*_Hi everybody,
we are trying to setup a SHREW Dial Up VPN Client 2.1.7 connection to
our SSG 350 device and followed step by step
this guide:
www.shrew.net/support/wiki/HowtoJuniperSsgCerts
Unfortunately we have no success bringing up the tunnel and the debug
output (pls see attached .txt) is for me as a
newbie not easy to interpret. I hope that I can get any hint/help to get
the VPN tunnel working.
Many thanks in advance!
Rainer_*
<mailto:[email protected]>
This email (including any attachments) may contain confidential and/or
privileged information or information otherwise protected from disclosure. If
you are not the intended recipient, please notify the sender immediately, do
not copy this message or any attachments and do not use it for any purpose or
disclose its content to any person, but delete this message and any attachments
from your system. Astrium disclaims any and all liability if this email
transmission was virus corrupted, altered or falsified.
---------------------------------------------------------
Astrium GmbH Vorsitzender des Aufsichtsrates: Thomas Mueller -
Geschaeftsfuehrung: Evert Dudok (Vorsitzender), Dr. Johannes von Thadden, Josef
Stukenborg
Sitz der Gesellschaft: Muenchen - Registergericht: Amtsgericht Muenchen, HRB
Nr. 107 647 Ust. Ident. Nr. / VAT reg. no. DE167015356
Weitere Informationen ueber EADS Astrium @ http://www.astrium.eads.net/
Windows 7 Dial Up Client <=========> SSG 350
192.168.11.3 192.168.11.1
esc-igs-fw-> get db stream
## 2011-01-28 14:28:02 : IKE<192.168.11.3> ike packet, len 1245, action 1
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Catcher: received 1217 bytes from
socket.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> ****** Recv packet if <ethernet0/1>
of vsys <Root> ******
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Catcher: get 1217 bytes. src port 500
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > ISAKMP msg: len 1217, nxp
1[SA], exch 4[AG], flag 00
## 2011-01-28 14:28:02 : IKE<192.168.11.3 > Recv : [SA] [KE] [NONCE]
[CERT-REQ] [ID] [VID] [VID] [VID] [VID]
## 2011-01-28 14:28:02 : [VID] [VID] [VID] [VID] [VID] [VID] [VID] [VID]
## 2011-01-28 14:28:02 : valid id checking, id type:ASN1_DN, len:72.
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > Validate (1189): SA/716
KE/132 NONCE/24 CERT-REQ..5/5 ID/72 VID/12 VID/20 VID/20
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Receive Id (type=DN) in AG mode,
retrieve [email protected],OU=ESA,CN=UHB
, idlen = 38
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > peer dn has 3 elements.
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > compare user id<14>.
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id:
input<CN=UHB,OU=ESA,O=,L=,ST=,C=,[email protected],DC=,>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: <0><CN=UHB>.
## 2011-01-28 14:28:02 : get_dn_element_type_mask: mask<00000001>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: got
<0><8bfff5a4><CN=UHB>.
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: <1><OU=ESA>.
## 2011-01-28 14:28:02 : get_dn_element_type_mask: mask<00000002>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: got
<1><8bfff5ab><OU=ESA>.
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: <2><O=>.
## 2011-01-28 14:28:02 : get_dn_element_type_mask: string len<2>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: got
<2><00000000><empty>.
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: <3><L=>.
## 2011-01-28 14:28:02 : get_dn_element_type_mask: string len<2>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: got
<3><00000000><empty>.
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: <4><ST=>.
## 2011-01-28 14:28:02 : get_dn_element_type_mask: remaining after = bad for
<ST=>.
## 2011-01-28 14:28:02 : get_dn_element_type_mask: mask<ffffffff>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: got
<4><00000000><empty>.
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: <5><C=>.
## 2011-01-28 14:28:02 : get_dn_element_type_mask: string len<2>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: got
<5><00000000><empty>.
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id:
<6><[email protected]>.
## 2011-01-28 14:28:02 : get_dn_element_type_mask: mask<00000040>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: got
<6><8bfff5bf><[email protected]>.
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: <7><DC=>.
## 2011-01-28 14:28:02 : get_dn_element_type_mask: remaining after = bad for
<DC=>.
## 2011-01-28 14:28:02 : get_dn_element_type_mask: mask<ffffffff>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: got
<7><00000000><empty>.
