Hello, I currently have configured my SSG and Shrew Client to the specs in this doc. http://www.shrew.net/static/help-2.1.x/vpnhelp.htm. I am using shrew client version 2.1.7 on a windows 7 64 bit machine. The tunnel enables on the client upon authentication and I can ping my firewall once connected but cannot reach anything else inside the remote network. I have checked the logs on the firewall and it states that Phase 2 completes negotiations. Also the Policy log shows no issues.
Here is my config on the SSG set clock timezone -6 set clock dst recurring start-weekday 2 0 3 02:00 end-weekday 1 0 11 02:00 set vrouter trust-vr sharable set vrouter "untrust-vr" exit set vrouter "trust-vr" unset auto-route-export exit set alg appleichat enable unset alg appleichat re-assembly enable set alg sctp enable set auth-server "Local" id 0 set auth-server "Local" server-name "Local" set auth default auth server "Local" set auth radius accounting port 1646 set admin name "admin" set admin password "nDqnMcriM8UJcAjPDs2Or9Ct4iIiDn" set admin auth web timeout 10 set admin auth dial-in timeout 3 set admin auth server "Local" set admin format dos set zone "Trust" vrouter "trust-vr" set zone "Untrust" vrouter "trust-vr" set zone "DMZ" vrouter "trust-vr" set zone "VLAN" vrouter "trust-vr" set zone "Untrust-Tun" vrouter "trust-vr" set zone "Trust" tcp-rst set zone "Untrust" block unset zone "Untrust" tcp-rst set zone "MGT" block set zone "DMZ" tcp-rst set zone "VLAN" block unset zone "VLAN" tcp-rst set zone "Untrust" screen tear-drop set zone "Untrust" screen syn-flood set zone "Untrust" screen ping-death set zone "Untrust" screen ip-filter-src set zone "Untrust" screen land set zone "V1-Untrust" screen tear-drop set zone "V1-Untrust" screen syn-flood set zone "V1-Untrust" screen ping-death set zone "V1-Untrust" screen ip-filter-src set zone "V1-Untrust" screen land set interface "ethernet0/0" zone "Untrust" set interface "ethernet0/1" zone "DMZ" set interface "wireless0/0" zone "Trust" set interface "bgroup0" zone "Trust" set interface bgroup0 port ethernet0/2 set interface bgroup0 port ethernet0/3 set interface bgroup0 port ethernet0/4 set interface bgroup0 port ethernet0/5 set interface bgroup0 port ethernet0/6 set interface bgroup0 port wireless0/1 unset interface vlan1 ip set interface ethernet0/0 ip *.*.*.*/28 set interface ethernet0/0 route set interface wireless0/0 ip 172.16.3.9/24 set interface wireless0/0 nat set interface bgroup0 ip 77.77.77.1/30 set interface bgroup0 nat unset interface vlan1 bypass-others-ipsec unset interface vlan1 bypass-non-ip set interface ethernet0/0 ip manageable set interface wireless0/0 ip manageable set interface bgroup0 ip manageable set interface ethernet0/0 manage web set interface wireless0/0 dhcp relay server-name "production.*.com" set interface wireless0/0 dhcp relay server-name "172.16.3.3" set interface wireless0/0 dhcp relay service set interface "serial0/0" modem settings "USR" init "AT&F" set interface "serial0/0" modem settings "USR" active set interface "serial0/0" modem speed 115200 set interface "serial0/0" modem retry 3 set interface "serial0/0" modem interval 10 set interface "serial0/0" modem idle-time 10 set flow tcp-mss unset flow no-tcp-seq-check set flow tcp-syn-check unset flow tcp-syn-bit-check set flow reverse-route clear-text prefer set flow reverse-route tunnel always set pki authority default scep mode "auto" set pki x509 default cert-path partial set dns host dns1 68.94.156.1 set dns host dns2 68.94.157.1 set dns host dns3 0.0.0.0 set address "Trust" "10.1.2.0/24" 10.1.2.0 255.255.255.0 set ippool "vpnclient" 10.2.21.1 10.2.21.254 set user "Kevin" uid 2 set user "Kevin" type ike xauth set user "Kevin" password "pFrwmg8BNCArHOsD5SC1hOiaXgnSfg+kuw==" unset user "Kevin" type auth set user "Kevin" "enable" set user "vpnclient_ph1id" uid 1 set user "vpnclient_ph1id" ike-id fqdn "client.production.