Dear Wendohw
1. The "show interface extensive st0.2 output is :
admin@Stepnex> show interfaces extensive st0.2
Logical interface st0.2 (Index 69) (SNMP ifIndex 536) (Generation 149)
Description: Telenor_tunnel
Flags: Point-To-Point SNMP-Traps Encapsulation: Secure-Tunnel
Traffic statistics:
Input bytes : 720
Output bytes : 12160
Input packets: 6
Output packets: 179
Local statistics:
Input bytes : 0
Output bytes : 2172
Input packets: 0
Output packets: 20
Transit statistics:
Input bytes : 720 0 bps
Output bytes : 9988 0 bps
Input packets: 6 0 pps
Output packets: 159 0 pps
Security: Zone: TelenorVPN
Allowed host-inbound traffic : bootp dns dhcp finger ftp tftp ident-reset
http https ike netconf ping reverse-telnet reverse-ssh rlogin rpm rsh snmp
snmp-trap ssh telnet traceroute xnm-clear-text xnm-ssl lsping ntp sip r2cp
Flow Statistics :
Flow Input statistics :
Self packets : 0
ICMP packets : 6
VPN packets : 0
Multicast packets : 0
Bytes permitted by policy : 0
Connections established : 0
Flow Output statistics:
Multicast packets : 0
Bytes permitted by policy : 10844
Flow error statistics (Packets dropped due to):
Address spoofing: 0
Authentication failed: 0
Incoming NAT errors: 0
Invalid zone received packet: 0
Multiple user authentications: 0
Multiple incoming NAT: 0
No parent for a gate: 0
No one interested in self packets: 0
No minor session: 0
No more sessions: 0
No NAT gate: 0
No route present: 0
No SA for incoming SPI: 0
No tunnel found: 0
No session for a gate: 0
No zone or NULL zone binding 0
Policy denied: 0
Security association not active: 0
TCP sequence number out of window: 0
Syn-attack protection: 0
User authentication errors: 0
Protocol inet, MTU: 9192, Generation: 168, Route table: 0
Flags: Sendbcast-pkt-to-re
admin@Stepnex>
2.
admin@Stepnex> ... flow session source-prefix 172.16.10.8 destination-prefix 202.69.15.161
Session ID: 59041, Policy name: trust-telenor/4, Timeout: 44, Valid
In: 172.16.10.8/1214 --> 202.69.15.161/1;icmp, If: fe-0/0/1.0, Pkts: 1, Bytes: 60
Out: 202.69.15.161/1 --> 172.16.10.8/1214;icmp, If: st0.2, Pkts: 0, Bytes: 0
Session ID: 59043, Policy name: trust-telenor/4, Timeout: 48, Valid
In: 172.16.10.8/1215 --> 202.69.15.161/1;icmp, If: fe-0/0/1.0, Pkts: 1, Bytes: 60
Out: 202.69.15.161/1 --> 172.16.10.8/1215;icmp, If: st0.2, Pkts: 0, Bytes: 0
Session ID: 59045, Policy name: trust-telenor/4, Timeout: 54, Valid
In: 172.16.10.8/1216 --> 202.69.15.161/1;icmp, If: fe-0/0/1.0, Pkts: 1, Bytes: 60
Out: 202.69.15.161/1 --> 172.16.10.8/1216;icmp, If: st0.2, Pkts: 0, Bytes: 0
Session ID: 59047, Policy name: trust-telenor/4, Timeout: 58, Valid
In: 172.16.10.8/1217 --> 202.69.15.161/1;icmp, If: fe-0/0/1.0, Pkts: 1, Bytes: 60
Out: 202.69.15.161/1 --> 172.16.10.8/1217;icmp, If: st0.2, Pkts: 0, Bytes: 0
Total sessions: 4
admin@Stepnex>
3. Log file output after ping
admin@Stepnex> show log flow-trace.log
Sep 19 09:35:16 Stepnex clear-log[31590]: logfile cleared
[Sep 19 09:35:26]ikev2_packet_allocate: Allocated packet d91800 from freelist
[Sep 19 09:35:26]ike_sa_find: Found SA = { ac3c3522 e1866ca9 - a9e8da30 a907935f }
[Sep 19 09:35:26]ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library
[Sep 19 09:35:26]ike_get_sa: Start, SA = { ac3c3522 e1866ca9 - a9e8da30 a907935f } / d257e269, remote = 202.125.152.237:500
[Sep 19 09:35:26]ike_sa_find: Found SA = { ac3c3522 e1866ca9 - a9e8da30 a907935f }
[Sep 19 09:35:26]ike_alloc_negotiation: Start, SA = { ac3c3522 e1866ca9 - a9e8da30 a907935f}
[Sep 19 09:35:26]ike_decode_packet: Start
[Sep 19 09:35:26]ike_decode_packet: Start, SA = { ac3c3522 e1866ca9 - a9e8da30 a907935f} / d257e269, nego = 0
[Sep 19 09:35:26]ike_st_i_encrypt: Check that packet was encrypted succeeded
[Sep 19 09:35:26]ike_st_i_gen_hash: Start, hash[0..16] = 1326273e b468b34c ...
[Sep 19 09:35:26]ike_st_i_n: Start, doi = 1, protocol = 1, code = DPD Are You There (36136), spi[0..16] = ac3c3522 e1866ca9 ..., data[0..4] = 117c76ae 00000000 ...
