5d 35934495 711d72d6 1f7ef6c0
DONE PARSING PAYLOAD type: 0f
PARSING PAYLOAD type: 0f
next_type: 00
length: 0018
ke.data: ff192736 138510b3 bdb3f0fd b13a43e8 56700e6e
DONE PARSING PAYLOAD type: 0f
PARSING PAYLOAD type: 00
PARSE_OK

initial_iv: b5587c94 04a2051d 2ba49775 958d612e
NAT-T mode, adding non-esp marker
S4.6
S5
S5.1
S5.2
S5.3


---!!!!!!!!! entering phase2_fatal !!!!!!!!!---


size = 36, blksz = 16, padding = 12

sending: ========================>

BEGIN_PARSE
i_cookie: 193944b1 3c24901a
r_cookie: f35cb79e d9c2da08
payload: 08
isakmp_version: 10
exchange_type: 05
flags: 01
message_id: cd864ae0
len: 0000004c
PARSING PAYLOAD type: 08
next_type: 0b
length: 0018
ke.data: e00a2e14 f2db27c0 0b00da0e e6a5953f 655e9dc8
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0b
next_type: 00
length: 000c
n.doi: 00000001
n.protocol: 01
n.spi_length: 00
n.type: 001e
n.spi:
n.data:
DONE PARSING PAYLOAD type: 0b
PARSING PAYLOAD type: 00
PARSE_OK

NAT-T mode, adding non-esp marker
size = 52, blksz = 16, padding = 12

sending: ========================>

BEGIN_PARSE
i_cookie: 193944b1 3c24901a
r_cookie: f35cb79e d9c2da08
payload: 08
isakmp_version: 10
exchange_type: 05
flags: 01
message_id: 50fe13e6
len: 0000005c
PARSING PAYLOAD type: 08
next_type: 0c
length: 0018
ke.data: 1e30258a cefcceef b6537ac0 ea5c562f 8c5f0767
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0c
next_type: 00
length: 001c
n.doi: 00000001
n.protocol: 01
n.spi_length: 10
d.num_spi: 0001
d.spi: 193944b1 3c24901a f35cb79e d9c2da08
DONE PARSING PAYLOAD type: 0c
PARSING PAYLOAD type: 00
PARSE_OK

NAT-T mode, adding non-esp marker
./vpnc: expected xauth packet; rejected: UNEQUAL_PAYLOAD_LENGTHS


massar at unix-ag

Nov 14, 2004, 12:23 AM

Post #4 of 11 (1460 views)
Permalink
nat-t problem with cisco ios [In reply to]
hi,

On Sun, Nov 14, 2004 at 05:47:54AM +0900, Ju min su wrote:
> Maurice Massar ? ?:
> here is level 99(?) debug log..
>
> [root [at] localhos trunk]# ./vpnc --debug 99
> WARNING! active debug level is >= 99, output includes username and
> password (hex encoded)
> WARNING! active debug level is >= 99, output includes username and
> password (hex encoded)
> hex_test: 00010203
> vpnc version 0.3.1

please do not use debug level greater than 3,
especially do not post such logs to public lists
(or even send them to me (-;)
well.. this exchange did not get far enough
to contain passwords though

random idea: could you test using 3DES-MD5 for isakmp instead of AES-SHA1?

I can not reprocude this with
IOS (tm) C806 Software (C806-K9OSY6-M), Version 12.3(10a), RELEASE SOFTWARE (fc2)

I have added some extra debugging code in revision 34 for this case.
please send me a new log level 3.

cu
maurice


minsuj at electrang

Nov 14, 2004, 3:43 AM

Post #5 of 11 (1471 views)
Permalink
nat-t problem with cisco ios [In reply to]
Maurice Massar ? ?:

>hi,
>
>On Sun, Nov 14, 2004 at 05:47:54AM +0900, Ju min su wrote:
>
>
>>Maurice Massar ? ?:
>>here is level 99(?) debug log..
>>
>>[root [at] localhos trunk]# ./vpnc --debug 99
>>WARNING! active debug level is >= 99, output includes username and
>>password (hex encoded)
>>WARNING! active debug level is >= 99, output includes username and
>>password (hex encoded)
>>hex_test: 00010203
>>vpnc version 0.3.1
>>
>>
>
>please do not use debug level greater than 3,
>especially do not post such logs to public lists
>(or even send them to me (-;)
>well.. this exchange did not get far enough
>to contain passwords though
>
>
>
oops. so dangerous thing..

>random idea: could you test using 3DES-MD5 for isakmp instead of AES-SHA1?
>
>
>
yes, i've got some different result.. but failed..

>I can not reprocude this with
>IOS (tm) C806 Software (C806-K9OSY6-M), Version 12.3(10a), RELEASE SOFTWARE (fc2)
>
>I have added some extra debugging code in revision 34 for this case.
>
>
ok, i updated it.

>please send me a new log level 3.
>
>
>
== vpnc level 3 log ==
[root [at] localhos trunk]# ./vpnc --debug 3
hex_test: 00010203
vpnc version 0.3.1
S1
S2
S3
using interface tun0
S4
S4.1
i_cookie: 0195962e 0d15214c
i_nonce: b30f201c e46d29a4 6a69a3d4 d87f40d4 ca29209c
S4.2
dh_public:
ee129bcb ab5dadc6 2b1e59e4 6d07f322 82c83d9e 1e5e12e3 0876af65 46d7d69c
806c5d66 1b6a1ee7 102be342 b01033a0 2b7b8c4c 238c50ee 5fe91026 fa8402a8
05027db5 e37ee143 c5ff9bcb 9a4a6071 132d600c 98c79e14 e21a4ce5 8810beb4
737a411e 660438a9 50674c15 d8e29541 f908f881 8a3c6498 7ebae1fa cf67cfc6
S4.3

sending: ========================>

BEGIN_PARSE
i_cookie: 0195962e 0d15214c
r_cookie: 00000000 00000000
payload: 01
isakmp_version: 10
exchange_type: 04
flags: 00
message_id: 00000000
len: 00000249
PARSING PAYLOAD type: 01
next_type: 04
length: 014c
sa.doi: 00000001
sa.situation: 00000001
PARSING PAYLOAD type: 02
next_type: 00
length: 0140
p.number: 00
p.prot_id: 01
p.spi_size: 00
length: 08
p.spi:
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 00
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 0100
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0002
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 01
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 0100
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0001
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 02
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 00c0
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0002
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 03
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 00c0
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0001
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 04
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 0080
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0002
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 05
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 0080
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0001
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0024
t.number: 06
t.id: 01
t.attributes.type: 0001
t.attributes.u.attr_16: 0005
t.attributes.type: 0002
t.attributes.u.attr_16: 0002
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 00
length: 0024
t.number: 07
t.id: 01
t.attributes.type: 0001
t.attributes.u.attr_16: 0005
t.attributes.type: 0002
t.attributes.u.attr_16: 0001
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 01
PARSING PAYLOAD type: 04
next_type: 0a
length: 0084
ke.data:
ee129bcb ab5dadc6 2b1e59e4 6d07f322 82c83d9e 1e5e12e3 0876af65 46d7d69c
806c5d66 1b6a1ee7 102be342 b01033a0 2b7b8c4c 238c50ee 5fe91026 fa8402a8
05027db5 e37ee143 c5ff9bcb 9a4a6071 132d600c 98c79e14 e21a4ce5 8810beb4
737a411e 660438a9 50674c15 d8e29541 f908f881 8a3c6498 7ebae1fa cf67cfc6
DONE PARSING PAYLOAD type: 04
PARSING PAYLOAD type: 0a
next_type: 05
length: 0018
ke.data: b30f201c e46d29a4 6a69a3d4 d87f40d4 ca29209c
DONE PARSING PAYLOAD type: 0a
PARSING PAYLOAD type: 05
next_type: 0d
length: 0011
id.type: 0b
id.protocol: 11
id.port: f401
id.data: 76706e63 6c69656e 74
DONE PARSING PAYLOAD type: 05
PARSING PAYLOAD type: 0d
next_type: 0d
length: 000c
ke.data: 09002689 dfd6b712
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 0d
length: 0014
ke.data: 12f5f28c 457168a9 702d9fe2 74cc0100
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 00
length: 0014
ke.data: 90cb8091 3ebb696e 086381b5 ec427b1f
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 00
PARSE_OK

S4.4

BEGIN_PARSE
i_cookie: 0195962e 0d15214c
r_cookie: f35cb79e a13f943e
payload: 01
isakmp_version: 10
exchange_type: 04
flags: 00
message_id: 00000000
len: 00000194
PARSING PAYLOAD type: 01
next_type: 0d
length: 0038
sa.doi: 00000001
sa.situation: 00000001
PARSING PAYLOAD type: 02
next_type: 00
length: 002c
p.number: 01
p.prot_id: 01
p.spi_size: 00
length: 01
p.spi:
PARSING PAYLOAD type: 03
next_type: 00
length: 0024
t.number: 01
t.id: 01
t.attributes.type: 0001
t.attributes.u.attr_16: 0005
t.attributes.type: 0002
t.attributes.u.attr_16: 0001
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 01
PARSING PAYLOAD type: 0d
next_type: 0d
length: 0014
ke.data: 12f5f28c 457168a9 702d9fe2 74cc0100
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 0d
length: 0014
ke.data: afcad713 68a1f1c9 6b8696fc 77570100
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 0d
length: 0014
ke.data: 069b1083 a13e943e ef08b7a7 d16e543e
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 0d
length: 000c
ke.data: 09002689 dfd6b712
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 04
length: 0014
ke.data: 90cb8091 3ebb696e 086381b5 ec427b1f
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 04
next_type: 05
length: 0084
ke.data:
85b097b1 7dadfc06 b267d84b 1f11b7aa 78f139cc 7ff5b55a 6c89a8be 51f08936
6e4d3c1d 084342cf 1c0b4000 c8be146a 7f01d036 76ad847c 62737d25 7067682d
6575c5b4 a1829c28 b27d6d19 e3eb7d80 e04016ac 22190922 3c242ec1 b71ce9cf
88a8d600 f57ce2c9 893e3fb0 23cdfc70 402c189a c3340933 8bb2b8f7 8b5aa25f
DONE PARSING PAYLOAD type: 04
PARSING PAYLOAD type: 05
next_type: 0a
length: 000c
id.type: 01
id.protocol: 11
id.port: 0000
id.data: dc473864
DONE PARSING PAYLOAD type: 05
PARSING PAYLOAD type: 0a
next_type: 08
length: 0018
ke.data: f17589f6 e8b5a168 46cb2954 0917666b 443abfab
DONE PARSING PAYLOAD type: 0a
PARSING PAYLOAD type: 08
next_type: 82
length: 0014
ke.data: edffd87a 6f0f3726 d320879d ce6aec5a
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 82
next_type: 82
length: 0014
ke.data: ff877068 f65a95c7 0eb49369 af0421fe
DONE PARSING PAYLOAD type: 82
PARSING PAYLOAD type: 82
next_type: 00
length: 0014
ke.data: dea20489 dbee3a26 0eb8c919 21b8b0cd
DONE PARSING PAYLOAD type: 82
PARSING PAYLOAD type: 00
PARSE_OK

IKE SA selected 3des-md5
skeyid: 45ce8606 6616e4df d8a554cc d70a7b33
returned_hash: 346e77f3 c7604a10 b5b6722a 13395693
dh_shared_secret:
62111be8 45b2505a 9214f632 5e0729db 8ba73f2f 1544f10e 5fd9fa82 2317657c
c169937d 7283e514 8c40b1d9 59b85868 d581ab16 c8ba4750 a943fa08 a2aa4bf1
e4b6acc6 226d2777 1d6ad23f 7cb479be 65a1b275 65ab52ec 07a96198 48b0ddb1
7ee0236b 48327c1a 691d3d9f 12841a31 444dcd65 909a1c91 5b0b2c79 3e18f090
skeyid_d: 982e2f0c 1b89e589 2898950f 2d2b2512
skeyid_a: 0fbd5bb7 7184e767 6149f74f fdd8b850
skeyid_e: ffd6ee3a 007f8b87 a996fd92 2bd4f4dd
enc-key: 749a4737 b63ae05d 6f89aa3b ce784b54 c4912235 431b8a79
current_iv: 22365857 07da9cf4
S4.5
NAT status: this end behind NAT? YES -- remote end behind NAT? no
size = 128, blksz = 8, padding = 0

sending: ========================>

BEGIN_PARSE
i_cookie: 0195962e 0d15214c
r_cookie: f35cb79e a13f943e
payload: 08
isakmp_version: 10
exchange_type: 04
flags: 01
message_id: 00000000
len: 0000009c
PARSING PAYLOAD type: 08
next_type: 0b
length: 0014
ke.data: 346e77f3 c7604a10 b5b6722a 13395693
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0b
next_type: 0d
length: 001c
n.doi: 00000001
n.protocol: 01
n.spi_length: 10
n.type: 6002
n.spi: 0195962e 0d15214c f35cb79e a13f943e
n.data:
DONE PARSING PAYLOAD type: 0b
PARSING PAYLOAD type: 0d
next_type: 0d
length: 0014
ke.data: 126e1f57 7291153b 20485f7f 155b4bc8
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 0f
length: 0014
ke.data: 12f5f28c 457168a9 702d9fe2 74cc0100
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0f
next_type: 0f
length: 0014
ke.data: dea20489 dbee3a26 0eb8c919 21b8b0cd
DONE PARSING PAYLOAD type: 0f
PARSING PAYLOAD type: 0f
next_type: 00
length: 0014
ke.data: 9fcb77fe 81d0a9e0 8397eb09 0047e6ac
DONE PARSING PAYLOAD type: 0f
PARSING PAYLOAD type: 00
PARSE_OK

initial_iv: eb89e3da 4239d66e
NAT-T mode, adding non-esp marker
S4.6
S5
S5.1
S5.2

BEGIN_PARSE
i_cookie: 0195962e 0d15214c
r_cookie: f35cb79e a13f943e
payload: 01
isakmp_version: 10
exchange_type: 04
flags: 00
message_id: 00000000
len: 00000194
PARSING PAYLOAD type: 01
next_type: 24
S5.2

BEGIN_PARSE
i_cookie: 0195962e 0d15214c
r_cookie: f35cb79e a13f943e
payload: 08
isakmp_version: 10
exchange_type: 05
flags: 01
message_id: d3211a67
len: 00000054
PARSING PAYLOAD type: 08
next_type: 0c
length: 0014
ke.data: b6f68a0e 9fb24dcc 19230639 c35ad659
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0c
next_type: 00
length: 001c
n.doi: 00000001
n.protocol: 01
n.spi_length: 10
d.num_spi: 0001
d.spi: 0195962e 0d15214c f35cb79e a13f943e
DONE PARSING PAYLOAD type: 0c
PARSING PAYLOAD type: 00
PARSE_OK

hashlen: 16
u.hash.length: 16
expected_hash: b6f68a0e 9fb24dcc 19230639 c35ad659
h->u.hash.data: b6f68a0e 9fb24dcc 19230639 c35ad659
S5.3


---!!!!!!!!! entering phase2_fatal !!!!!!!!!---


size = 32, blksz = 8, padding = 0

sending: ========================>

BEGIN_PARSE
i_cookie: 0195962e 0d15214c
r_cookie: f35cb79e a13f943e
payload: 08
isakmp_version: 10
exchange_type: 05
flags: 01
message_id: b7db2cbc
len: 0000003c
PARSING PAYLOAD type: 08
next_type: 0b
length: 0014
ke.data: 234b09f6 eef2c9fb 8c5b95bb 64fa8ce0
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0b
next_type: 00
length: 000c
n.doi: 00000001
n.protocol: 01
n.spi_length: 00
n.type: 0007
n.spi:
n.data:
DONE PARSING PAYLOAD type: 0b
PARSING PAYLOAD type: 00
PARSE_OK

NAT-T mode, adding non-esp marker
size = 48, blksz = 8, padding = 0

sending: ========================>

BEGIN_PARSE
i_cookie: 0195962e 0d15214c
r_cookie: f35cb79e a13f943e
payload: 08
isakmp_version: 10
exchange_type: 05
flags: 01
message_id: 124685b2
len: 0000004c
PARSING PAYLOAD type: 08
next_type: 0c
length: 0014
ke.data: 03a99dbe b2fdaa0c d8619f8d c15ec887
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0c
next_type: 00
length: 001c
n.doi: 00000001
n.protocol: 01
n.spi_length: 10
d.num_spi: 0001
d.spi: 0195962e 0d15214c f35cb79e a13f943e
DONE PARSING PAYLOAD type: 0c
PARSING PAYLOAD type: 00
PARSE_OK

NAT-T mode, adding non-esp marker
./vpnc: expected xauth packet; rejected: INVALID_EXCHANGE_TYPE
[root [at] localhos trunk]# ./vpnc --debug 3
hex_test: 00010203
vpnc version 0.3.1
S1
S2
S3
using interface tun0
S4
S4.1
i_cookie: 6caf607d d040e4b9
i_nonce: fb8ca6ca 82d417da b3af055c 4bf1ec14 280b26e3
S4.2
dh_public:
865a5905 b1ec955e 8be9f371 cdd7b8c5 3ea0076b 69b98ba2 890ca720 f61f4034
8ad60312 35f85ee7 c2268a27 6497f68a 4a5cdc0c 8eb2875c f28bae8a ff9610e7
758972cd 4066fd1b 204f8f49 639bba52 c9f51f4f ba39f0f3 be780a95 82303d1c
ed3b257a 3f38c9b1 fc79b8d8 36c52739 9781ca39 1401b3ab 7511dee8 076109be
S4.3

sending: ========================>

BEGIN_PARSE
i_cookie: 6caf607d d040e4b9
r_cookie: 00000000 00000000
payload: 01
isakmp_version: 10
exchange_type: 04
flags: 00
message_id: 00000000
len: 00000249
PARSING PAYLOAD type: 01
next_type: 04
length: 014c
sa.doi: 00000001
sa.situation: 00000001
PARSING PAYLOAD type: 02
next_type: 00
length: 0140
p.number: 00
p.prot_id: 01
p.spi_size: 00
length: 08
p.spi:
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 00
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 0100
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0002
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 01
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 0100
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0001
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 02
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 00c0
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0002
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 03
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 00c0
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0001
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 04
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 0080
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0002
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 05
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 0080
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0001
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0024
t.number: 06
t.id: 01
t.attributes.type: 0001
t.attributes.u.attr_16: 0005
t.attributes.type: 0002
t.attributes.u.attr_16: 0002
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 00
length: 0024
t.number: 07
t.id: 01
t.attributes.type: 0001
t.attributes.u.attr_16: 0005
t.attributes.type: 0002
t.attributes.u.attr_16: 0001
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 01
PARSING PAYLOAD type: 04
next_type: 0a
length: 0084
ke.data:
865a5905 b1ec955e 8be9f371 cdd7b8c5 3ea0076b 69b98ba2 890ca720 f61f4034
8ad60312 35f85ee7 c2268a27 6497f68a 4a5cdc0c 8eb2875c f28bae8a ff9610e7
758972cd 4066fd1b 204f8f49 639bba52 c9f51f4f ba39f0f3 be780a95 82303d1c
ed3b257a 3f38c9b1 fc79b8d8 36c52739 9781ca39 1401b3ab 7511dee8 076109be
DONE PARSING PAYLOAD type: 04
PARSING PAYLOAD type: 0a
next_type: 05
length: 0018
ke.data: fb8ca6ca 82d417da b3af055c 4bf1ec14 280b26e3
DONE PARSING PAYLOAD type: 0a
PARSING PAYLOAD type: 05
next_type: 0d
length: 0011
id.type: 0b
id.protocol: 11
id.port: f401
id.data: 76706e63 6c69656e 74
DONE PARSING PAYLOAD type: 05
PARSING PAYLOAD type: 0d
next_type: 0d
length: 000c
ke.data: 09002689 dfd6b712
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 0d
length: 0014
ke.data: 12f5f28c 457168a9 702d9fe2 74cc0100
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 00
length: 0014
ke.data: 90cb8091 3ebb696e 086381b5 ec427b1f
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 00
PARSE_OK