*.com" share-limit 2 set user "vpnclient_ph1id" type ike set user "vpnclient_ph1id" "enable" set user-group "vpnclient_group" id 1 set user-group "vpnclient_group" user "vpnclient_ph1id" set ike gateway "vpnclient_gateway" dialup "vpnclient_group" Aggr local-id "vpngw.production.*.com" outgoing-interface "ethernet0/0" preshare "ywVtpLtqNNqShlsEx3CBeXjIGGnCLRiUgg==" proposal "pre-g2-3des-sha" "pre-g2-3des-md5" "pre-g2-aes128-sha" "pre-g2-aes128-sha" set ike gateway "vpnclient_gateway" dpd-liveness interval 30 unset ike gateway "vpnclient_gateway" nat-traversal udp-checksum set ike gateway "vpnclient_gateway" nat-traversal keepalive-frequency 20 set ike gateway "vpnclient_gateway" xauth server "Local" unset ike gateway "vpnclient_gateway" xauth do-edipi-auth set ike respond-bad-spi 1 set ike ikev2 ike-sa-soft-lifetime 60 unset ike ikeid-enumeration unset ike dos-protection unset ipsec access-session enable set ipsec access-session maximum 5000 set ipsec access-session upper-threshold 0 set ipsec access-session lower-threshold 0 set ipsec access-session dead-p2-sa-timeout 0 unset ipsec access-session log-error unset ipsec access-session info-exch-connected unset ipsec access-session use-error-log set xauth default ippool "vpnclient" set xauth default dns1 10.1.2.1 set xauth default dns2 10.1.2.100 set xauth default wins1 10.1.2.1 set xauth default wins2 10.1.2.100 set vpn "vpnclient_tunnel" gateway "vpnclient_gateway" no-replay tunnel idletime 0 proposal "nopfs-esp-3des-sha" "nopfs-esp- 3des-md5" "nopfs-esp-aes128-sha" "nopfs-esp-aes128-md5" set vrouter "untrust-vr" exit set vrouter "trust-vr" exit set url protocol websense exit set policy id 1 from "Trust" to "Untrust" "Any" "Any" "ANY" permit log set policy id 1 exit set policy id 2 from "Untrust" to "Trust" "Any" "Any" "ANY" permit set policy id 2 exit set policy id 3 name "vpnclient_in" from "Untrust" to "Trust" "Dial-Up VPN" "10.1.2.0/24" "ANY" tunnel vpn "vpnclient_tunnel" id 0x1 log set policy id 3 exit set nsmgmt bulkcli reboot-timeout 60 set ssh version v2 set config lock timeout 5 unset license-key auto-update set wlan 0 channel auto set wlan 1 channel auto set ssid name LAB set ssid LAB authentication wpa2-psk passphrase GA2Hc/DBNI7juJsH9RCCjmWPGjniRtvyjw== encryption auto set ssid LAB interface wireless1 set snmp port listen 161 set snmp port trap 162 set vrouter "untrust-vr" exit set vrouter "trust-vr" unset add-default-route set route 0.0.0.0/0 interface ethernet0/0 gateway *.*.*.* set route 172.16.3.0/24 interface bgroup0 gateway 77.77.77.2 set route 172.16.4.0/24 interface bgroup0 gateway 77.77.77.2 set route 10.5.1.0/24 interface bgroup0 gateway 77.77.77.2 set route 10.5.128.0/24 interface bgroup0 gateway 77.77.77.2 exit set vrouter "untrust-vr" exit set vrouter "trust-vr" exit Here is my Shrew Client Config; n:version:2 n:network-ike-port:500 n:network-mtu-size:1380 n:client-addr-auto:1 n:network-natt-port:4500 n:network-natt-rate:15 n:network-frag-size:540 n:network-dpd-enable:1 n:client-banner-enable:1 n:network-notify-enable:1 n:client-wins-used:1 n:client-wins-auto:1 n:client-dns-used:1 n:client-dns-auto:1 n:client-splitdns-used:1 n:client-splitdns-auto:1 n:phase1-dhgroup:2 n:phase1-life-secs:86400 n:phase1-life-kbytes:0 n:vendor-chkpt-enable:0 n:phase2-life-secs:3600 n:phase2-life-kbytes:0 n:policy-nailed:0 n:policy-list-auto:0 s:client-saved-username:Kevin s:network-host:*.