## 2011-01-28 14:28:02 : normalize_one_elem: input<CN=UHB>
## 2011-01-28 14:28:02 : normalize_one_elem: content<UHB>
## 2011-01-28 14:28:02 : normalize_one: A temp<CN=UHB,> in_len<3>
## 2011-01-28 14:28:02 : normalize_one: temp<CN=UHB,> len<7>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: ind<0>
elem<CN=UHB,>len<7>
## 2011-01-28 14:28:02 : normalize_one_elem: input<OU=ESA>
## 2011-01-28 14:28:02 : normalize_one_elem: content<ESA>
## 2011-01-28 14:28:02 : normalize_one: A temp<OU=ESA,> in_len<3>
## 2011-01-28 14:28:02 : normalize_one: temp<OU=ESA,> len<7>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: ind<1>
elem<CN=UHB,OU=ESA,>len<14>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: ind<-1>
elem<CN=UHB,OU=ESA,O=,>len<17>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: ind<-1>
elem<CN=UHB,OU=ESA,O=,L=,>len<20>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: ind<-1>
elem<CN=UHB,OU=ESA,O=,L=,ST=,>len<24>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: ind<-1>
elem<CN=UHB,OU=ESA,O=,L=,ST=,C=,>len<27>
## 2011-01-28 14:28:02 : normalize_one_elem: input<[email protected]>
## 2011-01-28 14:28:02 : normalize_one_elem: content<[email protected]>
## 2011-01-28 14:28:02 : normalize_one: A temp<[email protected],>
in_len<17>
## 2011-01-28 14:28:02 : normalize_one: temp<[email protected],> len<24>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: ind<6>
elem<CN=UHB,OU=ESA,O=,L=,ST=,C=,[email protected],>len<51>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: ind<-1>
elem<CN=UHB,OU=ESA,O=,L=,ST=,C=,[email protected],DC=,>len<55>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id:
result<CN=UHB,OU=ESA,O=,L=,ST=,C=,[email protected],DC=,>len<55>ret<0>
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > ct:CN=UHB
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > ct:OU=ESA
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > ct:[email protected]
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > count_num_required_elems: ret
num elem<3>.
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > no container identity
requirement.
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > wild card identity
matched<CN=UHB,OU=ESA,O=,L=,ST=,C=,[email protected],DC=,>.
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > ID match found.
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > user id found<14>.
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > group id found<10>.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Found peer entry (VPN_P1_GW) from
192.168.11.3.
## 2011-01-28 14:28:02 : responder create sa: 192.168.11.3->192.168.11.1
## 2011-01-28 14:28:02 : init p1sa, pidt = 0x0
## 2011-01-28 14:28:02 : change peer identity for p1 sa, pidt = 0x0
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > peer_identity_create_with_uid:
uid<0>
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > create peer identity 0x84ce450
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > peer_identity_add_to_peer: num
entry before add <1>
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > peer_identity_add_to_peer: num
entry after add <2>
## 2011-01-28 14:28:02 : peer identity 84ce450 created.
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > EDIPI disabled
## 2011-01-28 14:28:02 : IKE<192.168.11.3> getProfileFromP1Proposal->
## 2011-01-28 14:28:02 : IKE<192.168.11.3> find profile[0]=<00000005 00000002
00000003 00000002> for p1 proposal (id 11), xauth(1)
## 2011-01-28 14:28:02 : IKE<192.168.11.3> responder create sa:
192.168.11.3->192.168.11.1
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Phase 1: Responder starts AGGRESSIVE
mode negotiations.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> AG in state OAK_AG_NOSTATE.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Process [VID]:
## 2011-01-28 14:28:02 : IKE<192.168.11.3 > Vendor ID:
## 2011-01-28 14:28:02 : 09 00 26 89 df d6 b7 12
## 2011-01-28 14:28:02 : IKE<192.168.11.3> rcv XAUTH v6.0 vid
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Process [VID]:
## 2011-01-28 14:28:02 : IKE<192.168.11.3 > Vendor ID:
## 2011-01-28 14:28:02 : 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc
## 2011-01-28 14:28:02 : IKE<192.168.11.3> rcv NAT-Traversal VID payload
(draft-ietf-ipsec-nat-t-ike-00).
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Process [VID]:
## 2011-01-28 14:28:02 : IKE<192.168.11.3 > Vendor ID:
## 2011-01-28 14:28:02 : 16 f6 ca 16 e4 a4 06 6d 83 82 1a 0f 0a ea a8 62
## 2011-01-28 14:28:02 : IKE<192.168.11.3> rcv non-NAT-Traversal VID payload.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Process [VID]:
## 2011-01-28 14:28:02 : IKE<192.168.11.3 > Vendor ID:
## 2011-01-28 14:28:02 : 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f
## 2011-01-28 14:28:02 : IKE<192.168.11.3> rcv NAT-Traversal VID payload
(draft-ietf-ipsec-nat-t-ike-02).