S4.4

BEGIN_PARSE
i_cookie: 6caf607d d040e4b9
r_cookie: f35cb79e f8ae0829
payload: 01
isakmp_version: 10
exchange_type: 04
flags: 00
message_id: 00000000
len: 00000194
PARSING PAYLOAD type: 01
next_type: 0d
length: 0038
sa.doi: 00000001
sa.situation: 00000001
PARSING PAYLOAD type: 02
next_type: 00
length: 002c
p.number: 01
p.prot_id: 01
p.spi_size: 00
length: 01
p.spi:
PARSING PAYLOAD type: 03
next_type: 00
length: 0024
t.number: 01
t.id: 01
t.attributes.type: 0001
t.attributes.u.attr_16: 0005
t.attributes.type: 0002
t.attributes.u.attr_16: 0001
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 01
PARSING PAYLOAD type: 0d
next_type: 0d
length: 0014
ke.data: 12f5f28c 457168a9 702d9fe2 74cc0100
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 0d
length: 0014
ke.data: afcad713 68a1f1c9 6b8696fc 77570100
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 0d
length: 0014
ke.data: 069b1083 f8af0829 9ce34ec3 e00dc5df
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 0d
length: 000c
ke.data: 09002689 dfd6b712
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 04
length: 0014
ke.data: 90cb8091 3ebb696e 086381b5 ec427b1f
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 04
next_type: 05
length: 0084
ke.data:
34acc1d2 84e15485 7f983890 e109b7b3 30555692 b1cde68f 73474eeb 261d132c
d8fb6707 566db2cf fcbee591 ea24e998 8e146d29 f50b146a c61e5c9a e1301c31
c4d3647d 54e2a237 3e665d94 6c8e8ab1 4bc03436 eaadc6a4 efd39e93 ae4d37e4
726f6227 55f53c6e 1d5b6fcf 584c3cb0 7ea3c030 fea8735c 14a399c3 28527300
DONE PARSING PAYLOAD type: 04
PARSING PAYLOAD type: 05
next_type: 0a
length: 000c
id.type: 01
id.protocol: 11
id.port: 0000
id.data: dc473864
DONE PARSING PAYLOAD type: 05
PARSING PAYLOAD type: 0a
next_type: 08
length: 0018
ke.data: 24243646 262067da f8eaff58 62d42420 d25851b0
DONE PARSING PAYLOAD type: 0a
PARSING PAYLOAD type: 08
next_type: 82
length: 0014
ke.data: 8b493c4f 36571c52 f36bd7a2 5c90ac91
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 82
next_type: 82
length: 0014
ke.data: 61d0a455 f9ede8d2 e6b48a01 6b9d2fde
DONE PARSING PAYLOAD type: 82
PARSING PAYLOAD type: 82
next_type: 00
length: 0014
ke.data: 1fb42b98 0eabb823 02d2fcf7 aa97a064
DONE PARSING PAYLOAD type: 82
PARSING PAYLOAD type: 00
PARSE_OK

IKE SA selected 3des-md5
skeyid: 9157e3ab bcd40d19 57d8df7a 99f6c758
returned_hash: 4831eebd cebc1f82 28619253 2a93f76e
dh_shared_secret:
8a7c83d6 b9f0d5fe 0e38482c c351f54c d2cd32e5 c47e9f71 1fb73254 6cbc5c15
ddb4f784 78218ef4 e915bebb 4bbc1e4d 1ee2eef7 fc6767c5 6baa8cba 0596f78c
cbc03ad4 ea4cb22a c499db58 d0eb0c65 793989c8 ffc904d5 9ae77fd0 81f5631b
4af8c920 26091808 b2fd2ea3 604e3236 702e13a8 6de7d364 c5934a33 b1fd7547
skeyid_d: 84b633ae 252fcc6b a2ac6dfe b375e09d
skeyid_a: a1ffacce b920f4b4 fcbceab9 2cc55911
skeyid_e: 6a092e8c d607f4e9 960b1d70 902bb2db
enc-key: cb34464e 09652ee6 dc4cd080 61c4ba17 9d173d53 fc9423b6
current_iv: c89cab3d c8670a9e
S4.5
NAT status: this end behind NAT? YES -- remote end behind NAT? no
size = 128, blksz = 8, padding = 0

sending: ========================>

BEGIN_PARSE
i_cookie: 6caf607d d040e4b9
r_cookie: f35cb79e f8ae0829
payload: 08
isakmp_version: 10
exchange_type: 04
flags: 01
message_id: 00000000
len: 0000009c
PARSING PAYLOAD type: 08
next_type: 0b
length: 0014
ke.data: 4831eebd cebc1f82 28619253 2a93f76e
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0b
next_type: 0d
length: 001c
n.doi: 00000001
n.protocol: 01
n.spi_length: 10
n.type: 6002
n.spi: 6caf607d d040e4b9 f35cb79e f8ae0829
n.data:
DONE PARSING PAYLOAD type: 0b
PARSING PAYLOAD type: 0d
next_type: 0d
length: 0014
ke.data: 126e1f57 7291153b 20485f7f 155b4bc8
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 0f
length: 0014
ke.data: 12f5f28c 457168a9 702d9fe2 74cc0100
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0f
next_type: 0f
length: 0014
ke.data: 1fb42b98 0eabb823 02d2fcf7 aa97a064
DONE PARSING PAYLOAD type: 0f
PARSING PAYLOAD type: 0f
next_type: 00
length: 0014
ke.data: ca444676 640b034d d6cf8f60 86503029
DONE PARSING PAYLOAD type: 0f
PARSING PAYLOAD type: 00
PARSE_OK

initial_iv: 7a52a142 92110a09
NAT-T mode, adding non-esp marker
S4.6
S5
S5.1
S5.2

BEGIN_PARSE
i_cookie: 6caf607d d040e4b9
r_cookie: f35cb79e f8ae0829
payload: 01
isakmp_version: 10
exchange_type: 04
flags: 00
message_id: 00000000
len: 00000194
PARSING PAYLOAD type: 01
next_type: 22
S5.2

BEGIN_PARSE
i_cookie: 6caf607d d040e4b9
r_cookie: f35cb79e f8ae0829
payload: 08
isakmp_version: 10
exchange_type: 05
flags: 01
message_id: 46455c72
len: 00000054
PARSING PAYLOAD type: 08
next_type: 0c
length: 0014
ke.data: 7c970594 c0f0dd51 79c7d885 3593a0f8
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0c
next_type: 00
length: 001c
n.doi: 00000001
n.protocol: 01
n.spi_length: 10
d.num_spi: 0001
d.spi: 6caf607d d040e4b9 f35cb79e f8ae0829
DONE PARSING PAYLOAD type: 0c
PARSING PAYLOAD type: 00
PARSE_OK

hashlen: 16
u.hash.length: 16
expected_hash: 7c970594 c0f0dd51 79c7d885 3593a0f8
h->u.hash.data: 7c970594 c0f0dd51 79c7d885 3593a0f8
S5.3


---!!!!!!!!! entering phase2_fatal !!!!!!!!!---


size = 32, blksz = 8, padding = 0

sending: ========================>

BEGIN_PARSE
i_cookie: 6caf607d d040e4b9
r_cookie: f35cb79e f8ae0829
payload: 08
isakmp_version: 10
exchange_type: 05
flags: 01
message_id: fcc7a529
len: 0000003c
PARSING PAYLOAD type: 08
next_type: 0b
length: 0014
ke.data: 7581d0f0 971126ed 3ce58d54 18184bcb
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0b
next_type: 00
length: 000c
n.doi: 00000001
n.protocol: 01
n.spi_length: 00
n.type: 0007
n.spi:
n.data:
DONE PARSING PAYLOAD type: 0b
PARSING PAYLOAD type: 00
PARSE_OK

NAT-T mode, adding non-esp marker
size = 48, blksz = 8, padding = 0

sending: ========================>

BEGIN_PARSE
i_cookie: 6caf607d d040e4b9
r_cookie: f35cb79e f8ae0829
payload: 08
isakmp_version: 10
exchange_type: 05
flags: 01
message_id: 1bd14137
len: 0000004c
PARSING PAYLOAD type: 08
next_type: 0c
length: 0014
ke.data: 2bd4675f 0bc6888e fec044a2 7b473197
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0c
next_type: 00
length: 001c
n.doi: 00000001
n.protocol: 01
n.spi_length: 10
d.num_spi: 0001
d.spi: 6caf607d d040e4b9 f35cb79e f8ae0829
DONE PARSING PAYLOAD type: 0c
PARSING PAYLOAD type: 00
PARSE_OK

NAT-T mode, adding non-esp marker
./vpnc: expected xauth packet; rejected: INVALID_EXCHANGE_TYPE

== cisco ios log ==
1w4d: ISAKMP (0:0): received packet from 219.251.175.80 dport 500 sport
500 Global (N) NEW SA
1w4d: ISAKMP: Created a peer struct for 219.251.175.80, peer port 500
1w4d: ISAKMP: Locking peer struct 0x446BE5CC, IKE refcount 1 for
crypto_ikmp_config_initialize_sa
1w4d: ISAKMP (0:0): Setting client config settings 447F8AF4
1w4d: ISAKMP (0:0): (Re)Setting client xauth list and state
1w4d: ISAKMP: local port 500, remote port 500
1w4d: ISAKMP: insert sa successfully sa = 448370D0
1w4d: ISAKMP (6:1): processing SA payload. message ID = 0
1w4d: ISAKMP (6:1): processing ID payload. message ID = 0
1w4d: ISAKMP (6:1): peer matches xauth profile
1w4d: ISAKMP: Looking for a matching key for 219.251.175.80 in default
1w4d: ISAKMP (6:1): (Re)Setting client xauth list userauthen and state
1w4d: ISAKMP (6:1): processing vendor id payload
1w4d: ISAKMP (6:1): vendor ID seems Unity/DPD but major 242 mismatch
1w4d: ISAKMP (6:1): vendor ID is XAUTH
1w4d: ISAKMP (6:1): processing vendor id payload
1w4d: ISAKMP (6:1): vendor ID is Unity
1w4d: ISAKMP (6:1): processing vendor id payload
1w4d: ISAKMP (6:1): vendor ID seems Unity/DPD but major 123 mismatch
1w4d: ISAKMP (6:1): vendor ID is NAT-T v2
1w4d: ISAKMP (6:1) Authentication by xauth preshared
1w4d: ISAKMP (6:1): Checking ISAKMP transform 0 against priority 1 policy
1w4d: ISAKMP: keylength of 256
1w4d: ISAKMP: encryption AES-CBC
1w4d: ISAKMP: hash SHA
1w4d: ISAKMP: auth XAUTHInitPreShared
1w4d: ISAKMP: default group 2
1w4d: ISAKMP: life type in seconds
1w4d: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:1): Encryption algorithm offered does not match policy!
1w4d: ISAKMP (6:1): atts are not acceptable. Next payload is 3
1w4d: ISAKMP (6:1): Checking ISAKMP transform 1 against priority 1 policy
1w4d: ISAKMP: keylength of 256
1w4d: ISAKMP: encryption AES-CBC
1w4d: ISAKMP: hash MD5
1w4d: ISAKMP: auth XAUTHInitPreShared
1w4d: ISAKMP: default group 2
1w4d: ISAKMP: life type in seconds
1w4d: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:1): Encryption algorithm offered does not match policy!
1w4d: ISAKMP (6:1): atts are not acceptable. Next payload is 3
1w4d: ISAKMP (6:1): Checking ISAKMP transform 2 against priority 1 policy
1w4d: ISAKMP: keylength of 192
1w4d: ISAKMP: encryption AES-CBC
1w4d: ISAKMP: hash SHA
1w4d: ISAKMP: auth XAUTHInitPreShared
1w4d: ISAKMP: default group 2
1w4d: ISAKMP: life type in seconds
1w4d: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:1): Encryption algorithm offered does not match policy!
1w4d: ISAKMP (6:1): atts are not acceptable. Next payload is 3
1w4d: ISAKMP (6:1): Checking ISAKMP transform 3 against priority 1 policy
1w4d: ISAKMP: keylength of 192
1w4d: ISAKMP: encryption AES-CBC
1w4d: ISAKMP: hash MD5
1w4d: ISAKMP: auth XAUTHInitPreShared
1w4d: ISAKMP: default group 2
1w4d: ISAKMP: life type in seconds
1w4d: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:1): Encryption algorithm offered does not match policy!
1w4d: ISAKMP (6:1): atts are not acceptable. Next payload is 3
1w4d: ISAKMP (6:1): Checking ISAKMP transform 4 against priority 1 policy
1w4d: ISAKMP: keylength of 128
1w4d: ISAKMP: encryption AES-CBC
1w4d: ISAKMP: hash SHA
1w4d: ISAKMP: auth XAUTHInitPreShared
1w4d: ISAKMP: default group 2
1w4d: ISAKMP: life type in seconds
1w4d: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:1): Encryption algorithm offered does not match policy!
1w4d: ISAKMP (6:1): atts are not acceptable. Next payload is 3
1w4d: ISAKMP (6:1): Checking ISAKMP transform 5 against priority 1 policy
1w4d: ISAKMP: keylength of 128
1w4d: ISAKMP: encryption AES-CBC
1w4d: ISAKMP: hash MD5
1w4d: ISAKMP: auth XAUTHInitPreShared
1w4d: ISAKMP: default group 2
1w4d: ISAKMP: life type in seconds
1w4d: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:1): Encryption algorithm offered does not match policy!
1w4d: ISAKMP (6:1): atts are not acceptable. Next payload is 3
1w4d: ISAKMP (6:1): Checking ISAKMP transform 6 against priority 1 policy
1w4d: ISAKMP: encryption 3DES-CBC
1w4d: ISAKMP: hash SHA
1w4d: ISAKMP: auth XAUTHInitPreShared
1w4d: ISAKMP: default group 2
1w4d: ISAKMP: life type in seconds
1w4d: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:1): Hash algorithm offered does not match policy!
1w4d: ISAKMP (6:1): atts are not acceptable. Next payload is 3
1w4d: ISAKMP (6:1): Checking ISAKMP transform 7 against priority 1 policy
1w4d: ISAKMP: encryption 3DES-CBC
1w4d: ISAKMP: hash MD5
1w4d: ISAKMP: auth XAUTHInitPreShared
1w4d: ISAKMP: default group 2
1w4d: ISAKMP: life type in seconds
1w4d: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:1): atts are acceptable. Next payload is 0
1w4d: ISAKMP (6:1): processing KE payload. message ID = 0
1w4d: ISAKMP (6:1): processing NONCE payload. message ID = 0
1w4d: ISAKMP (6:1): processing vendor id payload
1w4d: ISAKMP (6:1): vendor ID seems Unity/DPD but major 242 mismatch
1w4d: ISAKMP (6:1): vendor ID is XAUTH
1w4d: ISAKMP (6:1): processing vendor id payload
1w4d: ISAKMP (6:1): vendor ID is Unity
1w4d: ISAKMP (6:1): processing vendor id payload
1w4d: ISAKMP (6:1): vendor ID seems Unity/DPD but major 123 mismatch
1w4d: ISAKMP (6:1): vendor ID is NAT-T v2
1w4d: ISAKMP (6:1): Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
1w4d: ISAKMP (6:1): Old State = IKE_READY New State = IKE_R_AM_AAA_AWAIT

1w4d: ISAKMP: got callback 1
1w4d: ISAKMP (6:1): SKEYID state generated
1w4d: ISAKMP (6:1): constructed NAT-T vendor-02 ID
1w4d: ISAKMP (6:1): SA is doing pre-shared key authentication plus XAUTH
using id type ID_IPV4_ADDR
1w4d: ISAKMP (1): ID payload
next-payload : 10
type : 1
addr : 172.71.56.100
protocol : 17
port : 0
length : 8
1w4d: ISAKMP (1): Total payload length: 12
1w4d: ISAKMP (6:1): constructed HIS NAT-D
1w4d: ISAKMP (6:1): constructed MINE NAT-D
1w4d: ISAKMP (6:1): sending packet to 219.251.175.80 my_port 500
peer_port 500 (R) AG_INIT_EXCH
1w4d: ISAKMP (6:1): Input = IKE_MESG_FROM_AAA, PRESHARED_KEY_REPLY
1w4d: ISAKMP (6:1): Old State = IKE_R_AM_AAA_AWAIT New State = IKE_R_AM2

1w4d: ISAKMP (6:1): received packet from 219.251.175.80 dport 4500 sport
4500 Global (R) AG_INIT_EXCH
1w4d: ISAKMP (6:1): processing HASH payload. message ID = 0
1w4d: ISAKMP (6:1): processing NOTIFY INITIAL_CONTACT protocol 1
spi 0, message ID = 0, sa = 448370D0
1w4d: ISAKMP (6:1): Process initial contact,
bring down existing phase 1 and 2 SA's with local 172.71.56.100 remote
219.251.175.80 remote port 4500
1w4d: ISAKMP (6:1): returning IP addr to the address pool
1w4d: ISAKMP (6:1): processing vendor id payload
1w4d: ISAKMP (6:1): vendor ID seems Unity/DPD but major 75 mismatch
1w4d: ISAKMP (6:1): processing vendor id payload
1w4d: ISAKMP (6:1): vendor ID is Unity
1w4d: ISAKMP:received payload type 0
1w4d: ISAKMP (6:1): Unknown Input: state = IKE_R_AM2, major, minor =
IKE_MESG_FROM_PEER, IKE_AM_EXCH

1w4d: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed
with peer at 219.251.175.80
1w4d: IPSEC(key_engine): got a queue event...
1w4d: ISAKMP (6:1): received packet from 219.251.175.80 dport 4500 sport
4500 Global (R) AG_INIT_EXCH
1w4d: ISAKMP (6:1): phase 1 packet is a duplicate of a previous packet.
1w4d: ISAKMP (6:1): retransmitting due to retransmit phase 1
1w4d: ISAKMP (6:1): retransmitting phase 1 AG_INIT_EXCH...
1w4d: ISAKMP (6:1): retransmitting phase 1 AG_INIT_EXCH...
1w4d: ISAKMP (6:1): incrementing error counter on sa: retransmit phase 1
1w4d: ISAKMP (6:1): retransmitting phase 1 AG_INIT_EXCH
1w4d: ISAKMP (6:1): sending packet to 219.251.175.80 my_port 4500
peer_port 4500 (R) AG_INIT_EXCH
1w4d: ISAKMP (6:1): retransmitting phase 1 AG_INIT_EXCH...
1w4d: ISAKMP (6:1): incrementing error counter on sa: retransmit phase 1
1w4d: ISAKMP (6:1): retransmitting phase 1 AG_INIT_EXCH
1w4d: ISAKMP (6:1): sending packet to 219.251.175.80 my_port 4500
peer_port 4500 (R) AG_INIT_EXCH
1w4d: ISAKMP (6:1): retransmitting phase 1 AG_INIT_EXCH...
1w4d: ISAKMP (6:1): incrementing error counter on sa: retransmit phase 1
1w4d: ISAKMP (6:1): retransmitting phase 1 AG_INIT_EXCH
1w4d: ISAKMP (6:1): sending packet to 219.251.175.80 my_port 4500
peer_port 4500 (R) AG_INIT_EXCH
1w4d: %CI-3-PSFAIL: Power supply 2 failure
1w4d: %CI-3-BLOWER: ps2 fan failure
1w4d: ISAKMP (6:1): retransmitting phase 1 AG_INIT_EXCH...
1w4d: ISAKMP (6:1): incrementing error counter on sa: retransmit phase 1
1w4d: ISAKMP (6:1): retransmitting phase 1 AG_INIT_EXCH
1w4d: ISAKMP (6:1): sending packet to 219.251.175.80 my_port 4500
peer_port 4500 (R) AG_INIT_EXCH
1w4d: ISAKMP (6:1): retransmitting phase 1 AG_INIT_EXCH...
1w4d: ISAKMP (6:1): incrementing error counter on sa: retransmit phase 1
1w4d: ISAKMP (6:1): retransmitting phase 1 AG_INIT_EXCH
1w4d: ISAKMP (6:1): sending packet to 219.251.175.80 my_port 4500
peer_port 4500 (R) AG_INIT_EXCH
1w4d: ISAKMP (6:1): retransmitting phase 1 AG_INIT_EXCH...
1w4d: ISAKMP (6:1): peer does not do paranoid keepalives.