*.*.* s:client-auto-mode:push s:client-iface:virtual s:network-natt-mode:enable s:network-frag-mode:enable s:auth-method:mutual-psk-xauth s:ident-client-type:fqdn s:ident-server-type:fqdn s:ident-client-data:client.production.*.com s:ident-server-data:vpngw.production.*.com b:auth-mutual-psk:bXlwcmVzaGFyZWRrZXk= s:phase1-exchange:aggressive s:phase1-cipher:auto s:phase1-hash:auto s:phase2-transform:auto s:phase2-hmac:auto s:ipcomp-transform:disabled n:phase2-pfsgroup:-1 s:policy-level:auto s:policy-list-include:10.1.2.0 / 255.255.255.0 Here is what my logs on the SSG say: 2012-05-30 11:27:36 info IKE 76.16.133.168 Phase 2 msg ID 9e4d2250: Completed negotiations with SPI 4a03bafe, tunnel ID 32778, and lifetime 3600 seconds/0 KB. 2012-05-30 11:27:36 info IKE 76.16.133.168 Phase 2 msg-id 9e4d2250: Completed for user client.production.*.com. 2012-05-30 11:27:36 info IKE 76.16.133.168 Phase 2 msg ID 9e4d2250: Responded to the peer's first message from user client.production.*.com. 2012-05-30 11:27:32 info IKE 76.16.133.168: XAuth login was passed for gateway vpnclient_gateway, username Kevin, retry: 0, Client IP Addr 10.2.21.1, IPPool name: vpnclient, Session-Timeout: 0s, Idle-Timeout: 0s. 2012-05-30 11:27:32 info IKE 76.16.133.168: XAuth login was refreshed for username Kevin at 10.2.21.1/255.255.255.255. 2012-05-30 11:27:32 info Rejected an IKE packet on ethernet0/0 from 76.16.133.168:4500 to *.*.*.*:4500 with cookies 5f29476b4ec5629a and 603bfc28fcf13a2d because A Phase 2 packet arrived while XAuth was still pending. 2012-05-30 11:27:32 info IKE 76.16.133.168 Phase 1: Completed Aggressive mode negotiations with a 28800-second lifetime. 2012-05-30 11:27:32 info IKE 76.16.133.168 Phase 1: Completed for user client.production.*.com. 2012-05-30 11:27:32 info IKE<76.16.133.168> Phase 1: IKE responder has detected NAT in front of the remote device. 2012-05-30 11:27:32 info IKE<76.16.133.168> Phase 1: IKE responder has detected NAT in front of the local device. 2012-05-30 11:27:31 info IKE 76.16.133.168 Phase 1: Responder starts AGGRESSIVE mode negotiations. Here is what the Policy Log States: Date and Time: Source Address/Port: Dest Address/Port: Trans Srce/Port Service Duration Bytes sent Byte received Close Reason 2012-05-30 11:28:47 10.2.21.1:64052 10.1.2.1:53 *.*.*.*:2179 10.1.2.1:53 DNS 70 sec. 246 0 Close - AGE OUT 2012-05-30 11:28:46 10.2.21.1:53872 10.1.2.100:53 *.*.*.*:1593 10.1.2.100:53 DNS 62 sec. 164 0 Close - AGE OUT 2012-05-30 11:28:45 10.2.21.1:65484 10.1.2.1:53 *.*.*.*:1268 10.1.2.1:53 DNS 68 sec. 246 0 Close - AGE OUT 2012-05-30 11:28:45 10.2.21.1:50921 10.1.2.1:53 *.*.*.*:2788 10.1.2.1:53 DNS 68 sec. 246 0 Close - AGE OUT 2012-05-30 11:28:45 10.2.21.1:63518 10.1.2.100:53 *.*.*.*:2324 10.1.2.100:53 DNS 68 sec. 452 0 Close - AGE OUT 2012-05-30 11:28:45 10.2.21.1:58237 10.1.2.100:53 *.*.*.*:2447 10.1.2.100:53 DNS 68 sec. 452 0 Close - AGE OUT I also have a debug that I did when authenticating with the client: 12/05/24 23:56:43 ## : IKE Daemon, ver 2.1.7 12/05/24 23:56:43 ## : Copyright 2010 Shrew Soft Inc. 12/05/24 23:56:43 ## : This product linked OpenSSL 0.9.8h 28 May 2008 12/05/24 23:56:43 ii : opened 'C:\Program Files\ShrewSoft\VPN Client\debug\iked.log' 12/05/24 23:56:43 ii : opened 'C:\Program Files\ShrewSoft\VPN Client/debug/dump-ike-decrypt.cap' 12/05/24 23:56:43 ii : opened 'C:\Program Files\ShrewSoft\VPN Client/debug/dump-ike-encrypt.cap' 12/05/24 23:56:43 ii : rebuilding vnet device list ... 