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Process [VID]:
## 2011-01-28 14:28:02 : IKE<192.168.11.3 > Vendor ID:
## 2011-01-28 14:28:02 : 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56
## 2011-01-28 14:28:02 : IKE<192.168.11.3> rcv non-NAT-Traversal VID payload.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Process [VID]:
## 2011-01-28 14:28:02 : IKE<192.168.11.3 > Vendor ID:
## 2011-01-28 14:28:02 : 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
## 2011-01-28 14:28:02 : IKE<192.168.11.3> rcv non-NAT-Traversal VID payload.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Process [VID]:
## 2011-01-28 14:28:02 : IKE<192.168.11.3 > Vendor ID:
## 2011-01-28 14:28:02 : 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
## 2011-01-28 14:28:02 : 80 00 00 00
## 2011-01-28 14:28:02 : IKE<192.168.11.3> receive unknown vendor ID payload
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Process [VID]:
## 2011-01-28 14:28:02 : IKE<192.168.11.3 > Vendor ID:
## 2011-01-28 14:28:02 : af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Process [VID]:
## 2011-01-28 14:28:02 : IKE<192.168.11.3 > Vendor ID:
## 2011-01-28 14:28:02 : f1 4b 94 b7 bf f1 fe f0 27 73 b8 c4 9f ed ed 26
## 2011-01-28 14:28:02 : IKE<192.168.11.3> rcv non-NAT-Traversal VID payload.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Process [VID]:
## 2011-01-28 14:28:02 : IKE<192.168.11.3 > Vendor ID:
## 2011-01-28 14:28:02 : 16 6f 93 2d 55 eb 64 d8 e4 df 4f d3 7e 23 13 f0
## 2011-01-28 14:28:02 : d0 fd 84 51
## 2011-01-28 14:28:02 : IKE<192.168.11.3> receive unknown vendor ID payload
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Process [VID]:
## 2011-01-28 14:28:02 : IKE<192.168.11.3 > Vendor ID:
## 2011-01-28 14:28:02 : 84 04 ad f9 cd a0 57 60 b2 ca 29 2e 4b ff 53 7b
## 2011-01-28 14:28:02 : IKE<192.168.11.3> rcv non-NAT-Traversal VID payload.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Process [VID]:
## 2011-01-28 14:28:02 : IKE<192.168.11.3 > Vendor ID:
## 2011-01-28 14:28:02 : 12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 74 cc 01 00
## 2011-01-28 14:28:02 : IKE<192.168.11.3> rcv non-NAT-Traversal VID payload.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Process [SA]:
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Proposal received: xauthflag 61
## 2011-01-28 14:28:02 : IKE<192.168.11.3> auth(3)<RSA>, encr(7)<AES>,
hash(1)<MD5>, group(2), keylen(256)
## 2011-01-28 14:28:02 : IKE<192.168.11.3> xauth attribute: initiator
## 2011-01-28 14:28:02 : IKE<192.168.11.3> [0] expect: xauthflag 3
## 2011-01-28 14:28:02 : IKE<192.168.11.3> auth(3)<RSA>, encr(5)<3DES>,
hash(2)<SHA>, group(2)
## 2011-01-28 14:28:02 : IKE<192.168.11.3> xauth attribute: responder
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Proposal received: xauthflag 61
## 2011-01-28 14:28:02 : IKE<192.168.11.3> auth(3)<RSA>, encr(7)<AES>,
hash(2)<SHA>, group(2), keylen(256)
## 2011-01-28 14:28:02 : IKE<192.168.11.3> xauth attribute: initiator
## 2011-01-28 14:28:02 : IKE<192.168.11.3> [0] expect: xauthflag 3
## 2011-01-28 14:28:02 : IKE<192.168.11.3> auth(3)<RSA>, encr(5)<3DES>,
hash(2)<SHA>, group(2)
## 2011-01-28 14:28:02 : IKE<192.168.11.3> xauth attribute: responder
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Proposal received: xauthflag 61
## 2011-01-28 14:28:02 : IKE<192.168.11.3> auth(3)<RSA>, encr(7)<AES>,
hash(1)<MD5>, group(2), keylen(192)
## 2011-01-28 14:28:02 : IKE<192.168.11.3> xauth attribute: initiator
## 2011-01-28 14:28:02 : IKE<192.168.11.3> [0] expect: xauthflag 3
## 2011-01-28 14:28:02 : IKE<192.168.11.3> auth(3)<RSA>, encr(5)<3DES>,
hash(2)<SHA>, group(2)
## 2011-01-28 14:28:02 : IKE<192.168.11.3> xauth attribute: responder
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Proposal received: xauthflag 61
## 2011-01-28 14:28:02 : IKE<192.168.11.3> auth(3)<RSA>, encr(7)<AES>,
hash(2)<SHA>, group(2), keylen(192)
## 2011-01-28 14:28:02 : IKE<192.168.11.3> xauth attribute: initiator
## 2011-01-28 14:28:02 : IKE<192.168.11.3> [0] expect: xauthflag 3
## 2011-01-28 14:28:02 : IKE<192.168.11.3> auth(3)<RSA>, encr(5)<3DES>,
hash(2)<SHA>, group(2)
## 2011-01-28 14:28:02 : IKE<192.168.11.3> xauth attribute: responder
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Proposal received: xauthflag 61
## 2011-01-28 14:28:02 : IKE<192.168.11.3> auth(3)<RSA>, encr(7)<AES>,
hash(1)<MD5>, group(2), keylen(128)
## 2011-01-28 14:28:02 : IKE<192.168.11.3> xauth attribute: initiator
## 2011-01-28 14:28:02 : IKE<192.168.11.3> [0] expect: xauthflag 3
## 2011-01-28 14:28:02 : IKE<192.168.11.3> auth(3)<RSA>, encr(5)<3DES>,
hash(2)<SHA>, group(2)