1w4d: ISAKMP (6:1): deleting SA reason "death by retransmission P1"
state (R) AG_INIT_EXCH (peer 219.251.175.80) input queue 0
1w4d: ISAKMP (6:1): deleting SA reason "death by retransmission P1"
state (R) AG_INIT_EXCH (peer 219.251.175.80) input queue 0
1w4d: ISAKMP: set new node 1918649670 to CONF_XAUTH
1w4d: ISAKMP (6:1): sending packet to 219.251.175.80 my_port 4500
peer_port 4500 (R) MM_NO_STATE
1w4d: ISAKMP (6:1): purging node 1918649670
1w4d: ISAKMP (6:1): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
1w4d: ISAKMP (6:1): Old State = IKE_R_AM2 New State = IKE_DEST_SA

1w4d: ISAKMP (6:1): received packet from 219.251.175.80 dport 4500 sport
4500 Global (R) MM_NO_STATE
1w4d: ISAKMP (6:1): received packet from 219.251.175.80 dport 4500 sport
4500 Global (R) MM_NO_STATE


massar at unix-ag

Nov 14, 2004, 1:19 PM

Post #6 of 11 (1444 views)
Permalink
nat-t problem with cisco ios [In reply to]
hi,

On Sun, Nov 14, 2004 at 11:42:40AM +0900, Ju min su wrote:
> PARSING PAYLOAD type: 82
> next_type: 82
> length: 0014
> ke.data: ff877068 f65a95c7 0eb49369 af0421fe
> DONE PARSING PAYLOAD type: 82
> PARSING PAYLOAD type: 82
> next_type: 00
> length: 0014
> ke.data: dea20489 dbee3a26 0eb8c919 21b8b0cd
> DONE PARSING PAYLOAD type: 82
>
> sending: ========================>
>
> PARSING PAYLOAD type: 0f
> next_type: 0f
> length: 0014
> ke.data: dea20489 dbee3a26 0eb8c919 21b8b0cd
> DONE PARSING PAYLOAD type: 0f
> PARSING PAYLOAD type: 0f
> next_type: 00
> length: 0014
> ke.data: 9fcb77fe 81d0a9e0 8397eb09 0047e6ac
> DONE PARSING PAYLOAD type: 0f
> PARSING PAYLOAD type: 00
> PARSE_OK

maybe IOS does not like that vpnc responds to type 0x82 NAT-Discovery
payloads with type 0x0F NAT-D payloads.

Try revision 35 please, I changed vpnc to always respond using the same
type as the peer.

cu
maurice


minsuj at electrang

Nov 14, 2004, 2:31 PM

Post #7 of 11 (1463 views)
Permalink
nat-t problem with cisco ios [In reply to]
Maurice Massar ? ?:

>
>maybe IOS does not like that vpnc responds to type 0x82 NAT-Discovery
>payloads with type 0x0F NAT-D payloads.
>
>Try revision 35 please, I changed vpnc to always respond using the same
>type as the peer.
>
>
>
ok.. i think almost done..
thank you.. but not finished.. :)

with-natt still fail..

here are 4 log..
* vpnc --disable-natt ( success !! )
* cisco ios log when vpnc --disable-natt
* vpnc (--enable-natt) ( fail !! )
* cisco ios log when vpnc (--enable-natt)

[root [at] localhos trunk]# ./vpnc
./vpnc: quick mode response rejected: INVALID_MESSAGE_ID
check pfs setting

[root [at] localhos trunk]# ./vpnc --disable-natt
VPNC started in background (pid: 7051)...

== vpnc level 3 log --disable-natt ==
[root [at] localhos trunk]# ./vpnc --disable-natt --debug 3
hex_test: 00010203
vpnc version 0.3.1
S1
S2
S3
using interface tun0
S4
S4.1
i_cookie: de2b6cad e1375ed2
i_nonce: 159a85d9 12685e75 842284b8 649b20cd b63a76d5
S4.2
dh_public:
2649fe37 1ed5fdc7 f118ebd6 d6bd0876 1cd57769 7bc2fd6f fd8a4d43 86eb8c18
5da8ce75 5b4f55ef 6cfd933f 7cd626b0 ecf4c8af 562c8d83 5fe52ac3 8eb0562c
ce01d18c 4a94948e 0829d8ed 22c5334c 37374a27 db5cd562 02423502 74e57ee5
4cec7fa1 b29a6d4c 1e894a0a 5a1e8d65 f40f7ce5 1672e6c6 bde72610 3be3be08
S4.3

sending: ========================>

BEGIN_PARSE
i_cookie: de2b6cad e1375ed2
r_cookie: 00000000 00000000
payload: 01
isakmp_version: 10
exchange_type: 04
flags: 00
message_id: 00000000
len: 00000235
PARSING PAYLOAD type: 01
next_type: 04
length: 014c
sa.doi: 00000001
sa.situation: 00000001
PARSING PAYLOAD type: 02
next_type: 00
length: 0140
p.number: 00
p.prot_id: 01
p.spi_size: 00
length: 08
p.spi:
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 00
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 0100
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0002
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 01
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 0100
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0001
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 02
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 00c0
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0002
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 03
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 00c0
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0001
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 04
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 0080
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0002
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 05
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 0080
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0001
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0024
t.number: 06
t.id: 01
t.attributes.type: 0001
t.attributes.u.attr_16: 0005
t.attributes.type: 0002
t.attributes.u.attr_16: 0002
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 00
length: 0024
t.number: 07
t.id: 01
t.attributes.type: 0001
t.attributes.u.attr_16: 0005
t.attributes.type: 0002
t.attributes.u.attr_16: 0001
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 01
PARSING PAYLOAD type: 04
next_type: 0a
length: 0084
ke.data:
2649fe37 1ed5fdc7 f118ebd6 d6bd0876 1cd57769 7bc2fd6f fd8a4d43 86eb8c18
5da8ce75 5b4f55ef 6cfd933f 7cd626b0 ecf4c8af 562c8d83 5fe52ac3 8eb0562c
ce01d18c 4a94948e 0829d8ed 22c5334c 37374a27 db5cd562 02423502 74e57ee5
4cec7fa1 b29a6d4c 1e894a0a 5a1e8d65 f40f7ce5 1672e6c6 bde72610 3be3be08
DONE PARSING PAYLOAD type: 04
PARSING PAYLOAD type: 0a
next_type: 05
length: 0018
ke.data: 159a85d9 12685e75 842284b8 649b20cd b63a76d5
DONE PARSING PAYLOAD type: 0a
PARSING PAYLOAD type: 05
next_type: 0d
length: 0011
id.type: 0b
id.protocol: 11
id.port: f401
id.data: 76706e63 6c69656e 74
DONE PARSING PAYLOAD type: 05
PARSING PAYLOAD type: 0d
next_type: 0d
length: 000c
ke.data: 09002689 dfd6b712
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 00
length: 0014
ke.data: 12f5f28c 457168a9 702d9fe2 74cc0100
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 00
PARSE_OK

S4.4

BEGIN_PARSE
i_cookie: de2b6cad e1375ed2
r_cookie: 941f91a3 32e13503
payload: 01
isakmp_version: 10
exchange_type: 04
flags: 00
message_id: 00000000
len: 00000158
PARSING PAYLOAD type: 01
next_type: 0d
length: 0038
sa.doi: 00000001
sa.situation: 00000001
PARSING PAYLOAD type: 02
next_type: 00
length: 002c
p.number: 01
p.prot_id: 01
p.spi_size: 00
length: 01
p.spi:
PARSING PAYLOAD type: 03
next_type: 00
length: 0024
t.number: 01
t.id: 01
t.attributes.type: 0001
t.attributes.u.attr_16: 0005
t.attributes.type: 0002
t.attributes.u.attr_16: 0001
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 01
PARSING PAYLOAD type: 0d
next_type: 0d
length: 0014
ke.data: 12f5f28c 457168a9 702d9fe2 74cc0100
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 0d
length: 0014
ke.data: afcad713 68a1f1c9 6b8696fc 77570100
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 0d
length: 0014
ke.data: 61d836be 32e03503 eff195fe 8a208a26
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 04
length: 000c
ke.data: 09002689 dfd6b712
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 04
next_type: 05
length: 0084
ke.data:
f45a107c d95b31a2 89074cfc f190feab afdbaa13 1f2942b0 30fbd3a6 e20193d9
24277813 81dc9144 2470d4f7 bb2520db fd67c2e8 a1e083ff b5593dc1 8c4d1f21
2d8121f5 eb14f543 c38ea94a 2c3e8cea 2b27a75e 22772343 80665b9d b8b63d69
c9cb62de ac1c63f0 0e1e95cd aed79c6e a263697e b4fa8ae2 01a1fd86 06556b20
DONE PARSING PAYLOAD type: 04
PARSING PAYLOAD type: 05
next_type: 0a
length: 000c
id.type: 01
id.protocol: 11
id.port: 0000
id.data: dc473864
DONE PARSING PAYLOAD type: 05
PARSING PAYLOAD type: 0a
next_type: 08
length: 0018
ke.data: 5da84ab5 43b3b9b7 fb14668e a4bddcb2 c2a615f7
DONE PARSING PAYLOAD type: 0a
PARSING PAYLOAD type: 08
next_type: 00
length: 0014
ke.data: 2ab04837 d25634ce 6f76a05c 69851e40
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 00
PARSE_OK

IKE SA selected 3des-md5
skeyid: 3cafe4e0 44d41f9c 12fa445f 99bbdb2e
returned_hash: ec2987c2 4c16ca47 e62769c6 d9657b06
dh_shared_secret:
09747133 387a7817 e425a98f df3d5cbe a262a616 88c7825b 576d4f70 d2064dcb
1c50dae2 0a35ed28 64462a9d 6219a5d6 4e6e68ff 6d06360b e98624f5 0bada9fc
bf68860a 4a1d248b 0e4b9940 b3dc1c20 1c66d7b1 62fa5cf0 be22f974 9af0ddd0
b55dde90 083764e4 8982ad8b b3a9b8fc 790cbd60 d21dc883 9853a2dd 6eb366b4
skeyid_d: fd12f2a8 51548cb7 cd0a5cbd afe4ebf3
skeyid_a: e800ebb8 a5c00c75 6dd93ad4 2d2dcdf7
skeyid_e: 97523527 3deca5b6 59b43f60 18c61fb5
enc-key: 7d43abc8 91820820 d0fb1dbe 66543e11 832aa6c4 0fad12bd
current_iv: 893b001e ec415d8f
S4.5
NAT status: no NAT-T VID seen
size = 88, blksz = 8, padding = 0

sending: ========================>

BEGIN_PARSE
i_cookie: de2b6cad e1375ed2
r_cookie: 941f91a3 32e13503
payload: 08
isakmp_version: 10
exchange_type: 04
flags: 01
message_id: 00000000
len: 00000074
PARSING PAYLOAD type: 08
next_type: 0b
length: 0014
ke.data: ec2987c2 4c16ca47 e62769c6 d9657b06
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0b
next_type: 0d
length: 001c
n.doi: 00000001
n.protocol: 01
n.spi_length: 10
n.type: 6002
n.spi: de2b6cad e1375ed2 941f91a3 32e13503
n.data:
DONE PARSING PAYLOAD type: 0b
PARSING PAYLOAD type: 0d
next_type: 0d
length: 0014
ke.data: 126e1f57 7291153b 20485f7f 155b4bc8
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 00
length: 0014
ke.data: 12f5f28c 457168a9 702d9fe2 74cc0100
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 00
PARSE_OK

initial_iv: 8044c04c d740d8ae
S4.6
S5
S5.1
S5.2

BEGIN_PARSE
i_cookie: de2b6cad e1375ed2
r_cookie: 941f91a3 32e13503
payload: 08
isakmp_version: 10
exchange_type: 05
flags: 01
message_id: 0cc4a3c7
len: 0000005c
PARSING PAYLOAD type: 08
next_type: 0b
length: 0014
ke.data: e8056d7e 8e0fef4e 2e507d34 9af4af5f
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0b
next_type: 00
length: 0028
n.doi: 00000001
n.protocol: 01
n.spi_length: 10
n.type: 6000
n.spi: de2b6cad e1375ed2 941f91a3 32e13503
n.data: 800b0001 000c0004 00015180
DONE PARSING PAYLOAD type: 0b
PARSING PAYLOAD type: 00
PARSE_OK

hashlen: 16
u.hash.length: 16
expected_hash: e8056d7e 8e0fef4e 2e507d34 9af4af5f
h->u.hash.data: e8056d7e 8e0fef4e 2e507d34 9af4af5f
got responder liftime notice, ignoring..
S5.2

BEGIN_PARSE
i_cookie: de2b6cad e1375ed2
r_cookie: 941f91a3 32e13503
payload: 08
isakmp_version: 10
exchange_type: 06
flags: 01
message_id: 83eb9a93
len: 00000044
PARSING PAYLOAD type: 08
next_type: 0e
length: 0014
ke.data: b3b7c0b6 dcb60f62 6d89c225 e89dd0a2
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0e
next_type: 00
length: 0010
modecfg.type: 01
t.id: 0000
t.attributes.type: 4089
(not dumping xauth data length)
(not dumping xauth data)
t.attributes.type: 408a
(not dumping xauth data length)
(not dumping xauth data)
DONE PARSING PAYLOAD type: 0e
PARSING PAYLOAD type: 00
PARSE_OK

hashlen: 16
u.hash.length: 16
expected_hash: b3b7c0b6 dcb60f62 6d89c225 e89dd0a2
h->u.hash.data: b3b7c0b6 dcb60f62 6d89c225 e89dd0a2
S5.3
S5.4
S5.5
size = 50, blksz = 8, padding = 6

sending: ========================>

BEGIN_PARSE
i_cookie: de2b6cad e1375ed2
r_cookie: 941f91a3 32e13503
payload: 08
isakmp_version: 10
exchange_type: 06
flags: 01
message_id: 83eb9a93
len: 00000054
PARSING PAYLOAD type: 08
next_type: 0e
length: 0014
ke.data: 81ea4a68 f4fa713e a26005e3 3213afb8
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0e
next_type: 00
length: 001e
modecfg.type: 02
t.id: 0000
t.attributes.type: 408a
(not dumping xauth data length)
(not dumping xauth data)
t.attributes.type: 4089
(not dumping xauth data length)
(not dumping xauth data)
DONE PARSING PAYLOAD type: 0e
PARSING PAYLOAD type: 00
PARSE_OK

S5.2

BEGIN_PARSE
i_cookie: de2b6cad e1375ed2
r_cookie: 941f91a3 32e13503
payload: 08
isakmp_version: 10
exchange_type: 06
flags: 01
message_id: ebf7316c
len: 00000044
PARSING PAYLOAD type: 08
next_type: 0e
length: 0014
ke.data: 2e9f02ee 02c5f4dd 107473b3 30375573
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0e
next_type: 00
length: 000c
modecfg.type: 03
t.id: 0000
t.attributes.type: 408f
(not dumping xauth data)
DONE PARSING PAYLOAD type: 0e
PARSING PAYLOAD type: 00
PARSE_OK

hashlen: 16
u.hash.length: 16
expected_hash: 2e9f02ee 02c5f4dd 107473b3 30375573
h->u.hash.data: 2e9f02ee 02c5f4dd 107473b3 30375573
S5.3
S5.6
size = 32, blksz = 8, padding = 0

sending: ========================>

BEGIN_PARSE
i_cookie: de2b6cad e1375ed2
r_cookie: 941f91a3 32e13503
payload: 08
isakmp_version: 10
exchange_type: 06
flags: 01
message_id: ebf7316c
len: 0000003c
PARSING PAYLOAD type: 08
next_type: 0e
length: 0014
ke.data: 31d251aa 1dd0b0c0 a06b85dd 649f55b3
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0e
next_type: 00
length: 000c
modecfg.type: 04
t.id: 0000
t.attributes.type: 408f
(not dumping xauth data)
DONE PARSING PAYLOAD type: 0e
PARSING PAYLOAD type: 00
PARSE_OK

S5.7
S6
size = 121, blksz = 8, padding = 7

sending: ========================>

BEGIN_PARSE
i_cookie: de2b6cad e1375ed2
r_cookie: 941f91a3 32e13503
payload: 08
isakmp_version: 10
exchange_type: 06
flags: 01
message_id: 82216dc9
len: 0000009c
PARSING PAYLOAD type: 08
next_type: 0e
length: 0014
ke.data: 3754fe69 40e0f67e 83cac1a2 db1807c0
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0e
next_type: 00
length: 0065
modecfg.type: 01
t.id: 0014
t.attributes.type: 0001
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
t.attributes.type: 0002
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
t.attributes.type: 0003
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
t.attributes.type: 0004
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
t.attributes.type: 7002
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
t.attributes.type: 7007
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
t.attributes.type: 7000
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
t.attributes.type: 700a
t.attributes.u.lots.length: 0015
t.attributes.u.lots.data: 6c6f6361 6c686f73 742e6c6f 63616c64 6f6d6169 6e
t.attributes.type: 0007
t.attributes.u.lots.length: 0024
t.attributes.u.lots.data:
43697363 6f205379 7374656d 73205650 4e20436c 69656e74 20302e33 2e313a4c
696e7578
DONE PARSING PAYLOAD type: 0e
PARSING PAYLOAD type: 00
PARSE_OK


BEGIN_PARSE
i_cookie: de2b6cad e1375ed2
r_cookie: 941f91a3 32e13503
payload: 08
isakmp_version: 10
exchange_type: 06
flags: 01
message_id: 82216dc9
len: 0000017c
PARSING PAYLOAD type: 08
next_type: 0e
length: 0014
ke.data: 87ee91c2 816da3f0 656f21af 3de5cf20
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0e
next_type: 00
length: 0149
modecfg.type: 02
t.id: 0014
t.attributes.type: 0001
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: ac1f644c
t.attributes.type: 0003
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: d3e8be01
t.attributes.type: 0003
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: d3e8bf01
t.attributes.type: 0004
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: d3e8be08
t.attributes.type: 0004
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: d3e8bf08
t.attributes.type: 7002
t.attributes.u.lots.length: 0008
t.attributes.u.lots.data: 6e657867 2e6e6574
t.attributes.type: 0007
t.attributes.u.lots.length: 0109
t.attributes.u.lots.data:
43697363 6f20496e 7465726e 6574776f 726b204f 70657261 74696e67 20537973
74656d20 536f6674 77617265 200a494f 53202874 6d292052 53502053 6f667477
61726520 28525350 2d494b39 4f335356 2d4d292c 20566572 73696f6e 2031322e
32283135 29543134 2c205245 4c454153 4520534f 46545741 52452028 66633429
0a546563 686e6963 616c2053 7570706f 72743a20 68747470 3a2f2f77 77772e63
6973636f 2e636f6d 2f746563 68737570 706f7274 0a436f70 79726967 68742028
63292031 3938362d 32303034 20627920 63697363 6f205379 7374656d 732c2049
6e632e0a 436f6d70 696c6564 20536174 2032382d 4175672d 30342031 393a3134
20627920 636d6f6e 67
DONE PARSING PAYLOAD type: 0e
PARSING PAYLOAD type: 00
PARSE_OK

hashlen: 16
u.hash.length: 16
expected_hash: 87ee91c2 816da3f0 656f21af 3de5cf20
h->u.hash.data: 87ee91c2 816da3f0 656f21af 3de5cf20
Remote Application Version: Cisco Internetwork Operating System Software
IOS (tm) RSP Software (RSP-IK9O3SV-M), Version 12.2(15)T14, RELEASE
SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Sat 28-Aug-04 19:14 by cmong
got address 172.31.100.76
S7
S7.1
S7.2
size = 428, blksz = 8, padding = 4