12/05/24 23:56:43 ii : device ROOT\VNET\0000 disabled 12/05/24 23:56:43 ii : network process thread begin ... 12/05/24 23:56:43 ii : pfkey process thread begin ... 12/05/24 23:56:43 ii : ipc server process thread begin ... 12/05/24 23:56:57 ii : ipc client process thread begin ... 12/05/24 23:56:57 <A : peer config add message 12/05/24 23:56:57 DB : peer added ( obj count = 1 ) 12/05/24 23:56:57 ii : local address 192.168.1.146 selected for peer 12/05/24 23:56:57 DB : tunnel added ( obj count = 1 ) 12/05/24 23:56:57 <A : proposal config message 12/05/24 23:56:57 <A : proposal config message 12/05/24 23:56:57 <A : client config message 12/05/24 23:56:57 <A : xauth username message 12/05/24 23:56:57 <A : xauth password message 12/05/24 23:56:57 <A : local id 'client.production.*.com' message 12/05/24 23:56:57 <A : remote id 'vpngw.production.*.com' message 12/05/24 23:56:57 <A : preshared key message 12/05/24 23:56:57 <A : remote resource message 12/05/24 23:56:57 <A : peer tunnel enable message 12/05/24 23:56:58 DB : new phase1 ( ISAKMP initiator ) 12/05/24 23:56:58 DB : exchange type is aggressive 12/05/24 23:56:58 DB : 192.168.1.146:500 <-> *.*.*.*:500 12/05/24 23:56:58 DB : 5791401bca29a9a8:0000000000000000 12/05/24 23:56:58 DB : phase1 added ( obj count = 1 ) 12/05/24 23:56:58 >> : security association payload 12/05/24 23:56:58 >> : - proposal #1 payload 12/05/24 23:56:58 >> : -- transform #1 payload 12/05/24 23:56:58 >> : -- transform #2 payload 12/05/24 23:56:58 >> : -- transform #3 payload 12/05/24 23:56:58 >> : -- transform #4 payload 12/05/24 23:56:58 >> : -- transform #5 payload 12/05/24 23:56:58 >> : -- transform #6 payload 12/05/24 23:56:58 >> : -- transform #7 payload 12/05/24 23:56:58 >> : -- transform #8 payload 12/05/24 23:56:58 >> : -- transform #9 payload 12/05/24 23:56:58 >> : -- transform #10 payload 12/05/24 23:56:58 >> : -- transform #11 payload 12/05/24 23:56:58 >> : -- transform #12 payload 12/05/24 23:56:58 >> : -- transform #13 payload 12/05/24 23:56:58 >> : -- transform #14 payload 12/05/24 23:56:58 >> : -- transform #15 payload 12/05/24 23:56:58 >> : -- transform #16 payload 12/05/24 23:56:58 >> : -- transform #17 payload 12/05/24 23:56:58 >> : -- transform #18 payload 12/05/24 23:56:58 >> : key exchange payload 12/05/24 23:56:58 >> : nonce payload 12/05/24 23:56:58 >> : identification payload 12/05/24 23:56:58 >> : vendor id payload 12/05/24 23:56:58 ii : local supports XAUTH 12/05/24 23:56:58 >> : vendor id payload 12/05/24 23:56:58 ii : local supports nat-t ( draft v00 ) 12/05/24 23:56:58 >> : vendor id payload 12/05/24 23:56:58 ii : local supports nat-t ( draft v01 ) 12/05/24 23:56:58 >> : vendor id payload 12/05/24 23:56:58 ii : local supports nat-t ( draft v02 ) 12/05/24 23:56:58 >> : vendor id payload 12/05/24 23:56:58 ii : local supports nat-t ( draft v03 ) 12/05/24 23:56:58 >> : vendor id payload 12/05/24 23:56:58 ii : local supports nat-t ( rfc ) 12/05/24 23:56:58 >> : vendor id payload 12/05/24 23:56:58 ii : local supports FRAGMENTATION 12/05/24 23:56:58 >> : vendor id payload 12/05/24 23:56:58 ii : local supports DPDv1 12/05/24 23:56:58 >> : vendor id payload 12/05/24 23:56:58 ii : local is SHREW SOFT compatible 12/05/24 23:56:58 >> : vendor id payload 12/05/24 23:56:58 ii : local is NETSCREEN compatible 12/05/24 23:56:58 >> : vendor id payload 12/05/24 23:56:58 ii : local is SIDEWINDER compatible 12/05/24 23:56:58 >> : vendor id payload 12/05/24 23:56:58 ii : local is CISCO UNITY compatible 12/05/24 23:56:58 >= : cookies 5791401bca29a9a8:0000000000000000 12/05/24 23:56:58 >= : message 00000000 12/05/24 23:56:58 -> : send IKE packet 192.168.1.146:500 -> *.