[Sep 19 09:35:26]ssh_ike_connect_notify: Start, remote_name = :500, flags = 00010000
[Sep 19 09:35:26]ike_sa_find_ip_port: Remote = all:500, Found SA = { ac3c3522 e1866ca9 - a9e8da30 a907935f}
[Sep 19 09:35:26]ike_alloc_negotiation: Start, SA = { ac3c3522 e1866ca9 - a9e8da30 a907935f}
[Sep 19 09:35:26]ssh_ike_connect_notify: SA = { ac3c3522 e1866ca9 - a9e8da30 a907935f}, nego = 1
[Sep 19 09:35:26]ike_encode_packet: Start, SA = { 0xac3c3522 e1866ca9 - a9e8da30 a907935f } / 6963f6e5, nego = 1
[Sep 19 09:35:26]ike_send_packet: Start, send SA = { ac3c3522 e1866ca9 - a9e8da30 a907935f}, nego = 1, dst = 202.125.152.237:500, routing table id = 0
[Sep 19 09:35:26]ike_delete_negotiation: Start, SA = { ac3c3522 e1866ca9 - a9e8da30 a907935f}, nego = 1
[Sep 19 09:35:26]ike_free_negotiation_info: Start, nego = 1
[Sep 19 09:35:26]ike_free_negotiation: Start, nego = 1
[Sep 19 09:35:26]ike_st_i_private: Start
[Sep 19 09:35:26]ike_send_notify: Connected, SA = { ac3c3522 e1866ca9 - a9e8da30 a907935f}, nego = 0
[Sep 19 09:35:26]ike_delete_negotiation: Start, SA = { ac3c3522 e1866ca9 - a9e8da30 a907935f}, nego = 0
[Sep 19 09:35:26]ike_free_negotiation_info: Start, nego = 0
[Sep 19 09:35:26]ike_free_negotiation: Start, nego = 0
[Sep 19 09:35:46]ikev2_packet_allocate: Allocated packet d91c00 from freelist
[Sep 19 09:35:46]ike_sa_find: Found SA = { ac3c3522 e1866ca9 - a9e8da30 a907935f }
[Sep 19 09:35:46]ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library
[Sep 19 09:35:46]ike_get_sa: Start, SA = { ac3c3522 e1866ca9 - a9e8da30 a907935f } / bc621b41, remote = 202.125.152.237:500
[Sep 19 09:35:46]ike_sa_find: Found SA = { ac3c3522 e1866ca9 - a9e8da30 a907935f }
[Sep 19 09:35:46]ike_alloc_negotiation: Start, SA = { ac3c3522 e1866ca9 - a9e8da30 a907935f}
[Sep 19 09:35:46]ike_decode_packet: Start
[Sep 19 09:35:46]ike_decode_packet: Start, SA = { ac3c3522 e1866ca9 - a9e8da30 a907935f} / bc621b41, nego = 0
[Sep 19 09:35:46]ike_st_i_encrypt: Check that packet was encrypted succeeded
[Sep 19 09:35:46]ike_st_i_gen_hash: Start, hash[0..16] = 2ae4498c 9f84aee6 ...
[Sep 19 09:35:46]ike_st_i_n: Start, doi = 1, protocol = 1, code = DPD Are You There (36136), spi[0..16] = ac3c3522 e1866ca9 ..., data[0..4] = 117c76af 00000000 ...
[Sep 19 09:35:46]ssh_ike_connect_notify: Start, remote_name = :500, flags = 00010000
[Sep 19 09:35:46]ike_sa_find_ip_port: Remote = all:500, Found SA = { ac3c3522 e1866ca9 - a9e8da30 a907935f}
[Sep 19 09:35:46]ike_alloc_negotiation: Start, SA = { ac3c3522 e1866ca9 - a9e8da30 a907935f}
[Sep 19 09:35:46]ssh_ike_connect_notify: SA = { ac3c3522 e1866ca9 - a9e8da30 a907935f}, nego = 1
[Sep 19 09:35:46]ike_encode_packet: Start, SA = { 0xac3c3522 e1866ca9 - a9e8da30 a907935f } / 0c09b316, nego = 1
[Sep 19 09:35:46]ike_send_packet: Start, send SA = { ac3c3522 e1866ca9 - a9e8da30 a907935f}, nego = 1, dst = 202.125.152.237:500, routing table id = 0
[Sep 19 09:35:46]ike_delete_negotiation: Start, SA = { ac3c3522 e1866ca9 - a9e8da30 a907935f}, nego = 1
[Sep 19 09:35:46]ike_free_negotiation_info: Start, nego = 1
[Sep 19 09:35:46]ike_free_negotiation: Start, nego = 1
[Sep 19 09:35:46]ike_st_i_private: Start
[Sep 19 09:35:46]ike_send_notify: Connected, SA = { ac3c3522 e1866ca9 - a9e8da30 a907935f}, nego = 0
[Sep 19 09:35:46]ike_delete_negotiation: Start, SA = { ac3c3522 e1866ca9 - a9e8da30 a907935f}, nego = 0
[Sep 19 09:35:46]ike_free_negotiation_info: Start, nego = 0
[Sep 19 09:35:46]ike_free_negotiation: Start, nego = 0
admin@Stepnex>