## 2011-01-28 14:28:02 : IKE<192.168.11.3> xauth attribute: responder
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Proposal received: xauthflag 61
## 2011-01-28 14:28:02 : IKE<192.168.11.3> auth(3)<RSA>, encr(7)<AES>,
hash(2)<SHA>, group(2), keylen(128)
## 2011-01-28 14:28:02 : IKE<192.168.11.3> xauth attribute: initiator
## 2011-01-28 14:28:02 : IKE<192.168.11.3> [0] expect: xauthflag 3
## 2011-01-28 14:28:02 : IKE<192.168.11.3> auth(3)<RSA>, encr(5)<3DES>,
hash(2)<SHA>, group(2)
## 2011-01-28 14:28:02 : IKE<192.168.11.3> xauth attribute: responder
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Proposal received: xauthflag 61
## 2011-01-28 14:28:02 : IKE<192.168.11.3> P1 attributes not supported.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> [0] expect: xauthflag 3
## 2011-01-28 14:28:02 : IKE<192.168.11.3> auth(3)<RSA>, encr(5)<3DES>,
hash(2)<SHA>, group(2)
## 2011-01-28 14:28:02 : IKE<192.168.11.3> xauth attribute: responder
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Proposal received: xauthflag 61
## 2011-01-28 14:28:02 : IKE<192.168.11.3> P1 attributes not supported.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> [0] expect: xauthflag 3
## 2011-01-28 14:28:02 : IKE<192.168.11.3> auth(3)<RSA>, encr(5)<3DES>,
hash(2)<SHA>, group(2)
## 2011-01-28 14:28:02 : IKE<192.168.11.3> xauth attribute: responder
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Proposal received: xauthflag 61
## 2011-01-28 14:28:02 : IKE<192.168.11.3> P1 attributes not supported.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> [0] expect: xauthflag 3
## 2011-01-28 14:28:02 : IKE<192.168.11.3> auth(3)<RSA>, encr(5)<3DES>,
hash(2)<SHA>, group(2)
## 2011-01-28 14:28:02 : IKE<192.168.11.3> xauth attribute: responder
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Proposal received: xauthflag 61
## 2011-01-28 14:28:02 : IKE<192.168.11.3> P1 attributes not supported.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> [0] expect: xauthflag 3
## 2011-01-28 14:28:02 : IKE<192.168.11.3> auth(3)<RSA>, encr(5)<3DES>,
hash(2)<SHA>, group(2)
## 2011-01-28 14:28:02 : IKE<192.168.11.3> xauth attribute: responder
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Proposal received: xauthflag 61
## 2011-01-28 14:28:02 : IKE<192.168.11.3> P1 attributes not supported.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> [0] expect: xauthflag 3
## 2011-01-28 14:28:02 : IKE<192.168.11.3> auth(3)<RSA>, encr(5)<3DES>,
hash(2)<SHA>, group(2)
## 2011-01-28 14:28:02 : IKE<192.168.11.3> xauth attribute: responder
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Proposal received: xauthflag 61
## 2011-01-28 14:28:02 : IKE<192.168.11.3> P1 attributes not supported.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> [0] expect: xauthflag 3
## 2011-01-28 14:28:02 : IKE<192.168.11.3> auth(3)<RSA>, encr(5)<3DES>,
hash(2)<SHA>, group(2)
## 2011-01-28 14:28:02 : IKE<192.168.11.3> xauth attribute: responder
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Proposal received: xauthflag 61
## 2011-01-28 14:28:02 : IKE<192.168.11.3> auth(3)<RSA>, encr(5)<3DES>,
hash(1)<MD5>, group(2)
## 2011-01-28 14:28:02 : IKE<192.168.11.3> xauth attribute: initiator
## 2011-01-28 14:28:02 : IKE<192.168.11.3> [0] expect: xauthflag 3
## 2011-01-28 14:28:02 : IKE<192.168.11.3> auth(3)<RSA>, encr(5)<3DES>,
hash(2)<SHA>, group(2)
## 2011-01-28 14:28:02 : IKE<192.168.11.3> xauth attribute: responder
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Proposal received: xauthflag 61
## 2011-01-28 14:28:02 : IKE<192.168.11.3> auth(3)<RSA>, encr(5)<3DES>,
hash(2)<SHA>, group(2)
## 2011-01-28 14:28:02 : IKE<192.168.11.3> xauth attribute: initiator
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Phase 1 proposal [0] selected.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> SA Life Type = seconds
## 2011-01-28 14:28:02 : IKE<192.168.11.3> SA lifetime (TLV) = 86400
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > dh group 2
## 2011-01-28 14:28:02 : IKE<192.168.11.3> DH_BG_consume OK. p1 resp
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Process [KE]:
## 2011-01-28 14:28:02 : IKE<192.168.11.3> processing ISA_KE in phase 1.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Process [NONCE]:
## 2011-01-28 14:28:02 : IKE<192.168.11.3> processing NONCE in phase 1.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Process [ID]:
## 2011-01-28 14:28:02 : IKE<192.168.11.3> ID received: type=ID_DER_ASN1_DN, DN
= [email protected],OU=ESA,CN=UHB, port = 0, protocol=0
## 2011-01-28 14:28:02 : IKE<192.168.11.3> process_id need to update peer
entry, cur <VPN_P1_GW>.