*.*.*:500 ( 1202 bytes ) 12/05/24 23:56:58 DB : phase1 resend event scheduled ( ref count = 2 ) 12/05/24 23:56:58 <- : recv IKE packet *.*.*.*:500 -> 192.168.1.146:500 ( 457 bytes ) 12/05/24 23:56:58 DB : phase1 found 12/05/24 23:56:58 ii : processing phase1 packet ( 457 bytes ) 12/05/24 23:56:58 =< : cookies 5791401bca29a9a8:879667a27f584432 12/05/24 23:56:58 =< : message 00000000 12/05/24 23:56:58 << : security association payload 12/05/24 23:56:58 << : - propsal #1 payload 12/05/24 23:56:58 << : -- transform #1 payload 12/05/24 23:56:58 ii : unmatched isakmp proposal/transform 12/05/24 23:56:58 ii : key length ( 128 != 256 ) 12/05/24 23:56:58 ii : unmatched isakmp proposal/transform 12/05/24 23:56:58 ii : key length ( 128 != 256 ) 12/05/24 23:56:58 ii : unmatched isakmp proposal/transform 12/05/24 23:56:58 ii : key length ( 128 != 192 ) 12/05/24 23:56:58 ii : unmatched isakmp proposal/transform 12/05/24 23:56:58 ii : key length ( 128 != 192 ) 12/05/24 23:56:58 ii : unmatched isakmp proposal/transform 12/05/24 23:56:58 ii : hash type ( hmac-sha != hmac-md5 ) 12/05/24 23:56:58 !! : peer violates RFC, transform number mismatch ( 1 != 6 ) 12/05/24 23:56:58 ii : matched isakmp proposal #1 transform #1 12/05/24 23:56:58 ii : - transform = ike 12/05/24 23:56:58 ii : - cipher type = aes 12/05/24 23:56:58 ii : - key length = 128 bits 12/05/24 23:56:58 ii : - hash type = sha1 12/05/24 23:56:58 ii : - dh group = modp-1024 12/05/24 23:56:58 ii : - auth type = xauth-initiator-psk 12/05/24 23:56:58 ii : - life seconds = 86400 12/05/24 23:56:58 ii : - life kbytes = 0 12/05/24 23:56:58 << : vendor id payload 12/05/24 23:56:58 ii : unknown vendor id ( 28 bytes ) 12/05/24 23:56:58 0x : 1ebd0c4b 9fc0adf0 36608456 da16a987 34c6fccd 00000013 0000060a 12/05/24 23:56:58 << : vendor id payload 12/05/24 23:56:58 ii : peer supports XAUTH 12/05/24 23:56:58 << : vendor id payload 12/05/24 23:56:58 ii : peer supports DPDv1 12/05/24 23:56:58 << : vendor id payload 12/05/24 23:56:58 ii : peer supports HEARTBEAT-NOTIFY 12/05/24 23:56:58 << : key exchange payload 12/05/24 23:56:58 << : nonce payload 12/05/24 23:56:58 << : identification payload 12/05/24 23:56:58 ii : phase1 id match 12/05/24 23:56:58 ii : received = fqdn vpngw.production.*.com 12/05/24 23:56:58 << : hash payload 12/05/24 23:56:58 << : vendor id payload 12/05/24 23:56:58 ii : peer supports nat-t ( draft v02 ) 12/05/24 23:56:58 << : nat discovery payload 12/05/24 23:56:58 << : nat discovery payload 12/05/24 23:56:58 ii : nat discovery - local address is translated 12/05/24 23:56:58 ii : switching to src nat-t udp port 4500 12/05/24 23:56:58 ii : switching to dst nat-t udp port 4500 12/05/24 23:56:58 == : DH shared secret ( 128 bytes ) 12/05/24 23:56:58 == : SETKEYID ( 20 bytes ) 12/05/24 23:56:58 == : SETKEYID_d ( 20 bytes ) 12/05/24 23:56:58 == : SETKEYID_a ( 20 bytes ) 12/05/24 23:56:58 == : SETKEYID_e ( 20 bytes ) 12/05/24 23:56:58 == : cipher key ( 16 bytes ) 12/05/24 23:56:58 == : cipher iv ( 16 bytes ) 12/05/24 23:56:58 == : phase1 hash_i ( computed ) ( 20 bytes ) 12/05/24 23:56:58 >> : hash payload 12/05/24 23:56:58 >> : nat discovery payload 12/05/24 23:56:58 >> : nat discovery payload 12/05/24 23:56:58 >= : cookies 5791401bca29a9a8:879667a27f584432 12/05/24 23:56:58 >= : message 00000000 12/05/24 23:56:58 >= : encrypt iv ( 16 bytes ) 12/05/24 23:56:58 == : encrypt packet ( 100 bytes ) 12/05/24 23:56:58 == : stored iv ( 16 bytes ) 12/05/24 23:56:58 DB : phase1 resend event canceled ( ref count = 1 ) 12/05/24 23:56:58 -> : send NAT-T:IKE packet 192.168.1.146:4500 -> *.