sending: ========================>

BEGIN_PARSE
i_cookie: de2b6cad e1375ed2
r_cookie: 941f91a3 32e13503
payload: 08
isakmp_version: 10
exchange_type: 20
flags: 01
message_id: 0b651e73
len: 000001cc
PARSING PAYLOAD type: 08
next_type: 01
length: 0014
ke.data: 02248205 55b576ce 60f22eb6 9abaa852
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 01
next_type: 0a
length: 0164
sa.doi: 00000001
sa.situation: 00000001
PARSING PAYLOAD type: 02
next_type: 02
length: 002c
p.number: 00
p.prot_id: 03
p.spi_size: 04
length: 01
p.spi: caef254c
PARSING PAYLOAD type: 03
next_type: 00
length: 0020
t.number: 00
t.id: 0c
t.attributes.type: 0006
t.attributes.u.attr_16: 0100
t.attributes.type: 0004
t.attributes.u.attr_16: 0001
t.attributes.type: 0005
t.attributes.u.attr_16: 0002
t.attributes.type: 0001
t.attributes.u.attr_16: 0001
t.attributes.type: 0002
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 02
next_type: 02
length: 002c
p.number: 01
p.prot_id: 03
p.spi_size: 04
length: 01
p.spi: caef254c
PARSING PAYLOAD type: 03
next_type: 00
length: 0020
t.number: 00
t.id: 0c
t.attributes.type: 0006
t.attributes.u.attr_16: 0100
t.attributes.type: 0004
t.attributes.u.attr_16: 0001
t.attributes.type: 0005
t.attributes.u.attr_16: 0001
t.attributes.type: 0001
t.attributes.u.attr_16: 0001
t.attributes.type: 0002
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 02
next_type: 02
length: 002c
p.number: 02
p.prot_id: 03
p.spi_size: 04
length: 01
p.spi: caef254c
PARSING PAYLOAD type: 03
next_type: 00
length: 0020
t.number: 00
t.id: 0c
t.attributes.type: 0006
t.attributes.u.attr_16: 00c0
t.attributes.type: 0004
t.attributes.u.attr_16: 0001
t.attributes.type: 0005
t.attributes.u.attr_16: 0002
t.attributes.type: 0001
t.attributes.u.attr_16: 0001
t.attributes.type: 0002
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 02
next_type: 02
length: 002c
p.number: 03
p.prot_id: 03
p.spi_size: 04
length: 01
p.spi: caef254c
PARSING PAYLOAD type: 03
next_type: 00
length: 0020
t.number: 00
t.id: 0c
t.attributes.type: 0006
t.attributes.u.attr_16: 00c0
t.attributes.type: 0004
t.attributes.u.attr_16: 0001
t.attributes.type: 0005
t.attributes.u.attr_16: 0001
t.attributes.type: 0001
t.attributes.u.attr_16: 0001
t.attributes.type: 0002
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 02
next_type: 02
length: 002c
p.number: 04
p.prot_id: 03
p.spi_size: 04
length: 01
p.spi: caef254c
PARSING PAYLOAD type: 03
next_type: 00
length: 0020
t.number: 00
t.id: 0c
t.attributes.type: 0006
t.attributes.u.attr_16: 0080
t.attributes.type: 0004
t.attributes.u.attr_16: 0001
t.attributes.type: 0005
t.attributes.u.attr_16: 0002
t.attributes.type: 0001
t.attributes.u.attr_16: 0001
t.attributes.type: 0002
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 02
next_type: 02
length: 002c
p.number: 05
p.prot_id: 03
p.spi_size: 04
length: 01
p.spi: caef254c
PARSING PAYLOAD type: 03
next_type: 00
length: 0020
t.number: 00
t.id: 0c
t.attributes.type: 0006
t.attributes.u.attr_16: 0080
t.attributes.type: 0004
t.attributes.u.attr_16: 0001
t.attributes.type: 0005
t.attributes.u.attr_16: 0001
t.attributes.type: 0001
t.attributes.u.attr_16: 0001
t.attributes.type: 0002
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 02
next_type: 02
length: 0028
p.number: 06
p.prot_id: 03
p.spi_size: 04
length: 01
p.spi: caef254c
PARSING PAYLOAD type: 03
next_type: 00
length: 001c
t.number: 00
t.id: 03
t.attributes.type: 0004
t.attributes.u.attr_16: 0001
t.attributes.type: 0005
t.attributes.u.attr_16: 0002
t.attributes.type: 0001
t.attributes.u.attr_16: 0001
t.attributes.type: 0002
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 02
next_type: 00
length: 0028
p.number: 07
p.prot_id: 03
p.spi_size: 04
length: 01
p.spi: caef254c
PARSING PAYLOAD type: 03
next_type: 00
length: 001c
t.number: 00
t.id: 03
t.attributes.type: 0004
t.attributes.u.attr_16: 0001
t.attributes.type: 0005
t.attributes.u.attr_16: 0001
t.attributes.type: 0001
t.attributes.u.attr_16: 0001
t.attributes.type: 0002
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 01
PARSING PAYLOAD type: 0a
next_type: 05
length: 0018
ke.data: 27030dd5 06fe48f8 9112b138 8fc9bb78 84921a81
DONE PARSING PAYLOAD type: 0a
PARSING PAYLOAD type: 05
next_type: 05
length: 000c
id.type: 01
id.protocol: 00
id.port: 0000
id.data: ac1f644c
DONE PARSING PAYLOAD type: 05
PARSING PAYLOAD type: 05
next_type: 00
length: 0010
id.type: 04
id.protocol: 00
id.port: 0000
id.data: 00000000 00000000
DONE PARSING PAYLOAD type: 05
PARSING PAYLOAD type: 00
PARSE_OK

S7.3

BEGIN_PARSE
i_cookie: de2b6cad e1375ed2
r_cookie: 941f91a3 32e13503
payload: 08
isakmp_version: 10
exchange_type: 20
flags: 01
message_id: 0b651e73
len: 000000cc
PARSING PAYLOAD type: 08
next_type: 01
length: 0014
ke.data: 7efd2d42 7068588a 3da9834f a3c9baf1
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 01
next_type: 0a
length: 0038
sa.doi: 00000001
sa.situation: 00000001
PARSING PAYLOAD type: 02
next_type: 00
length: 002c
p.number: 01
p.prot_id: 03
p.spi_size: 04
length: 01
p.spi: 47504d95
PARSING PAYLOAD type: 03
next_type: 00
length: 0020
t.number: 01
t.id: 0c
t.attributes.type: 0004
t.attributes.u.attr_16: 0001
t.attributes.type: 0001
t.attributes.u.attr_16: 0001
t.attributes.type: 0002
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
t.attributes.type: 0005
t.attributes.u.attr_16: 0002
t.attributes.type: 0006
t.attributes.u.attr_16: 0100
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 01
PARSING PAYLOAD type: 0a
next_type: 05
length: 0018
ke.data: db5bfb1e 48e204b7 f247634a 579f729f 781e94b4
DONE PARSING PAYLOAD type: 0a
PARSING PAYLOAD type: 05
next_type: 05
length: 000c
id.type: 01
id.protocol: 00
id.port: 0000
id.data: ac1f644c
DONE PARSING PAYLOAD type: 05
PARSING PAYLOAD type: 05
next_type: 0b
length: 0010
id.type: 04
id.protocol: 00
id.port: 0000
id.data: 00000000 00000000
DONE PARSING PAYLOAD type: 05
PARSING PAYLOAD type: 0b
next_type: 00
length: 0028
n.doi: 00000001
n.protocol: 03
n.spi_length: 04
n.type: 6000
n.spi: 47504d95
n.data: 80010001 00020004 00000e10 80010002 00020004 00465000
DONE PARSING PAYLOAD type: 0b
PARSING PAYLOAD type: 00
PARSE_OK

hashlen: 16
u.hash.length: 16
expected_hash: 7efd2d42 7068588a 3da9834f a3c9baf1
h->u.hash.data: 7efd2d42 7068588a 3da9834f a3c9baf1
S7.4
S7.5
S7.6
IPSEC SA selected aes256-sha1
authing NULL package!
size = 20, blksz = 8, padding = 4

sending: ========================>

BEGIN_PARSE
i_cookie: de2b6cad e1375ed2
r_cookie: 941f91a3 32e13503
payload: 08
isakmp_version: 10
exchange_type: 20
flags: 01
message_id: 0b651e73
len: 00000034
PARSING PAYLOAD type: 08
next_type: 00
length: 0014
ke.data: 3e1f9eda 4bf2cee4 1b3be706 d157f661
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 00
PARSE_OK

S7.7
size = 68, blksz = 8, padding = 4

sending: ========================>

BEGIN_PARSE
i_cookie: de2b6cad e1375ed2
r_cookie: 941f91a3 32e13503
payload: 08
isakmp_version: 10
exchange_type: 05
flags: 01
message_id: e6167958
len: 00000064
PARSING PAYLOAD type: 08
next_type: 0c
length: 0014
ke.data: 547a067e 09e35b75 316eb2ea cc6ba608
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0c
next_type: 0c
length: 0014
n.doi: 00000001
n.protocol: 03
n.spi_length: 04
d.num_spi: 0002
d.spi: caef254c
d.spi: 47504d95
DONE PARSING PAYLOAD type: 0c
PARSING PAYLOAD type: 0c
next_type: 00
length: 001c
n.doi: 00000001
n.protocol: 01
n.spi_length: 10
d.num_spi: 0001
d.spi: de2b6cad e1375ed2 941f91a3 32e13503
DONE PARSING PAYLOAD type: 0c
PARSING PAYLOAD type: 00
PARSE_OK

S7.8
S7.9
generating 52 bytes keymat (cnt=4)
generating 52 bytes keymat (cnt=4)
S7.10
tous.enc_secret: 0a2ad0d8 2bba4fe9 2e594f87 d0016adb 38fc9973 843aa8ff
97679154 252edf1c
tous.auth_secret: 09a008ef 116832c6 12751916 7020e768 1901f51e
tothem.enc_secret: 746a3e43 b92e609a d7a0e976 19abfb02 ab9e5a25 3fa3e0df
982c07ca 2bdcda58
tothem.auth_secret: 0f7c29a8 f72b7c61 7109a1f4 b9663c12 6c047afa
VPNC started in background (pid: 7135)...

== cisco ios log --disable-natt ==
1w4d: ISAKMP (0:0): received packet from 172.31.182.33 dport 500 sport
500 Global (N) NEW SA
1w4d: ISAKMP: Created a peer struct for 172.31.182.33, peer port 500
1w4d: ISAKMP: Locking peer struct 0x4482F598, IKE refcount 1 for
crypto_ikmp_config_initialize_sa
1w4d: ISAKMP (0:0): Setting client config settings 44769EA4
1w4d: ISAKMP (0:0): (Re)Setting client xauth list and state
1w4d: ISAKMP: local port 500, remote port 500
1w4d: ISAKMP: insert sa successfully sa = 4483BEC0
1w4d: ISAKMP (6:1): processing SA payload. message ID = 0
1w4d: ISAKMP (6:1): processing ID payload. message ID = 0
1w4d: ISAKMP (6:1): peer matches xauth profile
1w4d: ISAKMP: Looking for a matching key for 172.31.182.33 in default
1w4d: ISAKMP (6:1): (Re)Setting client xauth list userauthen and state
1w4d: ISAKMP (6:1): processing vendor id payload
1w4d: ISAKMP (6:1): vendor ID seems Unity/DPD but major 242 mismatch
1w4d: ISAKMP (6:1): vendor ID is XAUTH
1w4d: ISAKMP (6:1): processing vendor id payload
1w4d: ISAKMP (6:1): vendor ID is Unity
1w4d: ISAKMP (6:1) Authentication by xauth preshared
1w4d: ISAKMP (6:1): Checking ISAKMP transform 0 against priority 1 policy
1w4d: ISAKMP: keylength of 256
1w4d: ISAKMP: encryption AES-CBC
1w4d: ISAKMP: hash SHA
1w4d: ISAKMP: auth XAUTHInitPreShared
1w4d: ISAKMP: default group 2
1w4d: ISAKMP: life type in seconds
1w4d: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:1): Encryption algorithm offered does not match policy!
1w4d: ISAKMP (6:1): atts are not acceptable. Next payload is 3
1w4d: ISAKMP (6:1): Checking ISAKMP transform 1 against priority 1 policy
1w4d: ISAKMP: keylength of 256
1w4d: ISAKMP: encryption AES-CBC
1w4d: ISAKMP: hash MD5
1w4d: ISAKMP: auth XAUTHInitPreShared
1w4d: ISAKMP: default group 2
1w4d: ISAKMP: life type in seconds
1w4d: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:1): Encryption algorithm offered does not match policy!
1w4d: ISAKMP (6:1): atts are not acceptable. Next payload is 3
1w4d: ISAKMP (6:1): Checking ISAKMP transform 2 against priority 1 policy
1w4d: ISAKMP: keylength of 192
1w4d: ISAKMP: encryption AES-CBC
1w4d: ISAKMP: hash SHA
1w4d: ISAKMP: auth XAUTHInitPreShared
1w4d: ISAKMP: default group 2
1w4d: ISAKMP: life type in seconds
1w4d: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:1): Encryption algorithm offered does not match policy!
1w4d: ISAKMP (6:1): atts are not acceptable. Next payload is 3
1w4d: ISAKMP (6:1): Checking ISAKMP transform 3 against priority 1 policy
1w4d: ISAKMP: keylength of 192
1w4d: ISAKMP: encryption AES-CBC
1w4d: ISAKMP: hash MD5
1w4d: ISAKMP: auth XAUTHInitPreShared
1w4d: ISAKMP: default group 2
1w4d: ISAKMP: life type in seconds
1w4d: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:1): Encryption algorithm offered does not match policy!
1w4d: ISAKMP (6:1): atts are not acceptable. Next payload is 3
1w4d: ISAKMP (6:1): Checking ISAKMP transform 4 against priority 1 policy
1w4d: ISAKMP: keylength of 128
1w4d: ISAKMP: encryption AES-CBC
1w4d: ISAKMP: hash SHA
1w4d: ISAKMP: auth XAUTHInitPreShared
1w4d: ISAKMP: default group 2
1w4d: ISAKMP: life type in seconds
1w4d: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:1): Encryption algorithm offered does not match policy!
1w4d: ISAKMP (6:1): atts are not acceptable. Next payload is 3
1w4d: ISAKMP (6:1): Checking ISAKMP transform 5 against priority 1 policy
1w4d: ISAKMP: keylength of 128
1w4d: ISAKMP: encryption AES-CBC
1w4d: ISAKMP: hash MD5
1w4d: ISAKMP: auth XAUTHInitPreShared
1w4d: ISAKMP: default group 2
1w4d: ISAKMP: life type in seconds
1w4d: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:1): Encryption algorithm offered does not match policy!
1w4d: ISAKMP (6:1): atts are not acceptable. Next payload is 3
1w4d: ISAKMP (6:1): Checking ISAKMP transform 6 against priority 1 policy
1w4d: ISAKMP: encryption 3DES-CBC
1w4d: ISAKMP: hash SHA
1w4d: ISAKMP: auth XAUTHInitPreShared
1w4d: ISAKMP: default group 2
1w4d: ISAKMP: life type in seconds
1w4d: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:1): Hash algorithm offered does not match policy!
1w4d: ISAKMP (6:1): atts are not acceptable. Next payload is 3
1w4d: ISAKMP (6:1): Checking ISAKMP transform 7 against priority 1 policy
1w4d: ISAKMP: encryption 3DES-CBC
1w4d: ISAKMP: hash MD5
1w4d: ISAKMP: auth XAUTHInitPreShared
1w4d: ISAKMP: default group 2
1w4d: ISAKMP: life type in seconds
1w4d: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:1): atts are acceptable. Next payload is 0
1w4d: ISAKMP (6:1): processing KE payload. message ID = 0
1w4d: ISAKMP (6:1): processing NONCE payload. message ID = 0
1w4d: ISAKMP (6:1): processing vendor id payload
1w4d: ISAKMP (6:1): vendor ID seems Unity/DPD but major 242 mismatch
1w4d: ISAKMP (6:1): vendor ID is XAUTH
1w4d: ISAKMP (6:1): processing vendor id payload
1w4d: ISAKMP (6:1): vendor ID is Unity
1w4d: ISAKMP (6:1): Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
1w4d: ISAKMP (6:1): Old State = IKE_READY New State = IKE_R_AM_AAA_AWAIT

1w4d: ISAKMP: got callback 1
1w4d: ISAKMP (6:1): SKEYID state generated
1w4d: ISAKMP (6:1): SA is doing pre-shared key authentication plus XAUTH
using id type ID_IPV4_ADDR
1w4d: ISAKMP (1): ID payload
next-payload : 10
type : 1
addr : 220.71.56.100
protocol : 17
port : 0
length : 8
1w4d: ISAKMP (1): Total payload length: 12
1w4d: ISAKMP (6:1): sending packet to 172.31.182.33 my_port 500
peer_port 500 (R) AG_INIT_EXCH
1w4d: ISAKMP (6:1): Input = IKE_MESG_FROM_AAA, PRESHARED_KEY_REPLY
1w4d: ISAKMP (6:1): Old State = IKE_R_AM_AAA_AWAIT New State = IKE_R_AM2

1w4d: ISAKMP (6:1): received packet from 172.31.182.33 dport 500 sport
500 Global (R) AG_INIT_EXCH
1w4d: ISAKMP (6:1): processing HASH payload. message ID = 0
1w4d: ISAKMP (6:1): processing NOTIFY INITIAL_CONTACT protocol 1
spi 0, message ID = 0, sa = 4483BEC0
1w4d: ISAKMP (6:1): Process initial contact,
bring down existing phase 1 and 2 SA's with local 220.71.56.100 remote
172.31.182.33 remote port 500
1w4d: ISAKMP (6:1): returning IP addr to the address pool
1w4d: ISAKMP (6:1): processing vendor id payload
1w4d: ISAKMP (6:1): vendor ID seems Unity/DPD but major 75 mismatch
1w4d: ISAKMP (6:1): processing vendor id payload
1w4d: ISAKMP (6:1): vendor ID is Unity
1w4d: ISAKMP (6:1): SA has been authenticated with 172.31.182.33
1w4d: ISAKMP: Trying to insert a peer 172.31.182.33/500/, and inserted
successfully.
1w4d: ISAKMP: set new node 210601530 to CONF_XAUTH
1w4d: ISAKMP (6:1): sending packet to 172.31.182.33 my_port 500
peer_port 500 (R) QM_IDLE
1w4d: ISAKMP (6:1): purging node 210601530
1w4d: ISAKMP: Sending phase 1 responder lifetime 86400

1w4d: ISAKMP (6:1): Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
1w4d: ISAKMP (6:1): Old State = IKE_R_AM2 New State = IKE_P1_COMPLETE

1w4d: IPSEC(key_engine): got a queue event...
1w4d: Delete IPsec SA by IC, local 220.71.56.100 remote 172.31.182.33
peer port 500
1w4d: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= 220.71.56.100, sa_prot= 50,
sa_spi= 0x47504D95(1196445077),
sa_trans= esp-aes 256 esp-sha-hmac , sa_conn_id= 2000
1w4d: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= 172.31.182.33, sa_prot= 50,
sa_spi= 0xCAEF254C(3404670284),
sa_trans= esp-aes 256 esp-sha-hmac , sa_conn_id= 2001
1w4d: ISAKMP (6:1): Need XAUTH
1w4d: ISAKMP (6:1): Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
1w4d: ISAKMP (6:1): Old State = IKE_P1_COMPLETE New State =
IKE_XAUTH_AAA_START_LOGIN_AWAIT

1w4d: ISAKMP: received ke message (4/1)
1w4d: ISAKMP: Unlocking IPSEC struct 0x447B35E8 notified by IPSec, count 0
1w4d: ISAKMP: returning address 172.31.100.77 to pool
1w4d: ISAKMP: received ke message (3/1)
1w4d: ISAKMP (6:1): Unknown Input: state =
IKE_XAUTH_AAA_START_LOGIN_AWAIT, major, minor = IKE_MESG_FROM_IPSEC,
IKE_PHASE2_DEL

1w4d: ISAKMP: got callback 1
1w4d: ISAKMP: set new node -1532701960 to CONF_XAUTH
1w4d: ISAKMP/xauth: request attribute XAUTH_USER_NAME_V2
1w4d: ISAKMP/xauth: request attribute XAUTH_USER_PASSWORD_V2
1w4d: ISAKMP (6:1): initiating peer config to 172.31.182.33. ID =
-1532701960
1w4d: ISAKMP (6:1): sending packet to 172.31.182.33 my_port 500
peer_port 500 (R) CONF_XAUTH
1w4d: ISAKMP (6:1): Input = IKE_MESG_FROM_AAA, IKE_AAA_START_LOGIN
1w4d: ISAKMP (6:1): Old State = IKE_XAUTH_AAA_START_LOGIN_AWAIT New
State = IKE_XAUTH_REQ_SENT