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > peer dn has 3 elements.
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > compare user id<14>.
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id:
input<CN=UHB,OU=ESA,O=,L=,ST=,C=,[email protected],DC=,>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: <0><CN=UHB>.
## 2011-01-28 14:28:02 : get_dn_element_type_mask: mask<00000001>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: got
<0><8bffee7c><CN=UHB>.
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: <1><OU=ESA>.
## 2011-01-28 14:28:02 : get_dn_element_type_mask: mask<00000002>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: got
<1><8bffee83><OU=ESA>.
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: <2><O=>.
## 2011-01-28 14:28:02 : get_dn_element_type_mask: string len<2>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: got
<2><00000000><empty>.
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: <3><L=>.
## 2011-01-28 14:28:02 : get_dn_element_type_mask: string len<2>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: got
<3><00000000><empty>.
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: <4><ST=>.
## 2011-01-28 14:28:02 : get_dn_element_type_mask: remaining after = bad for
<ST=>.
## 2011-01-28 14:28:02 : get_dn_element_type_mask: mask<ffffffff>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: got
<4><00000000><empty>.
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: <5><C=>.
## 2011-01-28 14:28:02 : get_dn_element_type_mask: string len<2>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: got
<5><00000000><empty>.
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id:
<6><[email protected]>.
## 2011-01-28 14:28:02 : get_dn_element_type_mask: mask<00000040>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: got
<6><8bffee97><[email protected]>.
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: <7><DC=>.
## 2011-01-28 14:28:02 : get_dn_element_type_mask: remaining after = bad for
<DC=>.
## 2011-01-28 14:28:02 : get_dn_element_type_mask: mask<ffffffff>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: got
<7><00000000><empty>.
## 2011-01-28 14:28:02 : normalize_one_elem: input<CN=UHB>
## 2011-01-28 14:28:02 : normalize_one_elem: content<UHB>
## 2011-01-28 14:28:02 : normalize_one: A temp<CN=UHB,> in_len<3>
## 2011-01-28 14:28:02 : normalize_one: temp<CN=UHB,> len<7>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: ind<0>
elem<CN=UHB,>len<7>
## 2011-01-28 14:28:02 : normalize_one_elem: input<OU=ESA>
## 2011-01-28 14:28:02 : normalize_one_elem: content<ESA>
## 2011-01-28 14:28:02 : normalize_one: A temp<OU=ESA,> in_len<3>
## 2011-01-28 14:28:02 : normalize_one: temp<OU=ESA,> len<7>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: ind<1>
elem<CN=UHB,OU=ESA,>len<14>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: ind<-1>
elem<CN=UHB,OU=ESA,O=,>len<17>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: ind<-1>
elem<CN=UHB,OU=ESA,O=,L=,>len<20>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: ind<-1>
elem<CN=UHB,OU=ESA,O=,L=,ST=,>len<24>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: ind<-1>
elem<CN=UHB,OU=ESA,O=,L=,ST=,C=,>len<27>
## 2011-01-28 14:28:02 : normalize_one_elem: input<[email protected]>
## 2011-01-28 14:28:02 : normalize_one_elem: content<[email protected]>
## 2011-01-28 14:28:02 : normalize_one: A temp<[email protected],>
in_len<17>
## 2011-01-28 14:28:02 : normalize_one: temp<[email protected],> len<24>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: ind<6>
elem<CN=UHB,OU=ESA,O=,L=,ST=,C=,[email protected],>len<51>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id: ind<-1>
elem<CN=UHB,OU=ESA,O=,L=,ST=,C=,[email protected],DC=,>len<55>
## 2011-01-28 14:28:02 : normalize_user_wildcard_dn_id:
result<CN=UHB,OU=ESA,O=,L=,ST=,C=,[email protected],DC=,>len<55>ret<0>
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > ct:CN=UHB
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > ct:OU=ESA
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > ct:[email protected]
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > count_num_required_elems: ret
num elem<3>.
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > no container identity
requirement.
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > wild card identity
matched<CN=UHB,OU=ESA,O=,L=,ST=,C=,[email protected],DC=,>.
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > ID match found.
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > user id found<14>.