*.*.*:4500 ( 140 bytes ) 12/05/24 23:56:58 == : phase1 hash_r ( computed ) ( 20 bytes ) 12/05/24 23:56:58 == : phase1 hash_r ( received ) ( 20 bytes ) 12/05/24 23:56:58 ii : phase1 sa established 12/05/24 23:56:58 ii : *.*.*.*:4500 <-> 192.168.1.146:4500 12/05/24 23:56:58 ii : 5791401bca29a9a8:879667a27f584432 12/05/24 23:56:58 ii : sending peer INITIAL-CONTACT notification 12/05/24 23:56:58 ii : - 192.168.1.146:4500 -> *.*.*.*:4500 12/05/24 23:56:58 ii : - isakmp spi = 5791401bca29a9a8:879667a27f584432 12/05/24 23:56:58 ii : - data size 0 12/05/24 23:56:58 >> : hash payload 12/05/24 23:56:58 >> : notification payload 12/05/24 23:56:58 == : new informational hash ( 20 bytes ) 12/05/24 23:56:58 == : new informational iv ( 16 bytes ) 12/05/24 23:56:58 >= : cookies 5791401bca29a9a8:879667a27f584432 12/05/24 23:56:58 >= : message 4eb2a41a 12/05/24 23:56:58 >= : encrypt iv ( 16 bytes ) 12/05/24 23:56:58 == : encrypt packet ( 80 bytes ) 12/05/24 23:56:58 == : stored iv ( 16 bytes ) 12/05/24 23:56:58 -> : send NAT-T:IKE packet 192.168.1.146:4500 -> *.*.*.*:4500 ( 124 bytes ) 12/05/24 23:56:58 DB : phase2 not found 12/05/24 23:56:58 <- : recv NAT-T:IKE packet *.*.*.*:4500 -> 192.168.1.146:4500 ( 76 bytes ) 12/05/24 23:56:58 DB : phase1 found 12/05/24 23:56:58 ii : processing config packet ( 76 bytes ) 12/05/24 23:56:58 DB : config not found 12/05/24 23:56:58 DB : config added ( obj count = 1 ) 12/05/24 23:56:58 == : new config iv ( 16 bytes ) 12/05/24 23:56:58 =< : cookies 5791401bca29a9a8:879667a27f584432 12/05/24 23:56:58 =< : message 32afb52c 12/05/24 23:56:58 =< : decrypt iv ( 16 bytes ) 12/05/24 23:56:58 == : decrypt packet ( 76 bytes ) 12/05/24 23:56:58 <= : trimmed packet padding ( 4 bytes ) 12/05/24 23:56:58 <= : stored iv ( 16 bytes ) 12/05/24 23:56:58 << : hash payload 12/05/24 23:56:58 << : attribute payload 12/05/24 23:56:58 == : configure hash_i ( computed ) ( 20 bytes ) 12/05/24 23:56:58 == : configure hash_c ( computed ) ( 20 bytes ) 12/05/24 23:56:58 ii : configure hash verified 12/05/24 23:56:58 ii : - xauth authentication type 12/05/24 23:56:58 ii : - xauth username 12/05/24 23:56:58 ii : - xauth password 12/05/24 23:56:58 ii : received basic xauth request - 12/05/24 23:56:58 ii : - standard xauth username 12/05/24 23:56:58 ii : - standard xauth password 12/05/24 23:56:58 ii : sending xauth response for Kevin 12/05/24 23:56:58 >> : hash payload 12/05/24 23:56:58 >> : attribute payload 12/05/24 23:56:58 == : new configure hash ( 20 bytes ) 12/05/24 23:56:58 >= : cookies 5791401bca29a9a8:879667a27f584432 12/05/24 23:56:58 >= : message 32afb52c 12/05/24 23:56:58 >= : encrypt iv ( 16 bytes ) 12/05/24 23:56:58 == : encrypt packet ( 89 bytes ) 12/05/24 23:56:58 == : stored iv ( 16 bytes ) 12/05/24 23:56:58 -> : send NAT-T:IKE packet 192.168.1.146:4500 -> *.*.*.*:4500 ( 124 bytes ) 12/05/24 23:56:58 DB : config resend event scheduled ( ref count = 2 ) 12/05/24 23:56:58 <- : recv NAT-T:IKE packet *.*.*.