I'm using the scenario of running L2TP over IPsec and seeing:
000 "remote-access-mac-zzz": 192.168.100.10[192.168.100.10]:17/1701---192.168.100.20...%virtual[%any]:17/%any===?; unrouted; eroute owner: #0 000 "remote-access-mac-zzz": newest ISAKMP SA: #0; newest IPsec SA: #0; 000 "remote-access-mac-zzz"[2]: 192.168.100.10:4500[192.168.100.10]:17/1701...192.168.100.20:4500[192.168.10.2]:17/1701; erouted; eroute owner: #2 000 "remote-access-mac-zzz"[2]: newest ISAKMP SA: #1; newest IPsec SA: #2; 000 "remote-access-win-aaa": 192.168.100.10[192.168.100.10]:17/1701---192.168.100.20...%virtual[%any]:17/1701===?; unrouted; eroute owner: #0 000 "remote-access-win-aaa": newest ISAKMP SA: #0; newest IPsec SA: #0; 000 000 #2: "remote-access-mac-zzz"[2] 192.168.100.20:4500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 3231s; newest IPSEC; eroute owner 000 #2: "remote-access-mac-zzz"[2] 192.168.100.20:4500 [email protected] (793 bytes, 38s ago) [email protected] (2119 bytes, 1s ago); transport 000 #1: "remote-access-mac-zzz"[2] 192.168.100.20:4500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_EXPIRE in 3501s; newest ISAKMP 000 but I'm not sure how to parse these lines. Can someone walk me through what the 1st, 3rd, and 5th lines are showing me? And yes, this is 4.5.2. We'll be upgrading to 5.1.3 soon but we have some legacy installs we can't retire just yet. Thanks, -Philip _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