1w4d: ISAKMP (6:1): received packet from 172.31.182.33 dport 500 sport
500 Global (R) CONF_XAUTH
1w4d: ISAKMP (6:1): processing transaction payload from 172.31.182.33.
message ID = -1532701960
1w4d: ISAKMP: Config payload REPLY
1w4d: ISAKMP/xauth: reply attribute XAUTH_USER_PASSWORD_V2
1w4d: ISAKMP/xauth: reply attribute XAUTH_USER_NAME_V2
1w4d: ISAKMP (6:1): deleting node -1532701960 error FALSE reason "done
with xauth request/reply exchange"
1w4d: ISAKMP (6:1): Input = IKE_MESG_FROM_PEER, IKE_CFG_REPLY
1w4d: ISAKMP (6:1): Old State = IKE_XAUTH_REQ_SENT New State =
IKE_XAUTH_AAA_CONT_LOGIN_AWAIT

1w4d: ISAKMP: got callback 1
1w4d: ISAKMP: set new node 1852532310 to CONF_XAUTH
1w4d: ISAKMP (6:1): initiating peer config to 172.31.182.33. ID = 1852532310
1w4d: ISAKMP (6:1): sending packet to 172.31.182.33 my_port 500
peer_port 500 (R) CONF_XAUTH
1w4d: ISAKMP (6:1): Input = IKE_MESG_FROM_AAA, IKE_AAA_CONT_LOGIN
1w4d: ISAKMP (6:1): Old State = IKE_XAUTH_AAA_CONT_LOGIN_AWAIT New State
= IKE_XAUTH_SET_SENT

1w4d: ISAKMP (6:1): received packet from 172.31.182.33 dport 500 sport
500 Global (R) CONF_XAUTH
1w4d: ISAKMP (6:1): processing transaction payload from 172.31.182.33.
message ID = 1852532310
1w4d: ISAKMP: Config payload ACK
1w4d: ISAKMP (6:1): XAUTH ACK Processed
1w4d: ISAKMP (6:1): deleting node 1852532310 error FALSE reason "done
with transaction"
1w4d: ISAKMP (6:1): Input = IKE_MESG_FROM_PEER, IKE_CFG_ACK
1w4d: ISAKMP (6:1): Old State = IKE_XAUTH_SET_SENT New State =
IKE_P1_COMPLETE

1w4d: ISAKMP (6:1): received packet from 172.31.182.33 dport 500 sport
500 Global (R) QM_IDLE
1w4d: ISAKMP: set new node 481543844 to QM_IDLE
1w4d: ISAKMP (6:1): processing transaction payload from 172.31.182.33.
message ID = 481543844
1w4d: ISAKMP: Config payload REQUEST
1w4d: ISAKMP (6:1): checking request:
1w4d: ISAKMP: IP4_ADDRESS
1w4d: ISAKMP: IP4_NETMASK
1w4d: ISAKMP: IP4_DNS
1w4d: ISAKMP: IP4_NBNS
1w4d: ISAKMP: DEFAULT_DOMAIN
1w4d: ISAKMP: UNKNOWN Unknown Attr: 0x7007
1w4d: ISAKMP: UNKNOWN Unknown Attr: 0x7000
1w4d: ISAKMP: UNKNOWN Unknown Attr: 0x700A
1w4d: ISAKMP: APPLICATION_VERSION
1w4d: ISAKMP (6:1): Input = IKE_MESG_FROM_PEER, IKE_CFG_REQUEST
1w4d: ISAKMP (6:1): Old State = IKE_P1_COMPLETE New State =
IKE_CONFIG_AUTHOR_AAA_AWAIT

1w4d: ISAKMP (6:1): Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
1w4d: ISAKMP (6:1): Old State = IKE_CONFIG_AUTHOR_AAA_AWAIT New State =
IKE_CONFIG_AUTHOR_AAA_AWAIT

1w4d: ISAKMP: got callback 1
1w4d: ISAKMP (6:1): attributes sent in message:
1w4d: Address: 0.2.0.0
1w4d: ISAKMP (6:1): allocating address 172.31.100.81
1w4d: ISAKMP: Sending private address: 172.31.100.81
1w4d: ISAKMP: Sending IP4_DNS server address: 172.31.190.1
1w4d: ISAKMP: Sending IP4_DNS server address: 172.31.191.1
1w4d: ISAKMP: Sending IP4_NBNS server address: 172.31.190.8
1w4d: ISAKMP: Sending IP4_NBNS server address: 172.31.191.8
1w4d: ISAKMP: Sending DEFAULT_DOMAIN default domain name: nexg.net
1w4d: ISAKMP (6/1): Unknown Attr: UNKNOWN (0x7007)
1w4d: ISAKMP (6/1): Unknown Attr: UNKNOWN (0x7000)
1w4d: ISAKMP (6/1): Unknown Attr: UNKNOWN (0x700A)
1w4d: ISAKMP: Sending APPLICATION_VERSION string: Cisco Internetwork
Operating System Software
IOS (tm) RSP Software (RSP-IK9O3SV-M), Version 12.2(15)T14, RELEASE
SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Sat 28-Aug-04 19:14 by cmong
1w4d: ISAKMP (6:1): responding to peer config from 172.31.182.33. ID =
481543844
1w4d: ISAKMP (6:1): sending packet to 172.31.182.33 my_port 500
peer_port 500 (R) CONF_ADDR
1w4d: ISAKMP (6:1): deleting node 481543844 error FALSE reason ""
1w4d: ISAKMP (6:1): Input = IKE_MESG_FROM_AAA, IKE_AAA_GROUP_ATTR
1w4d: ISAKMP (6:1): Old State = IKE_CONFIG_AUTHOR_AAA_AWAIT New State =
IKE_P1_COMPLETE

1w4d: ISAKMP (6:1): received packet from 172.31.182.33 dport 500 sport
500 Global (R) QM_IDLE
1w4d: ISAKMP: set new node -49322920 to QM_IDLE
1w4d: ISAKMP (6:1): processing HASH payload. message ID = -49322920
1w4d: ISAKMP (6:1): processing SA payload. message ID = -49322920
1w4d: ISAKMP (6:1): Checking IPSec proposal 0
1w4d: ISAKMP: transform 0, ESP_AES
1w4d: ISAKMP: attributes in transform:
1w4d: ISAKMP: key length is 256
1w4d: ISAKMP: encaps is 1
1w4d: ISAKMP: authenticator is HMAC-SHA
1w4d: ISAKMP: SA life type in seconds
1w4d: ISAKMP: SA life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:1): atts are acceptable.
1w4d: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 220.71.56.100, remote= 172.31.182.33,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 172.31.100.81/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-aes 256 esp-sha-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x2
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: ISAKMP (6:1): processing NONCE payload. message ID = -49322920
1w4d: ISAKMP (6:1): processing ID payload. message ID = -49322920
1w4d: ISAKMP (6:1): processing ID payload. message ID = -49322920
1w4d: ISAKMP (6:1): asking for 1 spis from ipsec
1w4d: ISAKMP (6:1): Node -49322920, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
1w4d: ISAKMP (6:1): Old State = IKE_QM_READY New State = IKE_QM_SPI_STARVE
1w4d: IPSEC(key_engine): got a queue event...
1w4d: IPSEC(spi_response): getting spi 1081526423 for SA
from 220.71.56.100 to 172.31.182.33 for prot 3
1w4d: ISAKMP: received ke message (2/1)
1w4d: ISAKMP (6:1): sending packet to 172.31.182.33 my_port 500
peer_port 500 (R) QM_IDLE
1w4d: ISAKMP (6:1): Node -49322920, Input = IKE_MESG_FROM_IPSEC,
IKE_SPI_REPLY
1w4d: ISAKMP (6:1): Old State = IKE_QM_SPI_STARVE New State = IKE_QM_R_QM2
1w4d: ISAKMP (6:1): received packet from 172.31.182.33 dport 500 sport
500 Global (R) QM_IDLE
1w4d: ISAKMP: Locking peer struct 0x4482F598, IPSEC refcount 1 for for
stuff_ke
1w4d: ISAKMP (6:1): Creating IPSec SAs
1w4d: inbound SA from 172.31.182.33 to 220.71.56.100 (f/i) 0/ 0
(proxy 172.31.100.81 to 0.0.0.0)
1w4d: has spi 0x4076C897 and conn_id 2000 and flags 2
1w4d: lifetime of 86400 seconds
1w4d: has client flags 0x0
1w4d: outbound SA from 220.71.56.100 to 172.31.182.33 (f/i) 0/ 0 (proxy
0.0.0.0 to 172.31.100.81 )
1w4d: has spi -1429735299 and conn_id 2001 and flags A
1w4d: lifetime of 86400 seconds
1w4d: has client flags 0x0
1w4d: ISAKMP (6:1): deleting node -49322920 error FALSE reason "quick
mode done (await)"
1w4d: ISAKMP (6:1): Node -49322920, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
1w4d: ISAKMP (6:1): Old State = IKE_QM_R_QM2 New State =
IKE_QM_PHASE2_COMPLETE
1w4d: IPSEC(key_engine): got a queue event...
1w4d: IPSEC(initialize_sas): ,
(key eng. msg.) INBOUND local= 220.71.56.100, remote= 172.31.182.33,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 172.31.100.81/0.0.0.0/0/0 (type=1),
protocol= ESP, transform= esp-aes 256 esp-sha-hmac ,
lifedur= 86400s and 0kb,
spi= 0x4076C897(1081526423), conn_id= 2000, keysize= 256, flags= 0x2
1w4d: IPSEC(initialize_sas): ,
(key eng. msg.) OUTBOUND local= 220.71.56.100, remote= 172.31.182.33,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 172.31.100.81/0.0.0.0/0/0 (type=1),
protocol= ESP, transform= esp-aes 256 esp-sha-hmac ,
lifedur= 86400s and 0kb,
spi= 0xAAC7F87D(2865231997), conn_id= 2001, keysize= 256, flags= 0xA
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(add mtree): src 0.0.0.0, dest 172.31.100.81, dest_port 0

1w4d: IPSEC(create_sa): sa created,
(sa) sa_dest= 220.71.56.100, sa_prot= 50,
sa_spi= 0x4076C897(1081526423),
sa_trans= esp-aes 256 esp-sha-hmac , sa_conn_id= 2000
1w4d: IPSEC(create_sa): sa created,
(sa) sa_dest= 172.31.182.33, sa_prot= 50,
sa_spi= 0xAAC7F87D(2865231997),
sa_trans= esp-aes 256 esp-sha-hmac , sa_conn_id= 2001
1w4d: ISAKMP (6:1): purging node 481543844
1w4d: ISAKMP (6:1): purging node -49322920


== vpnc level 3 log --enable-natt ==

[root [at] localhos trunk]# ./vpnc --debug 3
hex_test: 00010203
vpnc version 0.3.1
S1
S2
S3
using interface tun0
S4
S4.1
i_cookie: 7ab53743 74841d2b
i_nonce: 277084be f6e29fad 8dd88ae4 e27dc876 f7f68059
S4.2
dh_public:
d769cab9 1520a519 b98a51cc fa14793a a2e6244e f7228f2e 0673f4b9 d3812418
ef78d67d 4e360390 5431da11 da6c5506 d017ba59 f6d7f3ed e527faac b59e49fc
dc9d52cd 256b6d98 9fcd4f25 3955d174 35a646e6 a99505ab 3a05714c ec7af33d
e5238b42 502d9084 6674a2ed 989a676b 4fb22844 39ce61be d72aba92 9a88862e
S4.3

sending: ========================>

BEGIN_PARSE
i_cookie: 7ab53743 74841d2b
r_cookie: 00000000 00000000
payload: 01
isakmp_version: 10
exchange_type: 04
flags: 00
message_id: 00000000
len: 00000249
PARSING PAYLOAD type: 01
next_type: 04
length: 014c
sa.doi: 00000001
sa.situation: 00000001
PARSING PAYLOAD type: 02
next_type: 00
length: 0140
p.number: 00
p.prot_id: 01
p.spi_size: 00
length: 08
p.spi:
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 00
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 0100
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0002
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 01
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 0100
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0001
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 02
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 00c0
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0002
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 03
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 00c0
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0001
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 04
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 0080
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0002
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0028
t.number: 05
t.id: 01
t.attributes.type: 000e
t.attributes.u.attr_16: 0080
t.attributes.type: 0001
t.attributes.u.attr_16: 0007
t.attributes.type: 0002
t.attributes.u.attr_16: 0001
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 0024
t.number: 06
t.id: 01
t.attributes.type: 0001
t.attributes.u.attr_16: 0005
t.attributes.type: 0002
t.attributes.u.attr_16: 0002
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 00
length: 0024
t.number: 07
t.id: 01
t.attributes.type: 0001
t.attributes.u.attr_16: 0005
t.attributes.type: 0002
t.attributes.u.attr_16: 0001
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 01
PARSING PAYLOAD type: 04
next_type: 0a
length: 0084
ke.data:
d769cab9 1520a519 b98a51cc fa14793a a2e6244e f7228f2e 0673f4b9 d3812418
ef78d67d 4e360390 5431da11 da6c5506 d017ba59 f6d7f3ed e527faac b59e49fc
dc9d52cd 256b6d98 9fcd4f25 3955d174 35a646e6 a99505ab 3a05714c ec7af33d
e5238b42 502d9084 6674a2ed 989a676b 4fb22844 39ce61be d72aba92 9a88862e
DONE PARSING PAYLOAD type: 04
PARSING PAYLOAD type: 0a
next_type: 05
length: 0018
ke.data: 277084be f6e29fad 8dd88ae4 e27dc876 f7f68059
DONE PARSING PAYLOAD type: 0a
PARSING PAYLOAD type: 05
next_type: 0d
length: 0011
id.type: 0b
id.protocol: 11
id.port: f401
id.data: 76706e63 6c69656e 74
DONE PARSING PAYLOAD type: 05
PARSING PAYLOAD type: 0d
next_type: 0d
length: 000c
ke.data: 09002689 dfd6b712
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 0d
length: 0014
ke.data: 12f5f28c 457168a9 702d9fe2 74cc0100
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 00
length: 0014
ke.data: 90cb8091 3ebb696e 086381b5 ec427b1f
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 00
PARSE_OK

S4.4

BEGIN_PARSE
i_cookie: 7ab53743 74841d2b
r_cookie: 941f91a3 1ade618b
payload: 01
isakmp_version: 10
exchange_type: 04
flags: 00
message_id: 00000000
len: 00000194
PARSING PAYLOAD type: 01
next_type: 0d
length: 0038
sa.doi: 00000001
sa.situation: 00000001
PARSING PAYLOAD type: 02
next_type: 00
length: 002c
p.number: 01
p.prot_id: 01
p.spi_size: 00
length: 01
p.spi:
PARSING PAYLOAD type: 03
next_type: 00
length: 0024
t.number: 01
t.id: 01
t.attributes.type: 0001
t.attributes.u.attr_16: 0005
t.attributes.type: 0002
t.attributes.u.attr_16: 0001
t.attributes.type: 0004
t.attributes.u.attr_16: 0002
t.attributes.type: 0003
t.attributes.u.attr_16: fde9
t.attributes.type: 000b
t.attributes.u.attr_16: 0001
t.attributes.type: 000c
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 01
PARSING PAYLOAD type: 0d
next_type: 0d
length: 0014
ke.data: 12f5f28c 457168a9 702d9fe2 74cc0100
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 0d
length: 0014
ke.data: afcad713 68a1f1c9 6b8696fc 77570100
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 0d
length: 0014
ke.data: 61d836be 1adf618b e4d0088b b86a6612
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 0d
length: 000c
ke.data: 09002689 dfd6b712
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 04
length: 0014
ke.data: 90cb8091 3ebb696e 086381b5 ec427b1f
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 04
next_type: 05
length: 0084
ke.data:
01263ad3 5ffc4a82 a7eb9500 e6d1e4ae b51752fe 4deb1281 2674c9d7 849ca6b0
7eb1b590 4092a1fd 71f1e629 9001fc6a 9e4b9804 e2384691 1a0fe124 92bb4aa2
c937e7b1 0019cd39 ecedf29b eae519a3 bdf827c5 50763177 c2b286b3 81cf9778
9fb2f616 13f04607 d0a37529 aac3f9d0 d2cfce52 e68f09cd 2189ea4c 60564ca9
DONE PARSING PAYLOAD type: 04
PARSING PAYLOAD type: 05
next_type: 0a
length: 000c
id.type: 01
id.protocol: 11
id.port: 0000
id.data: dc473864
DONE PARSING PAYLOAD type: 05
PARSING PAYLOAD type: 0a
next_type: 08
length: 0018
ke.data: 2099733d 56b0453b 7c10b7a4 22092411 24edc81b
DONE PARSING PAYLOAD type: 0a
PARSING PAYLOAD type: 08
next_type: 82
length: 0014
ke.data: 1ecc368c a1df08a7 87d8d889 e947064e
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 82
next_type: 82
length: 0014
ke.data: 29c5b01f 493eaf38 d291cec1 e89b11a3
DONE PARSING PAYLOAD type: 82
PARSING PAYLOAD type: 82
next_type: 00
length: 0014
ke.data: d8f1898e b3ffd0d3 bedffc5d 8967f56f
DONE PARSING PAYLOAD type: 82
PARSING PAYLOAD type: 00
PARSE_OK

IKE SA selected 3des-md5
peer is using type 130 for NAT-Discovery payloads
peer is using type 130 for NAT-Discovery payloads
skeyid: a5c394db 9590de57 36e766e1 d3b4afe2
returned_hash: 5eae6ed4 e93c2ec7 96198807 80ee1326
dh_shared_secret:
75b1f28c 752b919a c647d1cd 903743f6 01c43882 dfc5e620 14e7ae1f 2864951d
e5f3d21c 66fa2ba6 b0d7e1f4 5c704267 ac350f65 8c72c58a 6ea3f634 b977f49e
62350516 5f053852 0ed7e369 e3f691ad d621b66a 263b49e0 58ca56ad 73fd544b
d2a7b5eb aed489ee 9436e9d3 d6f68549 57cd5f94 1a81f99c 096251cb a501e9fb
skeyid_d: d601e999 95d9a446 0132c5b2 5dbd4cd5
skeyid_a: d415ba7b 597a4ff4 ea066811 cc5268c0
skeyid_e: 1c1ad1e9 3bbace4e 6089bf04 1ce44876
enc-key: 7e95f7ec 5f51263a facf8971 93ceef93 eac833e7 f5648cc4
current_iv: 3eb28612 d279847a
S4.5
NAT status: this end behind NAT? YES -- remote end behind NAT? no
size = 128, blksz = 8, padding = 0

sending: ========================>

BEGIN_PARSE
i_cookie: 7ab53743 74841d2b
r_cookie: 941f91a3 1ade618b
payload: 08
isakmp_version: 10
exchange_type: 04
flags: 01
message_id: 00000000
len: 0000009c
PARSING PAYLOAD type: 08
next_type: 0b
length: 0014
ke.data: 5eae6ed4 e93c2ec7 96198807 80ee1326
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0b
next_type: 0d
length: 001c
n.doi: 00000001
n.protocol: 01
n.spi_length: 10
n.type: 6002
n.spi: 7ab53743 74841d2b 941f91a3 1ade618b
n.data:
DONE PARSING PAYLOAD type: 0b
PARSING PAYLOAD type: 0d
next_type: 0d
length: 0014
ke.data: 126e1f57 7291153b 20485f7f 155b4bc8
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 82
length: 0014
ke.data: 12f5f28c 457168a9 702d9fe2 74cc0100
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 82
next_type: 82
length: 0014
ke.data: d8f1898e b3ffd0d3 bedffc5d 8967f56f
DONE PARSING PAYLOAD type: 82
PARSING PAYLOAD type: 82
next_type: 00
length: 0014
ke.data: cfe6e964 a2a13ad5 848c470a 1ad46c67
DONE PARSING PAYLOAD type: 82
PARSING PAYLOAD type: 00
PARSE_OK

initial_iv: 31b2037e 9fbabf87
NAT-T mode, adding non-esp marker
S4.6
S5
S5.1
S5.2

BEGIN_PARSE
i_cookie: 7ab53743 74841d2b
r_cookie: 941f91a3 1ade618b
payload: 08
isakmp_version: 10
exchange_type: 05
flags: 01
message_id: b406fbd7
len: 0000005c
PARSING PAYLOAD type: 08
next_type: 0b
length: 0014
ke.data: 9a533922 4dcd439d 6ecff39a daa44f7c
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0b
next_type: 00
length: 0028
n.doi: 00000001
n.protocol: 01
n.spi_length: 10
n.type: 6000
n.spi: 7ab53743 74841d2b 941f91a3 1ade618b
n.data: 800b0001 000c0004 00015180
DONE PARSING PAYLOAD type: 0b
PARSING PAYLOAD type: 00
PARSE_OK

hashlen: 16
u.hash.length: 16
expected_hash: 9a533922 4dcd439d 6ecff39a daa44f7c
h->u.hash.data: 9a533922 4dcd439d 6ecff39a daa44f7c
got responder liftime notice, ignoring..
S5.2