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > group id found<10>.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Dynamic peer IP addr, search peer by
identity.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> peer gateway entry has no peer id
configured
## 2011-01-28 14:28:02 : IKE<192.168.11.3> ID processed. return 0. sa->p1_state
= 0.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Process [CERT-REQ..5]:
## 2011-01-28 14:28:02 : IKE<192.168.11.3> processing ISA_CERT_REQ starts,
type=4.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> process_cert_req done.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> need to wait for offline p1 DH work
done.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> IKE msg done: PKI state<0> IKE
state<0/281290a>
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > finished job pkaidx <0>
dh_len<128> dmax<64>
## 2011-01-28 14:28:02 : IKE<0.0.0.0 > finished job
d<33045e5c><17a0bb5d><e71366fc><dfaceb2c>
## 2011-01-28 14:28:02 : IKE<192.168.11.3> AG in state OAK_AG_NOSTATE.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> re-enter AG after offline DH done
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Phase 1 AG Responder constructing
2nd message.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Construct ISAKMP header.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Msg header built (next payload #1)
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Construct [SA] for ISAKMP
## 2011-01-28 14:28:02 : IKE<192.168.11.3> auth(3)<RSA>, encr(5)<3DES>,
hash(2)<SHA>, group(2)
## 2011-01-28 14:28:02 : IKE<192.168.11.3> xauth attribute: disabled
## 2011-01-28 14:28:02 : IKE<192.168.11.3> lifetime/lifesize (86400/0)
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Construct NetScreen [VID]
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Construct custom [VID]
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Construct custom [VID]
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Construct custom [VID]
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Construct [KE] for ISAKMP
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Construct [NONCE]
## 2011-01-28 14:28:02 : IKE<192.168.11.3> gen_skeyid()
## 2011-01-28 14:28:02 : IKE<192.168.11.3> gen_skeyid: returning 0
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Construct [ID] for ISAKMP
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Use FQDN "ref2.esa.int" in local
certificate subject alternative name as IKE p1 ID.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Construct [CERT]
## 2011-01-28 14:28:02 : IKE<192.168.11.3> construct_cert(), first cert.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> construct_cert(), cert type = 4,
certlen = 1090
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Direct CA, peer wants X509, will
send one X509 cert.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> one X509 cert
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Responder constructing cert req
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Construct [CERT-REQ]
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Construct NAT-T [VID]: draft 2
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Responder rsa sig ag mode: natt vid
constructed.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> responder (pki) constructing remote
NAT-D
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Construct [NATD]
## 2011-01-28 14:28:02 : IKE<192.168.11.3> responder (pki) constructing local
NAT-D
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Construct [NATD]
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Construct [SIG]
## 2011-01-28 14:28:02 : IKE<192.168.11.3> constructing RSA signature.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Use FQDN "ref2.esa.int" in local
certificate subject alternative name as IKE p1 ID.
## 2011-01-28 14:28:02 : IKE<192.168.11.3> ID, len=16, type=2, pro=17, port=500,
## 2011-01-28 14:28:02 : IKE<192.168.11.3>
## 2011-01-28 14:28:02 : IKE<192.168.11.3>
## 2011-01-28 14:28:02 : IKE<192.168.11.3 > digest when construct sig
## 2011-01-28 14:28:02 : 6d 46 eb 8f d7 43 d0 bb c0 7b 95 87 e5 25 bd 9b
## 2011-01-28 14:28:02 : 8e cb fa f4 00 00 00 00 d1 7e 37 00 40 51 82 03
## 2011-01-28 14:28:02 : IKE<192.168.11.3> throw packet to the peer,
paket_len=1776
## 2011-01-28 14:28:02 : IKE<192.168.11.3 > Xmit : [SA] [VID] [VID] [VID]
[VID] [KE] [NONCE] [ID] [CERT]
## 2011-01-28 14:28:02 : [CERT-REQ] [VID] [NATD] [NATD] [SIG]
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Responder sending IPv4 IP
192.168.11.3/port 500
## 2011-01-28 14:28:02 : IKE<192.168.11.3> Send Phase 1 packet (len=1776)
## 2011-01-28 14:28:03 : IKE<192.168.11.3> ike packet, len 1912, action 0
## 2011-01-28 14:28:03 : IKE<192.168.11.3> Catcher: received 1884 bytes from
socket.
## 2011-01-28 14:28:03 : IKE<192.168.11.3> ****** Recv packet if <ethernet0/1>
of vsys <Root> ******
## 2011-01-28 14:28:03 : IKE<192.168.11.3> Catcher: get 1884 bytes. src port 500
## 2011-01-28 14:28:03 : IKE<0.0.0.0 > ISAKMP msg: len 1884, nxp
6[CERT], exch 4[AG], flag 01 E
## 2011-01-28 14:28:03 : IKE<192.168.11.3> Decrypting payload (length 1856)
## 2011-01-28 14:28:03 : IKE<192.168.11.3 > Recv*: [CERT] [SIG] [NATD] [NATD]
## 2011-01-28 14:28:03 : IKE<0.0.0.0 > extract payload (1856):
## 2011-01-28 14:28:03 : IKE<192.168.11.3> AG in state OAK_AG_INIT_EXCH.
## 2011-01-28 14:28:03 : IKE<192.168.11.3> Process [NATD]:
## 2011-01-28 14:28:03 : IKE<192.168.11.3> Process [NATD]:
## 2011-01-28 14:28:03 : IKE<192.168.11.3> Process [CERT]:
## 2011-01-28 14:28:03 : IKE<192.168.11.3> Processing CERT payload. Cert Type =
4, Cert Length = 1281.