*:4500 -> 192.168.1.146:4500 ( 124 bytes ) 12/05/24 23:56:58 DB : phase1 found 12/05/24 23:56:58 ii : processing config packet ( 124 bytes ) 12/05/24 23:56:58 DB : config found 12/05/24 23:56:58 == : new config iv ( 16 bytes ) 12/05/24 23:56:58 =< : cookies 5791401bca29a9a8:879667a27f584432 12/05/24 23:56:58 =< : message 62380327 12/05/24 23:56:58 =< : decrypt iv ( 16 bytes ) 12/05/24 23:56:58 == : decrypt packet ( 124 bytes ) 12/05/24 23:56:58 <= : trimmed packet padding ( 16 bytes ) 12/05/24 23:56:58 <= : stored iv ( 16 bytes ) 12/05/24 23:56:58 << : hash payload 12/05/24 23:56:58 << : attribute payload 12/05/24 23:56:58 == : configure hash_i ( computed ) ( 20 bytes ) 12/05/24 23:56:58 == : configure hash_c ( computed ) ( 20 bytes ) 12/05/24 23:56:58 ii : configure hash verified 12/05/24 23:56:58 ii : received config push request 12/05/24 23:56:58 ii : - IP4 Address = 10.2.21.1 12/05/24 23:56:58 ii : - IP4 Netmask = 255.255.255.255 12/05/24 23:56:58 ii : - IP4 DNS Server = 10.1.2.1 12/05/24 23:56:58 ii : - IP4 DNS Server = 10.1.2.100 12/05/24 23:56:58 ii : - IP4 WINS Server = 10.1.2.1 12/05/24 23:56:58 ii : - IP4 WINS Server = 10.1.2.100 12/05/24 23:56:58 ii : building config attribute list 12/05/24 23:56:58 ii : - IP4 Address 12/05/24 23:56:58 ii : - Address Expiry 12/05/24 23:56:58 ii : - IP4 Netamask 12/05/24 23:56:58 ii : - IP4 DNS Server 12/05/24 23:56:58 ii : - IP4 WINS Server 12/05/24 23:56:58 ii : sending config push acknowledge 12/05/24 23:56:58 >> : hash payload 12/05/24 23:56:58 >> : attribute payload 12/05/24 23:56:58 == : new configure hash ( 20 bytes ) 12/05/24 23:56:58 >= : cookies 5791401bca29a9a8:879667a27f584432 12/05/24 23:56:58 >= : message 62380327 12/05/24 23:56:58 >= : encrypt iv ( 16 bytes ) 12/05/24 23:56:58 == : encrypt packet ( 80 bytes ) 12/05/24 23:56:58 == : stored iv ( 16 bytes ) 12/05/24 23:56:58 DB : config resend event canceled ( ref count = 1 ) 12/05/24 23:56:58 -> : send NAT-T:IKE packet 192.168.1.146:4500 -> *.*.*.*:4500 ( 124 bytes ) 12/05/24 23:56:58 DB : config resend event scheduled ( ref count = 2 ) 12/05/24 23:56:58 <- : recv NAT-T:IKE packet *.*.*.*:4500 -> 192.168.1.146:4500 ( 76 bytes ) 12/05/24 23:56:58 DB : phase1 found 12/05/24 23:56:58 ii : processing config packet ( 76 bytes ) 12/05/24 23:56:58 DB : config found 12/05/24 23:56:58 == : new config iv ( 16 bytes ) 12/05/24 23:56:58 =< : cookies 5791401bca29a9a8:879667a27f584432 12/05/24 23:56:58 =< : message 7bb641a3 12/05/24 23:56:58 =< : decrypt iv ( 16 bytes ) 12/05/24 23:56:58 == : decrypt packet ( 76 bytes ) 12/05/24 23:56:58 <= : trimmed packet padding ( 12 bytes ) 12/05/24 23:56:58 <= : stored iv ( 16 bytes ) 12/05/24 23:56:58 << : hash payload 12/05/24 23:56:58 << : attribute payload 12/05/24 23:56:58 == : configure hash_i ( computed ) ( 20 bytes ) 12/05/24 23:56:58 == : configure hash_c ( computed ) ( 20 bytes ) 12/05/24 23:56:58 ii : configure hash verified 12/05/24 23:56:58 ii : received xauth result - 12/05/24 23:56:58 ii : user Kevin authentication succeeded 12/05/24 23:56:58 ii : sending xauth acknowledge 12/05/24 23:56:58 >> : hash payload 12/05/24 23:56:58 >> : attribute payload 12/05/24 23:56:58 == : new configure hash ( 20 bytes ) 12/05/24 23:56:58 >= : cookies 5791401bca29a9a8:879667a27f584432 12/05/24 23:56:58 >= : message 7bb641a3 12/05/24 23:56:58 >= : encrypt iv ( 16 bytes ) 12/05/24 23:56:58 == : encrypt packet ( 60 bytes ) 12/05/24 23:56:58 == : stored iv ( 16 bytes ) 12/05/24 23:56:58 DB : config resend event canceled ( ref count = 1 ) 12/05/24 23:56:58 -> : send NAT-T:IKE packet 192.168.1.146:4500 -> *.*.*.*:4500 ( 92 bytes ) 12/05/24 23:56:58 DB : config resend event scheduled ( ref count = 2 ) 12/05/24 23:56:58 DB : config resend event canceled ( ref count = 1 ) 12/05/24 23:56:58 ii : enabled adapter ROOT\VNET\0000 12/05/24 23:56:58 ii : apapter ROOT\VNET\0000 MTU is 1500 12/05/24 23:56:58 ii : generating IPSEC security policies at UNIQUE level 12/05/24 23:56:58 ii : creating NONE INBOUND policy ANY:*.