BEGIN_PARSE
i_cookie: 7ab53743 74841d2b
r_cookie: 941f91a3 1ade618b
payload: 08
isakmp_version: 10
exchange_type: 06
flags: 01
message_id: 1a820f4c
len: 00000044
PARSING PAYLOAD type: 08
next_type: 0e
length: 0014
ke.data: 09ec0366 29e31247 5b873692 90ed8259
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0e
next_type: 00
length: 0010
modecfg.type: 01
t.id: 0000
t.attributes.type: 4089
(not dumping xauth data length)
(not dumping xauth data)
t.attributes.type: 408a
(not dumping xauth data length)
(not dumping xauth data)
DONE PARSING PAYLOAD type: 0e
PARSING PAYLOAD type: 00
PARSE_OK

hashlen: 16
u.hash.length: 16
expected_hash: 09ec0366 29e31247 5b873692 90ed8259
h->u.hash.data: 09ec0366 29e31247 5b873692 90ed8259
S5.3
S5.4
S5.5
size = 50, blksz = 8, padding = 6

sending: ========================>

BEGIN_PARSE
i_cookie: 7ab53743 74841d2b
r_cookie: 941f91a3 1ade618b
payload: 08
isakmp_version: 10
exchange_type: 06
flags: 01
message_id: 1a820f4c
len: 00000054
PARSING PAYLOAD type: 08
next_type: 0e
length: 0014
ke.data: e126f9ed f5dfac9e fc33afad 28268030
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0e
next_type: 00
length: 001e
modecfg.type: 02
t.id: 0000
t.attributes.type: 408a
(not dumping xauth data length)
(not dumping xauth data)
t.attributes.type: 4089
(not dumping xauth data length)
(not dumping xauth data)
DONE PARSING PAYLOAD type: 0e
PARSING PAYLOAD type: 00
PARSE_OK

NAT-T mode, adding non-esp marker
S5.2

BEGIN_PARSE
i_cookie: 7ab53743 74841d2b
r_cookie: 941f91a3 1ade618b
payload: 08
isakmp_version: 10
exchange_type: 06
flags: 01
message_id: 48e16b31
len: 00000044
PARSING PAYLOAD type: 08
next_type: 0e
length: 0014
ke.data: 02772422 c6b341e0 5d3b35c4 ad8d6c8e
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0e
next_type: 00
length: 000c
modecfg.type: 03
t.id: 0000
t.attributes.type: 408f
(not dumping xauth data)
DONE PARSING PAYLOAD type: 0e
PARSING PAYLOAD type: 00
PARSE_OK

hashlen: 16
u.hash.length: 16
expected_hash: 02772422 c6b341e0 5d3b35c4 ad8d6c8e
h->u.hash.data: 02772422 c6b341e0 5d3b35c4 ad8d6c8e
S5.3
S5.6
size = 32, blksz = 8, padding = 0

sending: ========================>

BEGIN_PARSE
i_cookie: 7ab53743 74841d2b
r_cookie: 941f91a3 1ade618b
payload: 08
isakmp_version: 10
exchange_type: 06
flags: 01
message_id: 48e16b31
len: 0000003c
PARSING PAYLOAD type: 08
next_type: 0e
length: 0014
ke.data: 9c58e522 a092ab8f 9eebd419 688cbbf4
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0e
next_type: 00
length: 000c
modecfg.type: 04
t.id: 0000
t.attributes.type: 408f
(not dumping xauth data)
DONE PARSING PAYLOAD type: 0e
PARSING PAYLOAD type: 00
PARSE_OK

NAT-T mode, adding non-esp marker
S5.7
S6
size = 121, blksz = 8, padding = 7

sending: ========================>

BEGIN_PARSE
i_cookie: 7ab53743 74841d2b
r_cookie: 941f91a3 1ade618b
payload: 08
isakmp_version: 10
exchange_type: 06
flags: 01
message_id: 35d09dfa
len: 0000009c
PARSING PAYLOAD type: 08
next_type: 0e
length: 0014
ke.data: 49e1f5c5 a7da63ed 49d0750b 137111e8
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0e
next_type: 00
length: 0065
modecfg.type: 01
t.id: 0014
t.attributes.type: 0001
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
t.attributes.type: 0002
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
t.attributes.type: 0003
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
t.attributes.type: 0004
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
t.attributes.type: 7002
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
t.attributes.type: 7007
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
t.attributes.type: 7000
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
t.attributes.type: 700a
t.attributes.u.lots.length: 0015
t.attributes.u.lots.data: 6c6f6361 6c686f73 742e6c6f 63616c64 6f6d6169 6e
t.attributes.type: 0007
t.attributes.u.lots.length: 0024
t.attributes.u.lots.data:
43697363 6f205379 7374656d 73205650 4e20436c 69656e74 20302e33 2e313a4c
696e7578
DONE PARSING PAYLOAD type: 0e
PARSING PAYLOAD type: 00
PARSE_OK

NAT-T mode, adding non-esp marker

BEGIN_PARSE
i_cookie: 7ab53743 74841d2b
r_cookie: 941f91a3 1ade618b
payload: 08
isakmp_version: 10
exchange_type: 06
flags: 01
message_id: 35d09dfa
len: 0000017c
PARSING PAYLOAD type: 08
next_type: 0e
length: 0014
ke.data: cb5f3e23 19395161 07959ff1 b7c6d43d
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0e
next_type: 00
length: 0149
modecfg.type: 02
t.id: 0014
t.attributes.type: 0001
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: ac1f644d
t.attributes.type: 0003
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: d3e8be01
t.attributes.type: 0003
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: d3e8bf01
t.attributes.type: 0004
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: d3e8be08
t.attributes.type: 0004
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: d3e8bf08
t.attributes.type: 7002
t.attributes.u.lots.length: 0008
t.attributes.u.lots.data: 6e657867 2e6e6574
t.attributes.type: 0007
t.attributes.u.lots.length: 0109
t.attributes.u.lots.data:
43697363 6f20496e 7465726e 6574776f 726b204f 70657261 74696e67 20537973
74656d20 536f6674 77617265 200a494f 53202874 6d292052 53502053 6f667477
61726520 28525350 2d494b39 4f335356 2d4d292c 20566572 73696f6e 2031322e
32283135 29543134 2c205245 4c454153 4520534f 46545741 52452028 66633429
0a546563 686e6963 616c2053 7570706f 72743a20 68747470 3a2f2f77 77772e63
6973636f 2e636f6d 2f746563 68737570 706f7274 0a436f70 79726967 68742028
63292031 3938362d 32303034 20627920 63697363 6f205379 7374656d 732c2049
6e632e0a 436f6d70 696c6564 20536174 2032382d 4175672d 30342031 393a3134
20627920 636d6f6e 67
DONE PARSING PAYLOAD type: 0e
PARSING PAYLOAD type: 00
PARSE_OK

hashlen: 16
u.hash.length: 16
expected_hash: cb5f3e23 19395161 07959ff1 b7c6d43d
h->u.hash.data: cb5f3e23 19395161 07959ff1 b7c6d43d
Remote Application Version: Cisco Internetwork Operating System Software
IOS (tm) RSP Software (RSP-IK9O3SV-M), Version 12.2(15)T14, RELEASE
SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Sat 28-Aug-04 19:14 by cmong
got address 172.31.100.77
S7
S7.1
S7.2
size = 428, blksz = 8, padding = 4

sending: ========================>

BEGIN_PARSE
i_cookie: 7ab53743 74841d2b
r_cookie: 941f91a3 1ade618b
payload: 08
isakmp_version: 10
exchange_type: 20
flags: 01
message_id: 6a2ff90d
len: 000001cc
PARSING PAYLOAD type: 08
next_type: 01
length: 0014
ke.data: cf5eadf6 6450b397 ab5423b9 a8f1fa10
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 01
next_type: 0a
length: 0164
sa.doi: 00000001
sa.situation: 00000001
PARSING PAYLOAD type: 02
next_type: 02
length: 002c
p.number: 00
p.prot_id: 03
p.spi_size: 04
length: 01
p.spi: 73b61893
PARSING PAYLOAD type: 03
next_type: 00
length: 0020
t.number: 00
t.id: 0c
t.attributes.type: 0006
t.attributes.u.attr_16: 0100
t.attributes.type: 0004
t.attributes.u.attr_16: 0003
t.attributes.type: 0005
t.attributes.u.attr_16: 0002
t.attributes.type: 0001
t.attributes.u.attr_16: 0001
t.attributes.type: 0002
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 02
next_type: 02
length: 002c
p.number: 01
p.prot_id: 03
p.spi_size: 04
length: 01
p.spi: 73b61893
PARSING PAYLOAD type: 03
next_type: 00
length: 0020
t.number: 00
t.id: 0c
t.attributes.type: 0006
t.attributes.u.attr_16: 0100
t.attributes.type: 0004
t.attributes.u.attr_16: 0003
t.attributes.type: 0005
t.attributes.u.attr_16: 0001
t.attributes.type: 0001
t.attributes.u.attr_16: 0001
t.attributes.type: 0002
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 02
next_type: 02
length: 002c
p.number: 02
p.prot_id: 03
p.spi_size: 04
length: 01
p.spi: 73b61893
PARSING PAYLOAD type: 03
next_type: 00
length: 0020
t.number: 00
t.id: 0c
t.attributes.type: 0006
t.attributes.u.attr_16: 00c0
t.attributes.type: 0004
t.attributes.u.attr_16: 0003
t.attributes.type: 0005
t.attributes.u.attr_16: 0002
t.attributes.type: 0001
t.attributes.u.attr_16: 0001
t.attributes.type: 0002
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 02
next_type: 02
length: 002c
p.number: 03
p.prot_id: 03
p.spi_size: 04
length: 01
p.spi: 73b61893
PARSING PAYLOAD type: 03
next_type: 00
length: 0020
t.number: 00
t.id: 0c
t.attributes.type: 0006
t.attributes.u.attr_16: 00c0
t.attributes.type: 0004
t.attributes.u.attr_16: 0003
t.attributes.type: 0005
t.attributes.u.attr_16: 0001
t.attributes.type: 0001
t.attributes.u.attr_16: 0001
t.attributes.type: 0002
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 02
next_type: 02
length: 002c
p.number: 04
p.prot_id: 03
p.spi_size: 04
length: 01
p.spi: 73b61893
PARSING PAYLOAD type: 03
next_type: 00
length: 0020
t.number: 00
t.id: 0c
t.attributes.type: 0006
t.attributes.u.attr_16: 0080
t.attributes.type: 0004
t.attributes.u.attr_16: 0003
t.attributes.type: 0005
t.attributes.u.attr_16: 0002
t.attributes.type: 0001
t.attributes.u.attr_16: 0001
t.attributes.type: 0002
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 02
next_type: 02
length: 002c
p.number: 05
p.prot_id: 03
p.spi_size: 04
length: 01
p.spi: 73b61893
PARSING PAYLOAD type: 03
next_type: 00
length: 0020
t.number: 00
t.id: 0c
t.attributes.type: 0006
t.attributes.u.attr_16: 0080
t.attributes.type: 0004
t.attributes.u.attr_16: 0003
t.attributes.type: 0005
t.attributes.u.attr_16: 0001
t.attributes.type: 0001
t.attributes.u.attr_16: 0001
t.attributes.type: 0002
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 02
next_type: 02
length: 0028
p.number: 06
p.prot_id: 03
p.spi_size: 04
length: 01
p.spi: 73b61893
PARSING PAYLOAD type: 03
next_type: 00
length: 001c
t.number: 00
t.id: 03
t.attributes.type: 0004
t.attributes.u.attr_16: 0003
t.attributes.type: 0005
t.attributes.u.attr_16: 0002
t.attributes.type: 0001
t.attributes.u.attr_16: 0001
t.attributes.type: 0002
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 02
next_type: 00
length: 0028
p.number: 07
p.prot_id: 03
p.spi_size: 04
length: 01
p.spi: 73b61893
PARSING PAYLOAD type: 03
next_type: 00
length: 001c
t.number: 00
t.id: 03
t.attributes.type: 0004
t.attributes.u.attr_16: 0003
t.attributes.type: 0005
t.attributes.u.attr_16: 0001
t.attributes.type: 0001
t.attributes.u.attr_16: 0001
t.attributes.type: 0002
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 01
PARSING PAYLOAD type: 0a
next_type: 05
length: 0018
ke.data: b96ffc9d 579bbdfb 304b1ba9 afc64d0f dea7addc
DONE PARSING PAYLOAD type: 0a
PARSING PAYLOAD type: 05
next_type: 05
length: 000c
id.type: 01
id.protocol: 00
id.port: 0000
id.data: ac1f644d
DONE PARSING PAYLOAD type: 05
PARSING PAYLOAD type: 05
next_type: 00
length: 0010
id.type: 04
id.protocol: 00
id.port: 0000
id.data: 00000000 00000000
DONE PARSING PAYLOAD type: 05
PARSING PAYLOAD type: 00
PARSE_OK

NAT-T mode, adding non-esp marker
S7.3

BEGIN_PARSE
i_cookie: 7ab53743 74841d2b
r_cookie: 941f91a3 1ade618b
payload: 08
isakmp_version: 10
exchange_type: 05
flags: 01
message_id: 4da941f9
len: 000001ac
PARSING PAYLOAD type: 08
next_type: 0b
length: 0014
ke.data: bb8225d6 e33f5102 ee46a62f e7a9b2c3
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0b
next_type: 00
length: 0174
n.doi: 00000001
n.protocol: 03
n.spi_length: 04
n.type: 000e
n.spi: 73b61893
n.data:
0a000164 00000001 00000001 00000000 44772240 00000000 4483f378 417057d4
00000000 40459744 01000014 ffffffff 01000014 445216b8 4483f378 44772210
447bf8e8 447bf8e8 00000000 447b35e8 447e69a0 00000000 41723ba8 41723aa4
447e697c ffffffff 0df92f6a 44521690 0df92f6a 00000000 015216e0 445216dc
42ae2af0 00000000 00000000 404589b0 447e6978 447e69a0 42ae2af0 40457c80
447723a4 000001cc 404589b0 445217a0 44772240 445216e0 447bfb1c 4275c7f0
447e69a0 447bf8e8 00000001 0000000c 418bd7ec 4483f378 4483f378 433f0000
43f52d38 447bf8e8 00000001 4483f378 4483f378 417246c4 417064b0 445217a4
447e69a0 4483f378 447e69a0 00000001 0000000c 00000000 000001b0 43f52d44
4483f378 433f0000 43f52d38 447bf8e8 43f529ec 416fcf08 42750f94 0df92f6a
00000012 d3e8b621 43f529ec 445217a8 42750f8c 4275083c 42751930 43f529ec
7ab53743
DONE PARSING PAYLOAD type: 0b
PARSING PAYLOAD type: 00
PARSE_OK

hashlen: 16
u.hash.length: 16
expected_hash: dce28cd5 32d920f5 0bd595de 2949e865
h->u.hash.data: bb8225d6 e33f5102 ee46a62f e7a9b2c3
S7.4
S7.5


---!!!!!!!!! entering phase2_fatal !!!!!!!!!---


size = 32, blksz = 8, padding = 0

sending: ========================>

BEGIN_PARSE
i_cookie: 7ab53743 74841d2b
r_cookie: 941f91a3 1ade618b
payload: 08
isakmp_version: 10
exchange_type: 05
flags: 01
message_id: cd35bc2f
len: 0000003c
PARSING PAYLOAD type: 08
next_type: 0b
length: 0014
ke.data: 7da4d6db 217ddf36 b883a203 fc0e3ab1
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0b
next_type: 00
length: 000c
n.doi: 00000001
n.protocol: 01
n.spi_length: 00
n.type: 0009
n.spi:
n.data:
DONE PARSING PAYLOAD type: 0b
PARSING PAYLOAD type: 00
PARSE_OK

NAT-T mode, adding non-esp marker
size = 48, blksz = 8, padding = 0

sending: ========================>

BEGIN_PARSE
i_cookie: 7ab53743 74841d2b
r_cookie: 941f91a3 1ade618b
payload: 08
isakmp_version: 10
exchange_type: 05
flags: 01
message_id: ca345d00
len: 0000004c
PARSING PAYLOAD type: 08
next_type: 0c
length: 0014
ke.data: 848f144a a99bdc7f f21d06c3 db72759c
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0c
next_type: 00
length: 001c
n.doi: 00000001
n.protocol: 01
n.spi_length: 10
d.num_spi: 0001
d.spi: 7ab53743 74841d2b 941f91a3 1ade618b
DONE PARSING PAYLOAD type: 0c
PARSING PAYLOAD type: 00
PARSE_OK

NAT-T mode, adding non-esp marker
./vpnc: quick mode response rejected: INVALID_MESSAGE_ID
check pfs setting

== cisco ios log --enable-natt ==

1w4d: ISAKMP (6:19): purging node -99056511
1w4d: ISAKMP (6:19): purging node 1006778924
1w4d: ISAKMP (6:19): purging node 882152494
1w4d: ISAKMP (6:19): purging node -301064444
1w4d: ISAKMP (6:19): peer does not do paranoid keepalives.

1w4d: ISAKMP (6:17): peer does not do paranoid keepalives.

