## 2011-02-27 15:34:06 : IKE<62.143.130.124> ike packet, len 1191, action 1 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Catcher: received 1163 bytes from socket. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ****** Recv packet if of vsys ****** ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Catcher: get 1163 bytes. src port 500 ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ISAKMP msg: len 1163, nxp 1[SA], exch 4[AG], flag 00 ## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Recv : [SA] [KE] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID] ## 2011-02-27 15:34:06 : [VID] [VID] [VID] [VID] [VID] [VID] [VID] ## 2011-02-27 15:34:06 : valid id checking, id type:FQDN, len:23. ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > Validate (1135): SA/716 KE/132 NONCE/24 ID/23 VID/12 VID/20 VID/20 VID/20 VID/20 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Receive Id in AG mode, id-type=2, id=client.jersa.de, idlen = 15 ## 2011-02-27 15:34:06 : locate peer entry for (2/client.jersa.de), by identity. ## 2011-02-27 15:34:06 : Found identity in group <1> user id <1>. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Found peer entry (vpnclient_gateway) from 62.143.130.124. ## 2011-02-27 15:34:06 : responder create sa: 62.143.130.124->222.61.123.22 ## 2011-02-27 15:34:06 : init p1sa, pidt = 0x0 ## 2011-02-27 15:34:06 : change peer identity for p1 sa, pidt = 0x0 ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > peer_identity_create_with_uid: uid<0> ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > create peer identity 0x622a4c0 ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > peer_identity_add_to_peer: num entry before add <1> ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > peer_identity_add_to_peer: num entry after add <2> ## 2011-02-27 15:34:06 : peer identity 622a4c0 created. ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > EDIPI disabled ## 2011-02-27 15:34:06 : IKE<62.143.130.124> getProfileFromP1Proposal-> ## 2011-02-27 15:34:06 : IKE<62.143.130.124> find profile[0]=<00000005 00000002 00000001 00000002> for p1 proposal (id 5), xauth(1) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> find profile[1]=<00000005 00000001 00000001 00000002> for p1 proposal (id 4), xauth(1) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> find profile[2]=<00000007 00000002 00000001 00000002> for p1 proposal (id 7), xauth(1) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> find profile[3]=<00000007 00000001 00000001 00000002> for p1 proposal (id 6), xauth(1) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> responder create sa: 62.143.130.124->222.61.123.22 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Phase 1: Responder starts AGGRESSIVE mode negotiations. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> AG in state OAK_AG_NOSTATE. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [VID]: ## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Vendor ID: ## 2011-02-27 15:34:06 : 09 00 26 89 df d6 b7 12 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> rcv XAUTH v6.0 vid ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [VID]: ## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Vendor ID: ## 2011-02-27 15:34:06 : 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc ## 2011-02-27 15:34:06 : IKE<62.143.130.124> rcv NAT-Traversal VID payload (draft-ietf-ipsec-nat-t-ike-00). ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [VID]: ## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Vendor ID: ## 2011-02-27 15:34:06 : 16 f6 ca 16 e4 a4 06 6d 83 82 1a 0f 0a ea a8 62 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> rcv non-NAT-Traversal VID payload. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [VID]: ## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Vendor ID: ## 2011-02-27 15:34:06 : 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f ## 2011-02-27 15:34:06 : IKE<62.143.130.124> rcv NAT-Traversal VID payload (draft-ietf-ipsec-nat-t-ike-02). ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [VID]: ## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Vendor ID: ## 2011-02-27 15:34:06 : 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> rcv non-NAT-Traversal VID payload. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [VID]: ## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Vendor ID: ## 2011-02-27 15:34:06 : 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f ## 2011-02-27 15:34:06 : IKE<62.143.130.124> rcv non-NAT-Traversal VID payload. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [VID]: ## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Vendor ID: ## 2011-02-27 15:34:06 : 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 ## 2011-02-27 15:34:06 : 80 00 00 00 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> receive unknown vendor ID payload ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [VID]: ## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Vendor ID: ## 2011-02-27 15:34:06 : af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [VID]: ## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Vendor ID: ## 2011-02-27 15:34:06 : f1 4b 94 b7 bf f1 fe f0 27 73 b8 c4 9f ed ed 26 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> rcv non-NAT-Traversal VID payload. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [VID]: ## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Vendor ID: ## 2011-02-27 15:34:06 : 16 6f 93 2d 55 eb 64 d8 e4 df 4f d3 7e 23 13 f0 ## 2011-02-27 15:34:06 : d0 fd 84 51 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> receive unknown vendor ID payload ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [VID]: ## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Vendor ID: ## 2011-02-27 15:34:06 : 84 04 ad f9 cd a0 57 60 b2 ca 29 2e 4b ff 53 7b ## 2011-02-27 15:34:06 : IKE<62.143.130.124> rcv non-NAT-Traversal VID payload. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [VID]: ## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Vendor ID: ## 2011-02-27 15:34:06 : 12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 74 cc 01 00 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> rcv non-NAT-Traversal VID payload. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [SA]: ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Proposal received: xauthflag 1 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1), encr(7), hash(1), group(2), keylen(256) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: initiator ## 2011-02-27 15:34:06 : IKE<62.143.130.124> [0] expect: xauthflag 3 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1), encr(5)<3DES>, hash(2), group(2) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder ## 2011-02-27 15:34:06 : IKE<62.143.130.124> [1] expect: xauthflag 3 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1), encr(5)<3DES>, hash(1), group(2) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder ## 2011-02-27 15:34:06 : IKE<62.143.130.124> [2] expect: xauthflag 3 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1), encr(7), hash(2), group(2), keylen(128) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder ## 2011-02-27 15:34:06 : IKE<62.143.130.124> [3] expect: xauthflag 3 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1), encr(7), hash(1), group(2), keylen(128) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Proposal received: xauthflag 1 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1), encr(7), hash(2), group(2), keylen(256) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: initiator ## 2011-02-27 15:34:06 : IKE<62.143.130.124> [0] expect: xauthflag 3 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1), encr(5)<3DES>, hash(2), group(2) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder ## 2011-02-27 15:34:06 : IKE<62.143.130.124> [1] expect: xauthflag 3 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1), encr(5)<3DES>, hash(1), group(2) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder ## 2011-02-27 15:34:06 : IKE<62.143.130.124> [2] expect: xauthflag 3 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1), encr(7), hash(2), group(2), keylen(128) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder ## 2011-02-27 15:34:06 : IKE<62.143.130.124> [3] expect: xauthflag 3 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1), encr(7), hash(1), group(2), keylen(128) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Proposal received: xauthflag 1 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1), encr(7), hash(1), group(2), keylen(192) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: initiator ## 2011-02-27 15:34:06 : IKE<62.143.130.124> [0] expect: xauthflag 3 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1), encr(5)<3DES>, hash(2), group(2) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder ## 2011-02-27 15:34:06 : IKE<62.143.130.124> [1] expect: xauthflag 3 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1), encr(5)<3DES>, hash(1), group(2) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder ## 2011-02-27 15:34:06 : IKE<62.143.130.124> [2] expect: xauthflag 3 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1), encr(7), hash(2), group(2), keylen(128) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder ## 2011-02-27 15:34:06 : IKE<62.143.130.124> [3] expect: xauthflag 3 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1), encr(7), hash(1), group(2), keylen(128) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Proposal received: xauthflag 1 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1), encr(7), hash(2), group(2), keylen(192) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: initiator ## 2011-02-27 15:34:06 : IKE<62.143.130.124> [0] expect: xauthflag 3 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1), encr(5)<3DES>, hash(2), group(2) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder ## 2011-02-27 15:34:06 : IKE<62.143.130.124> [1] expect: xauthflag 3 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1), encr(5)<3DES>, hash(1), group(2) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder ## 2011-02-27 15:34:06 : IKE<62.143.130.124> [2] expect: xauthflag 3 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1), encr(7), hash(2), group(2), keylen(128) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder ## 2011-02-27 15:34:06 : IKE<62.143.130.124> [3] expect: xauthflag 3 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1), encr(7), hash(1), group(2), keylen(128) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Proposal received: xauthflag 1 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1), encr(7), hash(1), group(2), keylen(128) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: initiator ## 2011-02-27 15:34:06 : IKE<62.143.130.124> [0] expect: xauthflag 3 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1), encr(5)<3DES>, hash(2), group(2) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder ## 2011-02-27 15:34:06 : IKE<62.143.130.124> [1] expect: xauthflag 3 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1), encr(5)<3DES>, hash(1), group(2) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder ## 2011-02-27 15:34:06 : IKE<62.143.130.124> [2] expect: xauthflag 3 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1), encr(7), hash(2), group(2), keylen(128) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: responder ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Phase 1 proposal [3] selected. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> SA Life Type = seconds ## 2011-02-27 15:34:06 : IKE<62.143.130.124> SA lifetime (TLV) = 86400 ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > dh group 2 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> DH_BG_consume OK. p1 resp ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [KE]: ## 2011-02-27 15:34:06 : IKE<62.143.130.124> processing ISA_KE in phase 1. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [NONCE]: ## 2011-02-27 15:34:06 : IKE<62.143.130.124> processing NONCE in phase 1. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [ID]: ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ID received: type=ID_FQDN, FQDN = client.jersa.de, port=0, protocol=0 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> process_id need to update peer entry, cur . ## 2011-02-27 15:34:06 : locate peer entry for (2/client.jersa.de), by identity. ## 2011-02-27 15:34:06 : Found identity in group <1> user id <1>. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Dynamic peer IP addr, search peer by identity. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> peer gateway entry has no peer id configured ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ID processed. return 0. sa->p1_state = 0. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Phase 1 AG Responder constructing 2nd message. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct ISAKMP header. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Msg header built (next payload #1) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct [SA] for ISAKMP ## 2011-02-27 15:34:06 : IKE<62.143.130.124> auth(1), encr(7), hash(1), group(2), keylen(128) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth attribute: disabled ## 2011-02-27 15:34:06 : IKE<62.143.130.124> lifetime/lifesize (86400/0) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct NetScreen [VID] ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct custom [VID] ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct custom [VID] ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct custom [VID] ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct [KE] for ISAKMP ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct [NONCE] ## 2011-02-27 15:34:06 : IKE<62.143.130.124> gen_skeyid() ## 2011-02-27 15:34:06 : IKE<62.143.130.124> gen_skeyid: returning 0 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct [ID] for ISAKMP ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Use vpngw.jersa.de as IKE p1 ID. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct [HASH] ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Use vpngw.jersa.de as IKE p1 ID. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ID, len=18, type=2, pro=17, port=500, ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct NAT-T [VID]: draft 2 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Responder psk ag mode: natt vid constructed. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> responder (psk) constructing remote NAT-D ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct [NATD] ## 2011-02-27 15:34:06 : IKE<62.143.130.124> responder (psk) constructing local NAT-D ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct [NATD] ## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Xmit : [SA] [VID] [VID] [VID] [VID] [KE] [NONCE] [ID] [HASH] ## 2011-02-27 15:34:06 : [VID] [NATD] [NATD] ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Responder sending IPv4 IP 62.143.130.124/port 500 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Send Phase 1 packet (len=446) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> IKE msg done: PKI state<0> IKE state<5/91180f> ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > from FLOAT port. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ike packet, len 124, action 0 ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > from FLOAT port. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ike packet, len 108, action 0 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Catcher: received 96 bytes from socket. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ****** Recv packet if of vsys ****** ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Catcher: get 96 bytes. src port 4500 ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ISAKMP msg: len 92, nxp 8[HASH], exch 4[AG], flag 01 E ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Decrypting payload (length 64) ## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Recv*: [HASH] [NATD] [NATD] ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > extract payload (64): ## 2011-02-27 15:34:06 : IKE<62.143.130.124> AG in state OAK_AG_INIT_EXCH. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [NATD]: ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [NATD]: ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [HASH]: ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ID, len=19, type=2, pro=0, port=0, ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ## 2011-02-27 15:34:06 : IKE<62.143.130.124> completing Phase 1 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> sa_pidt = 622a4c0 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> adjusting phase 1 hash ## 2011-02-27 15:34:06 : IKE<62.143.130.124> found existing peer identity 0 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Phase 1: Completed for ip <62.143.130.124>, user ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Phase 1: Completed Aggressive mode negotiation with a <28800>-second lifetime. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth is started: server, p1responder, aggr mode. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> start_xauth() ## 2011-02-27 15:34:06 : IKE<62.143.130.124> start_xauth(): as:0 ac:-1 enable:1 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth_process_server: accounting server id 0 (use auth server as acct server). ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth_process_server: xauthstatus 20. ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ikecfg list add attr type 16520, val 0 added, len 0. ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ikecfg list add attr type 16521, val empty string, type <16521> added, len 0. ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ikecfg list add attr type 16522, val empty string, type <16522> added, len 0. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Create conn entry... ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ...done(new 22199719) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct ISAKMP header. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Msg header built (next payload #8) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct [HASH] ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > print ikecfg attribute payload: ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > next: 0, payloadlength 20, type 1, identifier 61307. ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > basic attr type 16520, valint 0 ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > variable attr type 16521, vallen 0, valstr empty string, type <16521> ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > variable attr type 16522, vallen 0, valstr empty string, type <16522> ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ## 2011-02-27 15:34:06 : IKE<62.143.130.124> construct QM HASH ## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Xmit*: [HASH] [IKECFG] ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Encrypt P2 payload (len 68) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Responder sending IPv4 IP 62.143.130.124/port 4500 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Send Phase 2 packet (len=76) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ikecfg packet sent. msgid 22199719, len: 68, peer<62.143.130.124> ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth status updated by state machine: 20 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> IKE msg done: PKI state<0> IKE state<6/1097182f> ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Catcher: received 80 bytes from socket. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ****** Recv packet if of vsys ****** ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Catcher: get 80 bytes. src port 4500 ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ISAKMP msg: len 76, nxp 8[HASH], exch 5[INFO], flag 01 E ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Create conn entry... ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ...done(new b90d3f73) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Decrypting payload (length 48) ## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Recv*: [HASH] [NOTIF] ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Need to pass XAUTH first. Silently Discard packet. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Delete conn entry... ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ...found conn entry(b90d3f73) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> IKE msg done: PKI state<0> IKE state<6/1097182f> ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > from FLOAT port. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ike packet, len 124, action 0 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Catcher: received 96 bytes from socket. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ****** Recv packet if of vsys ****** ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Catcher: get 96 bytes. src port 4500 ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ISAKMP msg: len 92, nxp 8[HASH], exch 6[XACT_EXCH], flag 01 E ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Decrypting payload (length 64) ## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Recv*: [HASH] [IKECFG] ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [IKECFG]: ## 2011-02-27 15:34:06 : IKE<62.143.130.124> processing IKECFG payload. msgid 22199719, msgtype 2, payload ID 61307 ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > print ikecfg attribute payload: ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > next: 0, payloadlength 36, type 2, identifier 61307. ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > basic attr type 16520, valint 0 ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > variable attr type 16521, vallen 8, valstr thorste ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > variable attr type 16522, vallen 8, valstr thorste ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ikecfg list add attr type 16520, val 0 added, len 0. ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ikecfg list add attr type 16521, val thorste added, len 8. ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ikecfg list add attr type 16522, val thorste added, len 8. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth server got type: 16520 v<0> ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth server got var type: 16521 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth server got var type: 16522 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth server entering state machine: 20 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth_process_server: accounting server id 0 (use auth server as acct server). ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth_process_server: xauthstatus 20. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth_auth_pap: authing locally: uname thorsten, passwd *** SUCCESS ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Get config for client(local auth) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ikecfg_assign_client_cfg(): Sa->ip_addr = 0x0 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> getting xauth local user remote setting ## 2011-02-27 15:34:06 : IKE<62.143.130.124> getting xauth local user IP from pool ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Don't do xauth RADIUS accounting. Send cfg to client directly. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ikecfg_send_client_cfg: ip 10.1.2.1, v4mask 255.255.255.255 dns1 10.1.1.1, dns2 0.0.0.0, win1 0.0.0.0, win2 0.0.0.0 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ikecfg_send_client_cfg v6: id ::, prefix ::/0 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ikecfg_send_client_cfg v6: dns1 ::, dns2 ::, win1 ::, win2 :: ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ikecfg list add attr type 1, val 10.1.2.1 added, len 4. ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ikecfg list add attr type 2, val 255.255.255.255 added, len 4. ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ikecfg list add attr type 3, val 10.1.1.1 added, len 4. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Create conn entry... ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ...done(new 85594f12) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct ISAKMP header. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Msg header built (next payload #8) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct [HASH] ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > print ikecfg attribute payload: ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > next: 0, payloadlength 32, type 3, identifier 61307. ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > variable attr type 1, vallen 4, valstr 10.1.2.1 ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > variable attr type 2, vallen 4, valstr 255.255.255.255 ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > variable attr type 3, vallen 4, valstr 10.1.1.1 ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ## 2011-02-27 15:34:06 : IKE<62.143.130.124> construct QM HASH ## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Xmit*: [HASH] [IKECFG] ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Encrypt P2 payload (len 80) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Responder sending IPv4 IP 62.143.130.124/port 4500 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Send Phase 2 packet (len=92) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ikecfg packet sent. msgid 85594f12, len: 80, peer<62.143.130.124> ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth status updated by state machine: 90 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> IKE msg done: PKI state<0> IKE state<6/1097182f> ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > from FLOAT port. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ike packet, len 92, action 0 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Catcher: received 64 bytes from socket. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ****** Recv packet if of vsys ****** ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Catcher: get 64 bytes. src port 4500 ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ISAKMP msg: len 60, nxp 8[HASH], exch 6[XACT_EXCH], flag 01 E ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Decrypting payload (length 32) ## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Recv*: [HASH] [IKECFG] ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [IKECFG]: ## 2011-02-27 15:34:06 : IKE<62.143.130.124> processing IKECFG payload. msgid 85594f12, msgtype 4, payload ID 61307 ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > print ikecfg attribute payload: ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > next: 0, payloadlength 12, type 4, identifier 61307. ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > variable attr type 3, vallen 0, valstr 64.137.0.8 ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ikecfg list add attr type 3, val 0.0.0.0 added, len 0. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth server entering state machine: 90 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth_process_server: accounting server id 0 (use auth server as acct server). ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth_process_server: xauthstatus 90. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth status updated by state machine: -1 ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ikecfg list add attr type 16527, val 0 added, len 0. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Create conn entry... ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ...done(new e5ce2681) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct ISAKMP header. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Msg header built (next payload #8) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Construct [HASH] ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > print ikecfg attribute payload: ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > next: 0, payloadlength 12, type 3, identifier 61307. ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > basic attr type 16527, valint 0 ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ## 2011-02-27 15:34:06 : IKE<62.143.130.124> construct QM HASH ## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Xmit*: [HASH] [IKECFG] ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Encrypt P2 payload (len 60) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Responder sending IPv4 IP 62.143.130.124/port 4500 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Send Phase 2 packet (len=76) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ikecfg packet sent. msgid e5ce2681, len: 60, peer<62.143.130.124> ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth_failed() ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth login FAILED. gw , username , retry: 0, timeout: 1 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> xauth_cleanup() ## 2011-02-27 15:34:06 : IKE<62.143.130.124> IKE Xauth: release prefix route, ret=<-2>. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> XAUTH-failed: clear p2sa for p1sa(0x22b2268). ## 2011-02-27 15:34:06 : IKE<62.143.130.124> IKE msg done: PKI state<0> IKE state<6/1097182f> ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > from FLOAT port. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ike packet, len 108, action 0 ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Catcher: received 80 bytes from socket. ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ****** Recv packet if of vsys ****** ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Catcher: get 80 bytes. src port 4500 ## 2011-02-27 15:34:06 : IKE<0.0.0.0 > ISAKMP msg: len 76, nxp 8[HASH], exch 5[INFO], flag 01 E ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Create conn entry... ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ...done(new 96990a95) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Decrypting payload (length 48) ## 2011-02-27 15:34:06 : IKE<62.143.130.124 > Recv*: [HASH] [DELETE] ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Process [DELETE]: ## 2011-02-27 15:34:06 : IKE<62.143.130.124> DELETE payload received, deleting Phase-1 SA ## 2011-02-27 15:34:06 : IKE<62.143.130.124> Delete conn entry... ## 2011-02-27 15:34:06 : IKE<62.143.130.124> ...found conn entry(96990a95) ## 2011-02-27 15:34:06 : IKE<62.143.130.124> IKE msg done: PKI state<0> IKE state<6/1097182f> ## 2011-02-27 15:34:07 : IKE<0.0.0.0 > dh group 2 ## 2011-02-27 15:34:08 : reap_db. deleting p1sa 22b2268 ## 2011-02-27 15:34:08 : terminate_SA: trying to delete SA cause: 0 cond: 2 ## 2011-02-27 15:34:08 : IKE<62.143.130.124> Delete conn entry... ## 2011-02-27 15:34:08 : IKE<62.143.130.124> ...found conn entry(e5ce2681) ## 2011-02-27 15:34:08 : IKE<62.143.130.124> Delete conn entry... ## 2011-02-27 15:34:08 : IKE<62.143.130.124> ...found conn entry(85594f12) ## 2011-02-27 15:34:08 : IKE<62.143.130.124> Delete conn entry... ## 2011-02-27 15:34:08 : IKE<62.143.130.124> ...found conn entry(22199719) ## 2011-02-27 15:34:08 : IKE<62.143.130.124> xauth_cleanup() ## 2011-02-27 15:34:08 : IKE<62.143.130.124> Done cleaning up IKE Phase 1 SA ## 2011-02-27 15:34:08 : peer_identity_unregister_p1_sa. ## 2011-02-27 15:34:08 : IKE<0.0.0.0 > delete peer identity 0x622a4c0 ## 2011-02-27 15:34:08 : IKE<0.0.0.0 > peer_identity_remove_from_peer: num entry before remove <2> ## 2011-02-27 15:34:08 : peer_idt.c peer_identity_unregister_p1_sa 682: pidt deleted.