## 2011-01-28 14:28:03 : IKE<192.168.11.3> IKE msg done: PKI state<1> IKE
state<5/1097191f>
## 2011-01-28 14:28:03 : IKE<192.168.11.3> ike packet, len 112, action 0
## 2011-01-28 14:28:03 : IKE<0.0.0.0 > I got hit by mail. 1
## 2011-01-28 14:28:03 : IKE<0.0.0.0 > message from PKI, msg id=f001
## 2011-01-28 14:28:03 : IKE<192.168.11.3> enter PKI_CID_VERIFY_CERT_RSP
## 2011-01-28 14:28:03 : IKE<192.168.11.3> AG in state OAK_AG_INIT_EXCH.
## 2011-01-28 14:28:03 : IKE<192.168.11.3> Process [CERT]:
## 2011-01-28 14:28:03 : IKE<192.168.11.3> Processing CERT payload. Cert Type =
4, Cert Length = 1281.
## 2011-01-28 14:28:03 : IKE<192.168.11.3> in cert, name
<[email protected],OU=ESA,CN=UHB>
## 2011-01-28 14:28:03 : IKE<192.168.11.3> recv cert with IPV4(0.0.0.0),
FQDN(none), RFC822(none)
## 2011-01-28 14:28:03 : IKE<0.0.0.0 > Cert NotAfter=Jan 25 09:44:09
2021 GMT
## 2011-01-28 14:28:03 : IKE<192.168.11.3> Cert_time(759491049)
current(444148083)
## 2011-01-28 14:28:03 : IKE<192.168.11.3> Process [SIG]:
## 2011-01-28 14:28:03 : IKE<192.168.11.3> processing ISA_SIG.
## 2011-01-28 14:28:03 : IKE<192.168.11.3> ***** Got public key for
192.168.11.3 *****
## 2011-01-28 14:28:03 : IKE<192.168.11.3> processing RSA sig
## 2011-01-28 14:28:03 : IKE<192.168.11.3> ID, len=68, type=9, pro=0, port=0,
## 2011-01-28 14:28:03 : IKE<192.168.11.3>
## 2011-01-28 14:28:03 : IKE<192.168.11.3 > his_digest
## 2011-01-28 14:28:03 : 65 f4 54 97 b9 ba 40 fe cb c8 68 2e 55 76 dd d6
## 2011-01-28 14:28:03 : 47 b1 a7 75 00 00 00 00 35 5a 39 00 40 51 82 03
## 2011-01-28 14:28:03 : IKE<192.168.11.3> pki_msg: pki state<0>ike
state<6/1097193f>
## 2011-01-28 14:28:03 : IKE<192.168.11.3> completing Phase 1
## 2011-01-28 14:28:03 : IKE<192.168.11.3> sa_pidt = 84ce450
## 2011-01-28 14:28:03 : IKE<192.168.11.3> found existing peer identity 0
## 2011-01-28 14:28:03 : IKE<192.168.11.3> Phase 1: Completed for ip
<192.168.11.3>, user<[email protected],OU=ESA,CN=UHB>
## 2011-01-28 14:28:03 : IKE<192.168.11.3> Phase 1: Completed Aggressive mode
negotiation with a <28800>-second lifetime.
## 2011-01-28 14:28:03 : IKE<192.168.11.3> xauth is started: server,
p1responder, aggr mode.
## 2011-01-28 14:28:03 : IKE<192.168.11.3> start_xauth()
## 2011-01-28 14:28:03 : IKE<0.0.0.0 > ikecfg list add attr type
16520, val 0 added, len 0.
## 2011-01-28 14:28:03 : IKE<0.0.0.0 > ikecfg list add attr type
16521, val empty string, type <16521> added, len 0.
## 2011-01-28 14:28:03 : IKE<0.0.0.0 > ikecfg list add attr type
16522, val empty string, type <16522> added, len 0.
## 2011-01-28 14:28:03 : IKE<192.168.11.3> Create conn entry...
## 2011-01-28 14:28:03 : IKE<192.168.11.3> ...done(new bd9e572e)
## 2011-01-28 14:28:03 : IKE<192.168.11.3> Construct ISAKMP header.
## 2011-01-28 14:28:03 : IKE<192.168.11.3> Msg header built (next payload #8)
## 2011-01-28 14:28:03 : IKE<192.168.11.3> Construct [HASH]
## 2011-01-28 14:28:03 : IKE<0.0.0.0 > print ikecfg attribute payload:
## 2011-01-28 14:28:03 : IKE<0.0.0.0 > next: 0, payloadlength 20, type
1, identifier 5934.
## 2011-01-28 14:28:03 : IKE<0.0.0.0 > basic attr type 16520, valint 0
## 2011-01-28 14:28:03 : IKE<0.0.0.0 > variable attr type 16521,
vallen 0, valstr empty string, type <16521>
## 2011-01-28 14:28:03 : IKE<0.0.0.0 > variable attr type 16522,
vallen 0, valstr empty string, type <16522>
## 2011-01-28 14:28:03 : IKE<0.0.0.0 >
## 2011-01-28 14:28:03 : IKE<192.168.11.3> construct QM HASH
## 2011-01-28 14:28:03 : IKE<192.168.11.3 > Xmit*: [HASH] [IKECFG]
## 2011-01-28 14:28:03 : IKE<192.168.11.3> Encrypt P2 payload (len 72)
--- more --- ## 2011-01-28 14:28:03 :
IKE<192.168.11.3> Responder sending IPv4 IP 192.168.11.3/port 500
## 2011-01-28 14:28:03 : IKE<192.168.11.3> Send Phase 2 packet (len=76)
## 2011-01-28 14:28:03 : IKE<192.168.11.3> ikecfg packet sent. msgid bd9e572e,
len: 72, peer<192.168.11.3>
## 2011-01-28 14:28:03 : IKE<192.168.11.3> xauth status updated by state
machine: 20
## 2011-01-28 14:28:03 : IKE<192.168.11.3> Catcher: received 84 bytes from
socket.