1w4d: ISAKMP (6:17): deleting SA reason "death by tree-walk node" state
(R) QM_IDLE (peer 172.31.182.33) input queue 0
1w4d: ISAKMP: set new node 1085304115 to QM_IDLE
1w4d: ISAKMP (6:17): sending packet to 172.31.182.33 my_port 500
peer_port 500 (R) QM_IDLE
1w4d: ISAKMP (6:17): purging node 1085304115
1w4d: ISAKMP (6:17): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
1w4d: ISAKMP (6:17): Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA

1w4d: ISAKMP (6:17): deleting SA reason "" state (R) QM_IDLE (peer
172.31.182.33) input queue 0
1w4d: ISAKMP (6:17): deleting node 1484330726 error FALSE reason ""
1w4d: ISAKMP (6:17): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
1w4d: ISAKMP (6:17): Old State = IKE_DEST_SA New State = IKE_DEST_SA

1w4d: ISAKMP (0:0): received packet from 172.31.182.33 dport 500 sport
500 Global (N) NEW SA
1w4d: ISAKMP: Created a peer struct for 172.31.182.33, peer port 500
1w4d: ISAKMP: Locking peer struct 0x4482F598, IKE refcount 1 for
crypto_ikmp_config_initialize_sa
1w4d: ISAKMP (0:0): Setting client config settings 448172F4
1w4d: ISAKMP (0:0): (Re)Setting client xauth list and state
1w4d: ISAKMP: local port 500, remote port 500
1w4d: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert
sa = 4483F378
1w4d: ISAKMP (6:20): processing SA payload. message ID = 0
1w4d: ISAKMP (6:20): processing ID payload. message ID = 0
1w4d: ISAKMP (6:20): peer matches xauth profile
1w4d: ISAKMP: Looking for a matching key for 172.31.182.33 in default
1w4d: ISAKMP (6:20): (Re)Setting client xauth list userauthen and state
1w4d: ISAKMP (6:20): processing vendor id payload
1w4d: ISAKMP (6:20): vendor ID seems Unity/DPD but major 242 mismatch
1w4d: ISAKMP (6:20): vendor ID is XAUTH
1w4d: ISAKMP (6:20): processing vendor id payload
1w4d: ISAKMP (6:20): vendor ID is Unity
1w4d: ISAKMP (6:20): processing vendor id payload
1w4d: ISAKMP (6:20): vendor ID seems Unity/DPD but major 123 mismatch
1w4d: ISAKMP (6:20): vendor ID is NAT-T v2
1w4d: ISAKMP (6:20) Authentication by xauth preshared
1w4d: ISAKMP (6:20): Checking ISAKMP transform 0 against priority 1 policy
1w4d: ISAKMP: keylength of 256
1w4d: ISAKMP: encryption AES-CBC
1w4d: ISAKMP: hash SHA
1w4d: ISAKMP: auth XAUTHInitPreShared
1w4d: ISAKMP: default group 2
1w4d: ISAKMP: life type in seconds
1w4d: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:20): Encryption algorithm offered does not match policy!
1w4d: ISAKMP (6:20): atts are not acceptable. Next payload is 3
1w4d: ISAKMP (6:20): Checking ISAKMP transform 1 against priority 1 policy
1w4d: ISAKMP: keylength of 256
1w4d: ISAKMP: encryption AES-CBC
1w4d: ISAKMP: hash MD5
1w4d: ISAKMP: auth XAUTHInitPreShared
1w4d: ISAKMP: default group 2
1w4d: ISAKMP: life type in seconds
1w4d: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:20): Encryption algorithm offered does not match policy!
1w4d: ISAKMP (6:20): atts are not acceptable. Next payload is 3
1w4d: ISAKMP (6:20): Checking ISAKMP transform 2 against priority 1 policy
1w4d: ISAKMP: keylength of 192
1w4d: ISAKMP: encryption AES-CBC
1w4d: ISAKMP: hash SHA
1w4d: ISAKMP: auth XAUTHInitPreShared
1w4d: ISAKMP: default group 2
1w4d: ISAKMP: life type in seconds
1w4d: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:20): Encryption algorithm offered does not match policy!
1w4d: ISAKMP (6:20): atts are not acceptable. Next payload is 3
1w4d: ISAKMP (6:20): Checking ISAKMP transform 3 against priority 1 policy
1w4d: ISAKMP: keylength of 192
1w4d: ISAKMP: encryption AES-CBC
1w4d: ISAKMP: hash MD5
1w4d: ISAKMP: auth XAUTHInitPreShared
1w4d: ISAKMP: default group 2
1w4d: ISAKMP: life type in seconds
1w4d: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:20): Encryption algorithm offered does not match policy!
1w4d: ISAKMP (6:20): atts are not acceptable. Next payload is 3
1w4d: ISAKMP (6:20): Checking ISAKMP transform 4 against priority 1 policy
1w4d: ISAKMP: keylength of 128
1w4d: ISAKMP: encryption AES-CBC
1w4d: ISAKMP: hash SHA
1w4d: ISAKMP: auth XAUTHInitPreShared
1w4d: ISAKMP: default group 2
1w4d: ISAKMP: life type in seconds
1w4d: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:20): Encryption algorithm offered does not match policy!
1w4d: ISAKMP (6:20): atts are not acceptable. Next payload is 3
1w4d: ISAKMP (6:20): Checking ISAKMP transform 5 against priority 1 policy
1w4d: ISAKMP: keylength of 128
1w4d: ISAKMP: encryption AES-CBC
1w4d: ISAKMP: hash MD5
1w4d: ISAKMP: auth XAUTHInitPreShared
1w4d: ISAKMP: default group 2
1w4d: ISAKMP: life type in seconds
1w4d: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:20): Encryption algorithm offered does not match policy!
1w4d: ISAKMP (6:20): atts are not acceptable. Next payload is 3
1w4d: ISAKMP (6:20): Checking ISAKMP transform 6 against priority 1 policy
1w4d: ISAKMP: encryption 3DES-CBC
1w4d: ISAKMP: hash SHA
1w4d: ISAKMP: auth XAUTHInitPreShared
1w4d: ISAKMP: default group 2
1w4d: ISAKMP: life type in seconds
1w4d: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:20): Hash algorithm offered does not match policy!
1w4d: ISAKMP (6:20): atts are not acceptable. Next payload is 3
1w4d: ISAKMP (6:20): Checking ISAKMP transform 7 against priority 1 policy
1w4d: ISAKMP: encryption 3DES-CBC
1w4d: ISAKMP: hash MD5
1w4d: ISAKMP: auth XAUTHInitPreShared
1w4d: ISAKMP: default group 2
1w4d: ISAKMP: life type in seconds
1w4d: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:20): atts are acceptable. Next payload is 0
1w4d: ISAKMP (6:20): processing KE payload. message ID = 0
1w4d: ISAKMP (6:20): processing NONCE payload. message ID = 0
1w4d: ISAKMP (6:20): processing vendor id payload
1w4d: ISAKMP (6:20): vendor ID seems Unity/DPD but major 242 mismatch
1w4d: ISAKMP (6:20): vendor ID is XAUTH
1w4d: ISAKMP (6:20): processing vendor id payload
1w4d: ISAKMP (6:20): vendor ID is Unity
1w4d: ISAKMP (6:20): processing vendor id payload
1w4d: ISAKMP (6:20): vendor ID seems Unity/DPD but major 123 mismatch
1w4d: ISAKMP (6:20): vendor ID is NAT-T v2
1w4d: ISAKMP (6:20): Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
1w4d: ISAKMP (6:20): Old State = IKE_READY New State = IKE_R_AM_AAA_AWAIT

1w4d: ISAKMP (6:19): purging SA., sa=4483E188, delme=4483E188
1w4d: ISAKMP (6:19): purging node -2047324125
1w4d: ISAKMP (6:19): purging node 1503627278
1w4d: ISAKMP (6:19): returning address 172.31.100.79 to pool
1w4d: ISAKMP: Unlocking IKE struct 0x447B85F0 for declare_sa_dead(), count 0
1w4d: ISAKMP: returning address 172.31.100.79 to pool
1w4d: ISAKMP: got callback 1
1w4d: ISAKMP (6:20): SKEYID state generated
1w4d: ISAKMP (6:20): constructed NAT-T vendor-02 ID
1w4d: ISAKMP (6:20): SA is doing pre-shared key authentication plus
XAUTH using id type ID_IPV4_ADDR
1w4d: ISAKMP (20): ID payload
next-payload : 10
type : 1
addr : 220.71.56.100
protocol : 17
port : 0
length : 8
1w4d: ISAKMP (20): Total payload length: 12
1w4d: ISAKMP (6:20): constructed HIS NAT-D
1w4d: ISAKMP (6:20): constructed MINE NAT-D
1w4d: ISAKMP (6:20): sending packet to 172.31.182.33 my_port 500
peer_port 500 (R) AG_INIT_EXCH
1w4d: ISAKMP (6:20): Input = IKE_MESG_FROM_AAA, PRESHARED_KEY_REPLY
1w4d: ISAKMP (6:20): Old State = IKE_R_AM_AAA_AWAIT New State = IKE_R_AM2

1w4d: ISAKMP (6:20): received packet from 172.31.182.33 dport 4500 sport
4500 Global (R) AG_INIT_EXCH
1w4d: ISAKMP (6:20): processing HASH payload. message ID = 0
1w4d: ISAKMP (6:20): processing NOTIFY INITIAL_CONTACT protocol 1
spi 0, message ID = 0, sa = 4483F378
1w4d: ISAKMP (6:20): Process initial contact,
bring down existing phase 1 and 2 SA's with local 220.71.56.100 remote
172.31.182.33 remote port 4500
1w4d: ISAKMP (6:20): returning IP addr to the address pool
1w4d: ISAKMP (6:20): processing vendor id payload
1w4d: ISAKMP (6:20): vendor ID seems Unity/DPD but major 75 mismatch
1w4d: ISAKMP (6:20): processing vendor id payload
1w4d: ISAKMP (6:20): vendor ID is Unity
1w4d: ISAKMP:received payload type 17
1w4d: ISAKMP (6:20): Detected NAT-D payload
1w4d: ISAKMP (6:20): recalc my hash for NAT-D
1w4d: ISAKMP (6:20): NAT does not match MINE hash
1w4d: hash received: 39 56 B1 BA C3 20 93 39 24 1B 2F 1D 7 E6 EC 4F
1w4d: my nat hash : A AE 54 3C A4 78 50 70 3E 79 A3 4E C8 20 9A F0
1w4d: ISAKMP:received payload type 17
1w4d: ISAKMP (6:20): Detected NAT-D payload
1w4d: ISAKMP (6:20): recalc his hash for NAT-D
1w4d: ISAKMP (6:20): NAT does not match HIS hash
1w4d: hash received: 24 A9 1D 5B 21 4F 20 2E C1 DF 40 0 49 5F 2B B6
1w4d: his nat hash : E0 4D 71 5A 2B 92 7 FE F7 D4 A3 F 3 DC 55 43
1w4d: ISAKMP (6:20): SA has been authenticated with 172.31.182.33
1w4d: ISAKMP (6:20): Detected port floating to port = 4500
1w4d: ISAKMP: Trying to insert a peer 172.31.182.33/4500/, and inserted
successfully.
1w4d: ISAKMP: set new node 1936544648 to CONF_XAUTH
1w4d: ISAKMP (6:20): sending packet to 172.31.182.33 my_port 4500
peer_port 4500 (R) QM_IDLE
1w4d: ISAKMP (6:20): purging node 1936544648
1w4d: ISAKMP: Sending phase 1 responder lifetime 86400

1w4d: ISAKMP (6:20): Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
1w4d: ISAKMP (6:20): Old State = IKE_R_AM2 New State = IKE_P1_COMPLETE

1w4d: IPSEC(key_engine): got a queue event...
1w4d: ISAKMP (6:20): Need XAUTH
1w4d: ISAKMP (6:20): Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
1w4d: ISAKMP (6:20): Old State = IKE_P1_COMPLETE New State =
IKE_XAUTH_AAA_START_LOGIN_AWAIT

1w4d: ISAKMP: got callback 1
1w4d: ISAKMP: set new node 1495601336 to CONF_XAUTH
1w4d: ISAKMP/xauth: request attribute XAUTH_USER_NAME_V2
1w4d: ISAKMP/xauth: request attribute XAUTH_USER_PASSWORD_V2
1w4d: ISAKMP (6:20): initiating peer config to 172.31.182.33. ID =
1495601336
1w4d: ISAKMP (6:20): sending packet to 172.31.182.33 my_port 4500
peer_port 4500 (R) CONF_XAUTH
1w4d: ISAKMP (6:20): Input = IKE_MESG_FROM_AAA, IKE_AAA_START_LOGIN
1w4d: ISAKMP (6:20): Old State = IKE_XAUTH_AAA_START_LOGIN_AWAIT New
State = IKE_XAUTH_REQ_SENT

1w4d: ISAKMP (6:20): received packet from 172.31.182.33 dport 4500 sport
4500 Global (R) CONF_XAUTH
1w4d: ISAKMP (6:20): processing transaction payload from 172.31.182.33.
message ID = 1495601336
1w4d: ISAKMP: Config payload REPLY
1w4d: ISAKMP/xauth: reply attribute XAUTH_USER_PASSWORD_V2
1w4d: ISAKMP/xauth: reply attribute XAUTH_USER_NAME_V2
1w4d: ISAKMP (6:20): deleting node 1495601336 error FALSE reason "done
with xauth request/reply exchange"
1w4d: ISAKMP (6:20): Input = IKE_MESG_FROM_PEER, IKE_CFG_REPLY
1w4d: ISAKMP (6:20): Old State = IKE_XAUTH_REQ_SENT New State =
IKE_XAUTH_AAA_CONT_LOGIN_AWAIT

1w4d: ISAKMP: got callback 1
1w4d: ISAKMP: set new node 15838531 to CONF_XAUTH
1w4d: ISAKMP (6:20): initiating peer config to 172.31.182.33. ID = 15838531
1w4d: ISAKMP (6:20): sending packet to 172.31.182.33 my_port 4500
peer_port 4500 (R) CONF_XAUTH
1w4d: ISAKMP (6:20): Input = IKE_MESG_FROM_AAA, IKE_AAA_CONT_LOGIN
1w4d: ISAKMP (6:20): Old State = IKE_XAUTH_AAA_CONT_LOGIN_AWAIT New
State = IKE_XAUTH_SET_SENT

1w4d: ISAKMP (6:20): received packet from 172.31.182.33 dport 4500 sport
4500 Global (R) CONF_XAUTH
1w4d: ISAKMP (6:20): processing transaction payload from 172.31.182.33.
message ID = 15838531
1w4d: ISAKMP: Config payload ACK
1w4d: ISAKMP (6:20): XAUTH ACK Processed
1w4d: ISAKMP (6:20): deleting node 15838531 error FALSE reason "done
with transaction"
1w4d: ISAKMP (6:20): Input = IKE_MESG_FROM_PEER, IKE_CFG_ACK
1w4d: ISAKMP (6:20): Old State = IKE_XAUTH_SET_SENT New State =
IKE_P1_COMPLETE

1w4d: ISAKMP (6:20): received packet from 172.31.182.33 dport 4500 sport
4500 Global (R) QM_IDLE
1w4d: ISAKMP: set new node -1736919248 to QM_IDLE
1w4d: ISAKMP (6:20): processing transaction payload from 172.31.182.33.
message ID = -1736919248
1w4d: ISAKMP: Config payload REQUEST
1w4d: ISAKMP (6:20): checking request:
1w4d: ISAKMP: IP4_ADDRESS
1w4d: ISAKMP: IP4_NETMASK
1w4d: ISAKMP: IP4_DNS
1w4d: ISAKMP: IP4_NBNS
1w4d: ISAKMP: DEFAULT_DOMAIN
1w4d: ISAKMP: UNKNOWN Unknown Attr: 0x7007
1w4d: ISAKMP: UNKNOWN Unknown Attr: 0x7000
1w4d: ISAKMP: UNKNOWN Unknown Attr: 0x700A
1w4d: ISAKMP: APPLICATION_VERSION
1w4d: ISAKMP (6:20): Input = IKE_MESG_FROM_PEER, IKE_CFG_REQUEST
1w4d: ISAKMP (6:20): Old State = IKE_P1_COMPLETE New State =
IKE_CONFIG_AUTHOR_AAA_AWAIT

1w4d: ISAKMP (6:20): Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
1w4d: ISAKMP (6:20): Old State = IKE_CONFIG_AUTHOR_AAA_AWAIT New State =
IKE_CONFIG_AUTHOR_AAA_AWAIT

1w4d: ISAKMP: got callback 1
1w4d: ISAKMP (6:20): attributes sent in message:
1w4d: Address: 0.2.0.0
1w4d: ISAKMP (6:20): allocating address 172.31.100.80
1w4d: ISAKMP: Sending private address: 172.31.100.80
1w4d: ISAKMP: Sending IP4_DNS server address: 172.31.190.1
1w4d: ISAKMP: Sending IP4_DNS server address: 172.31.191.1
1w4d: ISAKMP: Sending IP4_NBNS server address: 172.31.190.8
1w4d: ISAKMP: Sending IP4_NBNS server address: 172.31.191.8
1w4d: ISAKMP: Sending DEFAULT_DOMAIN default domain name: nexg.net
1w4d: ISAKMP (6/20): Unknown Attr: UNKNOWN (0x7007)
1w4d: ISAKMP (6/20): Unknown Attr: UNKNOWN (0x7000)
1w4d: ISAKMP (6/20): Unknown Attr: UNKNOWN (0x700A)
1w4d: ISAKMP: Sending APPLICATION_VERSION string: Cisco Internetwork
Operating System Software
IOS (tm) RSP Software (RSP-IK9O3SV-M), Version 12.2(15)T14, RELEASE
SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Sat 28-Aug-04 19:14 by cmong
1w4d: ISAKMP (6:20): responding to peer config from 172.31.182.33. ID =
-1736919248
1w4d: ISAKMP (6:20): sending packet to 172.31.182.33 my_port 4500
peer_port 4500 (R) CONF_ADDR
1w4d: ISAKMP (6:20): deleting node -1736919248 error FALSE reason ""
1w4d: ISAKMP (6:20): Input = IKE_MESG_FROM_AAA, IKE_AAA_GROUP_ATTR
1w4d: ISAKMP (6:20): Old State = IKE_CONFIG_AUTHOR_AAA_AWAIT New State =
IKE_P1_COMPLETE

1w4d: ISAKMP (6:20): received packet from 172.31.182.33 dport 4500 sport
4500 Global (R) QM_IDLE
1w4d: ISAKMP: set new node -822247518 to QM_IDLE
1w4d: ISAKMP (6:20): processing HASH payload. message ID = -822247518
1w4d: ISAKMP (6:20): processing SA payload. message ID = -822247518
1w4d: ISAKMP (6:20): Checking IPSec proposal 0
1w4d: ISAKMP: transform 0, ESP_AES
1w4d: ISAKMP: attributes in transform:
1w4d: ISAKMP: key length is 256
1w4d: ISAKMP: encaps is 3
1w4d: ISAKMP: authenticator is HMAC-SHA
1w4d: ISAKMP: SA life type in seconds
1w4d: ISAKMP: SA life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:20): atts are acceptable.
1w4d: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 220.71.56.100, remote= 172.31.182.33,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 172.31.100.80/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-aes 256 esp-sha-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(validate_transform_proposal): invalid transform proposal
flags -- 0x0
1w4d: ISAKMP (6:20): IPSec policy invalidated proposal
1w4d: ISAKMP (6:20): Checking IPSec proposal 1
1w4d: ISAKMP: transform 0, ESP_AES
1w4d: ISAKMP: attributes in transform:
1w4d: ISAKMP: key length is 256
1w4d: ISAKMP: encaps is 3
1w4d: ISAKMP: authenticator is HMAC-MD5
1w4d: ISAKMP: SA life type in seconds
1w4d: ISAKMP: SA life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:20): atts are acceptable.
1w4d: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 220.71.56.100, remote= 172.31.182.33,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 172.31.100.80/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-aes 256 esp-md5-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(validate_transform_proposal): invalid transform proposal
flags -- 0x0
1w4d: ISAKMP (6:20): IPSec policy invalidated proposal
1w4d: ISAKMP (6:20): Checking IPSec proposal 2
1w4d: ISAKMP: transform 0, ESP_AES
1w4d: ISAKMP: attributes in transform:
1w4d: ISAKMP: key length is 192
1w4d: ISAKMP: encaps is 3
1w4d: ISAKMP: authenticator is HMAC-SHA
1w4d: ISAKMP: SA life type in seconds
1w4d: ISAKMP: SA life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:20): atts are acceptable.
1w4d: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 220.71.56.100, remote= 172.31.182.33,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 172.31.100.80/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-aes 192 esp-sha-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 192, flags= 0x0
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(validate_transform_proposal): transform proposal not
supported for identity:
{esp-aes 192 esp-sha-hmac }
1w4d: ISAKMP (6:20): IPSec policy invalidated proposal
1w4d: ISAKMP (6:20): Checking IPSec proposal 3
1w4d: ISAKMP: transform 0, ESP_AES
1w4d: ISAKMP: attributes in transform:
1w4d: ISAKMP: key length is 192
1w4d: ISAKMP: encaps is 3
1w4d: ISAKMP: authenticator is HMAC-MD5
1w4d: ISAKMP: SA life type in seconds
1w4d: ISAKMP: SA life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:20): atts are acceptable.
1w4d: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 220.71.56.100, remote= 172.31.182.33,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 172.31.100.80/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-aes 192 esp-md5-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 192, flags= 0x0
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(validate_transform_proposal): transform proposal not
supported for identity:
{esp-aes 192 esp-md5-hmac }
1w4d: ISAKMP (6:20): IPSec policy invalidated proposal
1w4d: ISAKMP (6:20): Checking IPSec proposal 4
1w4d: ISAKMP: transform 0, ESP_AES
1w4d: ISAKMP: attributes in transform:
1w4d: ISAKMP: key length is 128
1w4d: ISAKMP: encaps is 3
1w4d: ISAKMP: authenticator is HMAC-SHA
1w4d: ISAKMP: SA life type in seconds
1w4d: ISAKMP: SA life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:20): atts are acceptable.
1w4d: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 220.71.56.100, remote= 172.31.182.33,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 172.31.100.80/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-aes esp-sha-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(validate_transform_proposal): transform proposal not
supported for identity:
{esp-aes esp-sha-hmac }
1w4d: ISAKMP (6:20): IPSec policy invalidated proposal
1w4d: ISAKMP (6:20): Checking IPSec proposal 5
1w4d: ISAKMP: transform 0, ESP_AES
1w4d: ISAKMP: attributes in transform:
1w4d: ISAKMP: key length is 128
1w4d: ISAKMP: encaps is 3
1w4d: ISAKMP: authenticator is HMAC-MD5
1w4d: ISAKMP: SA life type in seconds
1w4d: ISAKMP: SA life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:20): atts are acceptable.
1w4d: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 220.71.56.100, remote= 172.31.182.33,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 172.31.100.80/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-aes esp-md5-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(validate_transform_proposal): transform proposal not
supported for identity:
{esp-aes esp-md5-hmac }
1w4d: ISAKMP (6:20): IPSec policy invalidated proposal
1w4d: ISAKMP (6:20): Checking IPSec proposal 6
1w4d: ISAKMP: transform 0, ESP_3DES
1w4d: ISAKMP: attributes in transform:
1w4d: ISAKMP: encaps is 3
1w4d: ISAKMP: authenticator is HMAC-SHA
1w4d: ISAKMP: SA life type in seconds
1w4d: ISAKMP: SA life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:20): atts are acceptable.
1w4d: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 220.71.56.100, remote= 172.31.182.33,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 172.31.100.80/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-3des esp-sha-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(validate_transform_proposal): invalid transform proposal
flags -- 0x0
1w4d: ISAKMP (6:20): IPSec policy invalidated proposal
1w4d: ISAKMP (6:20): Checking IPSec proposal 7
1w4d: ISAKMP: transform 0, ESP_3DES
1w4d: ISAKMP: attributes in transform:
1w4d: ISAKMP: encaps is 3
1w4d: ISAKMP: authenticator is HMAC-MD5
1w4d: ISAKMP: SA life type in seconds
1w4d: ISAKMP: SA life duration (VPI) of 0x0 0x1 0x51 0x80
1w4d: ISAKMP (6:20): atts are acceptable.
1w4d: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 220.71.56.100, remote= 172.31.182.33,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 172.31.100.80/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-3des esp-md5-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
1w4d: IPSEC(validate_transform_proposal): invalid transform proposal
flags -- 0x0
1w4d: ISAKMP (6:20): IPSec policy invalidated proposal
1w4d: ISAKMP (6:20): phase 2 SA policy not acceptable! (local
220.71.56.100 remote 172.31.182.33)
1w4d: ISAKMP: set new node 1969216900 to QM_IDLE
1w4d: ISAKMP (6:20): sending packet to 172.31.182.33 my_port 4500
peer_port 4500 (R) QM_IDLE
1w4d: ISAKMP (6:20): purging node 1969216900
1w4d: ISAKMP (6:20): Node -822247518, Input = IKE_MESG_FROM_PEER,
IKE_QM_EXCH
1w4d: ISAKMP (6:20): Old State = IKE_QM_READY New State = IKE_QM_READY
1w4d: ISAKMP (6:20): received packet from 172.31.182.33 dport 4500 sport
4500 Global (R) QM_IDLE
1w4d: ISAKMP: set new node 1083714183 to QM_IDLE
1w4d: ISAKMP (6:20): processing HASH payload. message ID = 1083714183
1w4d: ISAKMP (6:20): processing NOTIFY INVALID_MESSAGE_ID protocol 1
spi 0, message ID = 1083714183, sa = 4483F378
1w4d: ISAKMP (6:20): incrementing error counter on sa: some bad notify
1w4d: ISAKMP (6:20): deleting node 1083714183 error FALSE reason
"informational (in) state 2"
1w4d: ISAKMP (6:20): Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
1w4d: ISAKMP (6:20): Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

1w4d: ISAKMP (6:20): received packet from 172.31.182.33 dport 4500 sport
4500 Global (R) QM_IDLE
1w4d: ISAKMP: set new node -763456303 to QM_IDLE
1w4d: ISAKMP (6:20): processing HASH payload. message ID = -763456303
1w4d: ISAKMP (6:20): processing DELETE payload. message ID = -763456303
1w4d: ISAKMP (6:20): peer does not do paranoid keepalives.

1w4d: ISAKMP (6:20): deleting SA reason "P1 delete notify (in)" state
(R) QM_IDLE (peer 172.31.182.33) input queue 0
1w4d: ISAKMP (6:20): deleting node -763456303 error FALSE reason
"informational (in) state 1"
1w4d: ISAKMP (6:20): Input = IKE_MESG_FROM_PEER, IKE_INFO_DELETE
1w4d: ISAKMP (6:20): Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

1w4d: ISAKMP (6:20): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
1w4d: ISAKMP (6:20): Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA

1w4d: ISAKMP (6:20): deleting SA reason "" state (R) QM_IDLE (peer
172.31.182.33) input queue 0
1w4d: ISAKMP (6:20): deleting node -822247518 error FALSE reason ""
1w4d: ISAKMP (6:20): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
1w4d: ISAKMP (6:20): Old State = IKE_DEST_SA New State = IKE_DEST_SA


massar at unix-ag

Nov 17, 2004, 7:42 PM

Post #8 of 11 (1440 views)
Permalink
nat-t problem with cisco ios [In reply to]
hi,

On Sun, Nov 14, 2004 at 10:22:26PM +0900, Ju min su wrote:
> Maurice Massar ? ?:
>
> >
> >maybe IOS does not like that vpnc responds to type 0x82 NAT-Discovery
> >payloads with type 0x0F NAT-D payloads.
> >
> >Try revision 35 please, I changed vpnc to always respond using the same
> >type as the peer.
> >
> >
> >
> ok.. i think almost done..
> thank you.. but not finished.. :)
>
> with-natt still fail..

I had no idea why IOS was rejecting the NAT-T IPSec Proposal,
but accepting the one without NAT-T, as these to should be the same..
until it occured to me that the encapsulation mode is part of the
proposal. There are not only two numbers for NAT-D payloads, for
the encapsulation mode there are two differend numbers too.

try svn revision 37 (o:

cu
maurice


minsuj at electrang

Nov 17, 2004, 8:33 PM

Post #9 of 11 (1444 views)
Permalink
nat-t problem with cisco ios [In reply to]
Maurice Massar ? ?:

>
>I had no idea why IOS was rejecting the NAT-T IPSec Proposal,
>but accepting the one without NAT-T, as these to should be the same..
>until it occured to me that the encapsulation mode is part of the
>proposal. There are not only two numbers for NAT-D payloads, for
>the encapsulation mode there are two differend numbers too.
>
>try svn revision 37 (o:
>
>
>
ok. i think almost done.. but at last vpnc aborted..

thank in advance..


== snip ==

S7
S7.1
S7.2
size = 428, blksz = 8, padding = 4

sending: ========================>

BEGIN_PARSE
i_cookie: 43903c8a e2bc2220
r_cookie: 42c6e2cf 2b6d4980
payload: 08
isakmp_version: 10
exchange_type: 20
flags: 01
message_id: 9109d64c
len: 000001cc
PARSING PAYLOAD type: 08
next_type: 01
length: 0014
ke.data: add615c5 813514eb 980692de 99f37c09
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 01
next_type: 0a
length: 0164
sa.doi: 00000001
sa.situation: 00000001
PARSING PAYLOAD type: 02
next_type: 02
length: 002c
p.number: 00
p.prot_id: 03
p.spi_size: 04
length: 01
p.spi: ff4bac82
PARSING PAYLOAD type: 03
next_type: 00
length: 0020
t.number: 00
t.id: 0c
t.attributes.type: 0006
t.attributes.u.attr_16: 0100
t.attributes.type: 0004
t.attributes.u.attr_16: f003
t.attributes.type: 0005
t.attributes.u.attr_16: 0002
t.attributes.type: 0001
t.attributes.u.attr_16: 0001
t.attributes.type: 0002
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 02
next_type: 02
length: 002c
p.number: 01
p.prot_id: 03
p.spi_size: 04
length: 01
p.spi: ff4bac82
PARSING PAYLOAD type: 03
next_type: 00
length: 0020
t.number: 00
t.id: 0c
t.attributes.type: 0006
t.attributes.u.attr_16: 0100
t.attributes.type: 0004
t.attributes.u.attr_16: f003
t.attributes.type: 0005
t.attributes.u.attr_16: 0001
t.attributes.type: 0001
t.attributes.u.attr_16: 0001
t.attributes.type: 0002
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 02
next_type: 02
length: 002c
p.number: 02
p.prot_id: 03
p.spi_size: 04
length: 01
p.spi: ff4bac82
PARSING PAYLOAD type: 03
next_type: 00
length: 0020
t.number: 00
t.id: 0c
t.attributes.type: 0006
t.attributes.u.attr_16: 00c0
t.attributes.type: 0004
t.attributes.u.attr_16: f003
t.attributes.type: 0005
t.attributes.u.attr_16: 0002
t.attributes.type: 0001
t.attributes.u.attr_16: 0001
t.attributes.type: 0002
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 02
next_type: 02
length: 002c
p.number: 03
p.prot_id: 03
p.spi_size: 04
length: 01
p.spi: ff4bac82
PARSING PAYLOAD type: 03
next_type: 00
length: 0020
t.number: 00
t.id: 0c
t.attributes.type: 0006
t.attributes.u.attr_16: 00c0
t.attributes.type: 0004
t.attributes.u.attr_16: f003
t.attributes.type: 0005
t.attributes.u.attr_16: 0001
t.attributes.type: 0001
t.attributes.u.attr_16: 0001
t.attributes.type: 0002
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 02
next_type: 02
length: 002c
p.number: 04
p.prot_id: 03
p.spi_size: 04
length: 01
p.spi: ff4bac82
PARSING PAYLOAD type: 03
next_type: 00
length: 0020
t.number: 00
t.id: 0c
t.attributes.type: 0006
t.attributes.u.attr_16: 0080
t.attributes.type: 0004
t.attributes.u.attr_16: f003
t.attributes.type: 0005
t.attributes.u.attr_16: 0002
t.attributes.type: 0001
t.attributes.u.attr_16: 0001
t.attributes.type: 0002
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 02
next_type: 02
length: 002c
p.number: 05
p.prot_id: 03
p.spi_size: 04
length: 01
p.spi: ff4bac82
PARSING PAYLOAD type: 03
next_type: 00
length: 0020
t.number: 00
t.id: 0c
t.attributes.type: 0006
t.attributes.u.attr_16: 0080
t.attributes.type: 0004
t.attributes.u.attr_16: f003
t.attributes.type: 0005
t.attributes.u.attr_16: 0001
t.attributes.type: 0001
t.attributes.u.attr_16: 0001
t.attributes.type: 0002
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 02
next_type: 02
length: 0028
p.number: 06
p.prot_id: 03
p.spi_size: 04
length: 01
p.spi: ff4bac82
PARSING PAYLOAD type: 03
next_type: 00
length: 001c
t.number: 00
t.id: 03
t.attributes.type: 0004
t.attributes.u.attr_16: f003
t.attributes.type: 0005
t.attributes.u.attr_16: 0002
t.attributes.type: 0001
t.attributes.u.attr_16: 0001
t.attributes.type: 0002
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 02
next_type: 00
length: 0028
p.number: 07
p.prot_id: 03
p.spi_size: 04
length: 01
p.spi: ff4bac82
PARSING PAYLOAD type: 03
next_type: 00
length: 001c
t.number: 00
t.id: 03
t.attributes.type: 0004
t.attributes.u.attr_16: f003
t.attributes.type: 0005
t.attributes.u.attr_16: 0001
t.attributes.type: 0001
t.attributes.u.attr_16: 0001
t.attributes.type: 0002
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 01
PARSING PAYLOAD type: 0a
next_type: 05
length: 0018
ke.data: 3bb4573d 3f13ec79 9fb40052 11e45759 d89d4e3c
DONE PARSING PAYLOAD type: 0a
PARSING PAYLOAD type: 05
next_type: 05
length: 000c
id.type: 01
id.protocol: 00
id.port: 0000
id.data: ac1f6413
DONE PARSING PAYLOAD type: 05
PARSING PAYLOAD type: 05
next_type: 00
length: 0010
id.type: 04
id.protocol: 00
id.port: 0000
id.data: 00000000 00000000
DONE PARSING PAYLOAD type: 05
PARSING PAYLOAD type: 00
PARSE_OK

NAT-T mode, adding non-esp marker
S7.3

BEGIN_PARSE
i_cookie: 43903c8a e2bc2220
r_cookie: 42c6e2cf 2b6d4980
payload: 08
isakmp_version: 10
exchange_type: 20
flags: 01
message_id: 9109d64c
len: 000000cc
PARSING PAYLOAD type: 08
next_type: 01
length: 0014
ke.data: 9acf0732 63467d6f 6e46d12f 1654c8ef
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 01
next_type: 0a
length: 0038
sa.doi: 00000001
sa.situation: 00000001
PARSING PAYLOAD type: 02
next_type: 00
length: 002c
p.number: 01
p.prot_id: 03
p.spi_size: 04
length: 01
p.spi: 6c5c6465
PARSING PAYLOAD type: 03
next_type: 00
length: 0020
t.number: 01
t.id: 0c
t.attributes.type: 0004
t.attributes.u.attr_16: f003
t.attributes.type: 0001
t.attributes.u.attr_16: 0001
t.attributes.type: 0002
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 00015180
t.attributes.type: 0005
t.attributes.u.attr_16: 0002
t.attributes.type: 0006
t.attributes.u.attr_16: 0100
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 01
PARSING PAYLOAD type: 0a
next_type: 05
length: 0018
ke.data: be239a1e 061d941b edbbd194 663c6cde 3e0edc38
DONE PARSING PAYLOAD type: 0a
PARSING PAYLOAD type: 05
next_type: 05
length: 000c
id.type: 01
id.protocol: 00
id.port: 0000
id.data: ac1f6413
DONE PARSING PAYLOAD type: 05
PARSING PAYLOAD type: 05
next_type: 0b
length: 0010
id.type: 04
id.protocol: 00
id.port: 0000
id.data: 00000000 00000000
DONE PARSING PAYLOAD type: 05
PARSING PAYLOAD type: 0b
next_type: 00
length: 0028
n.doi: 00000001
n.protocol: 03
n.spi_length: 04
n.type: 6000
n.spi: 6c5c6465
n.data: 80010001 00020004 00000e10 80010002 00020004 00465000
DONE PARSING PAYLOAD type: 0b
PARSING PAYLOAD type: 00
PARSE_OK

hashlen: 16
u.hash.length: 16
expected_hash: 9acf0732 63467d6f 6e46d12f 1654c8ef
h->u.hash.data: 9acf0732 63467d6f 6e46d12f 1654c8ef
S7.4
S7.5
S7.6
IPSEC SA selected aes256-sha1
authing NULL package!
size = 20, blksz = 8, padding = 4

sending: ========================>

BEGIN_PARSE
i_cookie: 43903c8a e2bc2220
r_cookie: 42c6e2cf 2b6d4980
payload: 08
isakmp_version: 10
exchange_type: 20
flags: 01
message_id: 9109d64c
len: 00000034
PARSING PAYLOAD type: 08
next_type: 00
length: 0014
ke.data: 258f015b d852aaa3 4b69b07a 47b079b4
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 00
PARSE_OK

NAT-T mode, adding non-esp marker
S7.7
size = 68, blksz = 8, padding = 4

sending: ========================>

BEGIN_PARSE
i_cookie: 43903c8a e2bc2220
r_cookie: 42c6e2cf 2b6d4980
payload: 08
isakmp_version: 10
exchange_type: 05
flags: 01
message_id: a766955d
len: 00000064
PARSING PAYLOAD type: 08
next_type: 0c
length: 0014
ke.data: 90cb9b39 6b67843d 0d5bb43c 13e69ed6
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0c
next_type: 0c
length: 0014
n.doi: 00000001
n.protocol: 03
n.spi_length: 04
d.num_spi: 0002
d.spi: ff4bac82
d.spi: 6c5c6465
DONE PARSING PAYLOAD type: 0c
PARSING PAYLOAD type: 0c
next_type: 00
length: 001c
n.doi: 00000001
n.protocol: 01
n.spi_length: 10
d.num_spi: 0001
d.spi: 43903c8a e2bc2220 42c6e2cf 2b6d4980
DONE PARSING PAYLOAD type: 0c
PARSING PAYLOAD type: 00
PARSE_OK

S7.8
S7.9
generating 52 bytes keymat (cnt=4)
generating 52 bytes keymat (cnt=4)
S7.10
Aborted


== snip ==
2d18h: lifetime of 86400 seconds
2d18h: has client flags 0x10
2d18h: outbound SA from 172.17.56.100 to 219.251.175.80
(f/i) 0/ 0 (proxy 0.0.0.0 to 172.31.100.13 )
2d18h: has spi 1817893002 and conn_id 3969 and flags 408
2d18h: lifetime of 86400 seconds
2d18h: has client flags 0x10
2d18h: ISAKMP (6:28): deleting node -1878979088 error FALSE reason
"quick mode done (await)"
2d18h: ISAKMP (6:28): Node -1878979088, Input = IKE_MESG_FROM_PEER,
IKE_QM_EXCH
2d18h: ISAKMP (6:28): Old State = IKE_QM_R_QM2 New State =
IKE_QM_PHASE2_COMPLETE
2d18h: IPSEC(key_engine): got a queue event...
2d18h: IPSEC(initialize_sas): ,
(key eng. msg.) INBOUND local= 172.17.56.100, remote= 219.251.175.80,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 172.31.100.13/0.0.0.0/0/0 (type=1),
protocol= ESP, transform= esp-aes 256 esp-sha-hmac ,
lifedur= 86400s and 0kb,
spi= 0xF044B2E1(4031034081), conn_id= 3968, keysize= 256, flags= 0x400
2d18h: IPSEC(initialize_sas): ,
(key eng. msg.) OUTBOUND local= 172.17.56.100, remote= 219.251.175.80,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 172.31.100.13/0.0.0.0/0/0 (type=1),
protocol= ESP, transform= esp-aes 256 esp-sha-hmac ,
lifedur= 86400s and 0kb,
spi= 0x6C5AD88A(1817893002), conn_id= 3969, keysize= 256, flags= 0x408
2d18h: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
2d18h: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
2d18h: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
2d18h: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
2d18h: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
2d18h: IPSEC(kei_proxy): head = OFMI-NEXG, map->ivrf = , kei->ivrf =
2d18h: IPSEC(add mtree): src 0.0.0.0, dest 172.31.100.13, dest_port 0

2d18h: IPSEC(create_sa): sa created,
(sa) sa_dest= 172.17.56.100, sa_prot= 50,
sa_spi= 0xF044B2E1(4031034081),
sa_trans= esp-aes 256 esp-sha-hmac , sa_conn_id= 3968
2d18h: IPSEC(create_sa): sa created,
(sa) sa_dest= 219.251.175.80, sa_prot= 50,
sa_spi= 0x6C5AD88A(1817893002),
sa_trans= esp-aes 256 esp-sha-hmac , sa_conn_id= 3969


massar at unix-ag

Nov 17, 2004, 9:07 PM

Post #10 of 11 (1462 views)
Permalink
nat-t problem with cisco ios [In reply to]
hi,

On Thu, Nov 18, 2004 at 04:32:33AM +0900, Ju min su wrote:
> Maurice Massar ? ?:
>
> >
> >I had no idea why IOS was rejecting the NAT-T IPSec Proposal,
> >but accepting the one without NAT-T, as these to should be the same..
> >until it occured to me that the encapsulation mode is part of the
> >proposal. There are not only two numbers for NAT-D payloads, for
> >the encapsulation mode there are two differend numbers too.
> >
> >try svn revision 37 (o:
> >
> >
> >
> ok. i think almost done.. but at last vpnc aborted..
>

oops.. I forgot to change tunip.c
now this should really be fixed in revision 38 hopefully

cu
maurice


minsuj at electrang

Nov 17, 2004, 10:28 PM

Post #11 of 11 (1471 views)
Permalink
nat-t problem with cisco ios [In reply to]
Maurice Massar ? ?:

>oops.. I forgot to change tunip.c
>now this should really be fixed in revision 38 hopefully
>
>

S7.8
S7.9
generating 52 bytes keymat (cnt=4)
generating 52 bytes keymat (cnt=4)
S7.10
tous.enc_secret: a8021a7b f341debd c445a521 8a3d6937 cacc69ed 50fc85df
ad64d00a 36beca81
tous.auth_secret: 08cb98e1 ec28760d 7b63230f eba95d99 b022b6c9
tothem.enc_secret: 8c5ddd76 78244587 cba90513 5a77b7da f71cf58c b52a9926
40e89d66 fb83bd5b
tothem.auth_secret: cb7eda0c af3f42e7 5b6963c7 cb3c2850 fa3c5293
VPNC started in background (pid: 8473)...

ok.. really it works... thank you very much.. :)


Regards.
Ju min su

vpnc devel RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.