## 2011-01-28 14:28:03 : IKE<192.168.11.3> ****** Recv packet if <ethernet0/1>
of vsys <Root> ******
## 2011-01-28 14:28:03 : IKE<192.168.11.3> Catcher: get 84 bytes. src port 500
## 2011-01-28 14:28:03 : IKE<0.0.0.0 > ISAKMP msg: len 84, nxp
8[HASH], exch 5[INFO], flag 01 E
## 2011-01-28 14:28:03 : IKE<192.168.11.3> Create conn entry...
## 2011-01-28 14:28:03 : IKE<192.168.11.3> ...done(new a77ca448)
## 2011-01-28 14:28:03 : IKE<192.168.11.3> Decrypting payload (length 56)
## 2011-01-28 14:28:03 : IKE<192.168.11.3 > Recv*: [HASH] [DELETE]
## 2011-01-28 14:28:03 : IKE<192.168.11.3> Process [DELETE]:
## 2011-01-28 14:28:03 : IKE<192.168.11.3> DELETE payload received, deleting
Phase-1 SA
## 2011-01-28 14:28:03 : IKE<192.168.11.3> Delete conn entry...
## 2011-01-28 14:28:03 : IKE<192.168.11.3> ...found conn entry(48a47ca7)
## 2011-01-28 14:28:03 : IKE<192.168.11.3> IKE msg done: PKI state<0> IKE
state<6/1097193f>
## 2011-01-28 14:28:04 : IKE<0.0.0.0 > dh group 2
## 2011-01-28 14:28:04 : IKE<0.0.0.0 > finished job pkaidx <0>
dh_len<128> dmax<64>
## 2011-01-28 14:28:04 : IKE<0.0.0.0 > finished job
d<c6f4d4d0><f405dc32><4244e532><954798b2>
## 2011-01-28 14:28:04 : IKE<0.0.0.0 > BN, top32 dmax64 zero<no>
## 2011-01-28 14:28:09 : IKE<192.168.11.3> ikecfg transmit timer expired.
re-trans
## 2011-01-28 14:28:09 : IKE<192.168.11.3> bad sa, can't send request
## 2011-01-28 14:28:15 : IKE<192.168.11.3> ikecfg transmit timer expired.
re-trans
## 2011-01-28 14:28:15 : IKE<192.168.11.3> bad sa, can't send request
## 2011-01-28 14:28:21 : IKE<192.168.11.3> ikecfg transmit timer expired.
re-trans
## 2011-01-28 14:28:21 : IKE<192.168.11.3> bad sa, can't send request
## 2011-01-28 14:28:27 : IKE<192.168.11.3> ikecfg transmit timer expired.
re-trans
## 2011-01-28 14:28:27 : IKE<192.168.11.3> bad sa, can't send request
## 2011-01-28 14:28:32 : reap_db. deleting p1sa 2178e38
## 2011-01-28 14:28:32 : terminate_SA: trying to delete SA cause: 0 cond: 2
## 2011-01-28 14:28:32 : IKE<192.168.11.3> Delete conn entry...
## 2011-01-28 14:28:32 : IKE<192.168.11.3> ...found conn entry(2e579ebd)
## 2011-01-28 14:28:32 : IKE<192.168.11.3> xauth login ABORTED. gw <VPN_P1_GW>,
username <>, retry: 0
## 2011-01-28 14:28:42 : IKE<192.168.11.3> xauth login EXPIRED and TERMINATED.
username <>, ip<0.0.0.0/0.0.0.0>
## 2011-01-28 14:28:42 : IKE<192.168.11.3> IKE Xauth: release prefix route,
ret=<-2>.
## 2011-01-28 14:29:02 : reap_db. deleting p1sa 2178e38
## 2011-01-28 14:29:02 : terminate_SA: trying to delete SA cause: 0 cond: 2
## 2011-01-28 14:29:02 : IKE<192.168.11.3> xauth_cleanup()
## 2011-01-28 14:29:02 : IKE<192.168.11.3> Done cleaning up IKE Phase 1 SA
## 2011-01-28 14:29:02 : peer_identity_unregister_p1_sa.
## 2011-01-28 14:29:02 : IKE<0.0.0.0 > delete peer identity 0x84ce450
## 2011-01-28 14:29:02 : IKE<0.0.0.0 > peer_identity_remove_from_peer:
num entry before remove <2>
## 2011-01-28 14:29:02 : peer_idt.c peer_identity_unregister_p1_sa 668: pidt
deleted.
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help