*.*.*:* -> ANY:192.168.1.146:* 12/05/24 23:56:58 DB : policy added ( obj count = 1 ) 12/05/24 23:56:58 K> : send pfkey X_SPDADD UNSPEC message 12/05/24 23:56:58 ii : creating NONE OUTBOUND policy ANY:192.168.1.146:* -> ANY:*.*.*.*:* 12/05/24 23:56:58 K< : recv pfkey X_SPDADD UNSPEC message 12/05/24 23:56:58 DB : policy found 12/05/24 23:56:58 ii : created NONE policy route for *.*.*.*/32 12/05/24 23:56:58 DB : policy added ( obj count = 2 ) 12/05/24 23:56:58 K> : send pfkey X_SPDADD UNSPEC message 12/05/24 23:56:58 K< : recv pfkey X_SPDADD UNSPEC message 12/05/24 23:56:58 DB : policy found 12/05/24 23:56:58 ii : creating NONE INBOUND policy ANY:192.168.1.1:* -> ANY:10.2.21.1:* 12/05/24 23:56:58 DB : policy added ( obj count = 3 ) 12/05/24 23:56:58 K> : send pfkey X_SPDADD UNSPEC message 12/05/24 23:56:58 ii : creating NONE OUTBOUND policy ANY:10.2.21.1:* -> ANY:192.168.1.1:* 12/05/24 23:56:58 K< : recv pfkey X_SPDADD UNSPEC message 12/05/24 23:56:58 DB : policy found 12/05/24 23:56:58 ii : created NONE policy route for 192.168.1.1/32 12/05/24 23:56:58 DB : policy added ( obj count = 4 ) 12/05/24 23:56:58 K> : send pfkey X_SPDADD UNSPEC message 12/05/24 23:56:58 ii : creating IPSEC INBOUND policy ANY:10.1.2.0/24:* -> ANY:10.2.21.1:* 12/05/24 23:56:58 DB : policy added ( obj count = 5 ) 12/05/24 23:56:58 K> : send pfkey X_SPDADD UNSPEC message 12/05/24 23:56:58 K< : recv pfkey X_SPDADD UNSPEC message 12/05/24 23:56:58 ii : creating IPSEC OUTBOUND policy ANY:10.2.21.1:* -> ANY:10.1.2.0/24:* 12/05/24 23:56:58 DB : policy found 12/05/24 23:56:58 K< : recv pfkey X_SPDADD UNSPEC message 12/05/24 23:56:58 DB : policy found 12/05/24 23:56:58 ii : created IPSEC policy route for 10.1.2.0/24 12/05/24 23:56:58 DB : policy added ( obj count = 6 ) 12/05/24 23:56:58 K> : send pfkey X_SPDADD UNSPEC message 12/05/24 23:56:58 ii : split DNS bypassed ( no split domains defined ) 12/05/24 23:56:58 K< : recv pfkey X_SPDADD UNSPEC message 12/05/24 23:56:58 DB : policy found 12/05/24 23:57:01 K< : recv pfkey ACQUIRE UNSPEC message 12/05/24 23:57:01 DB : policy found 12/05/24 23:57:01 DB : policy found 12/05/24 23:57:01 DB : tunnel found 12/05/24 23:57:01 DB : new phase2 ( IPSEC initiator ) 12/05/24 23:57:01 DB : phase2 added ( obj count = 1 ) 12/05/24 23:57:01 K> : send pfkey GETSPI ESP message 12/05/24 23:57:01 K< : recv pfkey GETSPI ESP message 12/05/24 23:57:01 DB : phase2 found 12/05/24 23:57:01 ii : updated spi for 1 ipsec-esp proposal 12/05/24 23:57:01 DB : phase1 found 12/05/24 23:57:01 >> : hash payload 12/05/24 23:57:01 >> : security association payload 12/05/24 23:57:01 >> : - proposal #1 payload 12/05/24 23:57:01 >> : -- transform #1 payload 12/05/24 23:57:01 >> : -- transform #2 payload 12/05/24 23:57:01 >> : -- transform #3 payload 12/05/24 23:57:01 >> : -- transform #4 payload 12/05/24 23:57:01 >> : -- transform #5 payload 12/05/24 23:57:01 >> : -- transform #6 payload 12/05/24 23:57:01 >> : -- transform #7 payload 12/05/24 23:57:01 >> : -- transform #8 payload 12/05/24 23:57:01 >> : -- transform #9 payload 12/05/24 23:57:01 >> : -- transform #10 payload 12/05/24 23:57:01 >> : -- transform #11 payload 12/05/24 23:57:01 >> : -- transform #12 payload 12/05/24 23:57:01 >> : -- transform #13 payload 12/05/24 23:57:01 >> : -- transform #14 payload 12/05/24 23:57:01 >> : -- transform #15 payload 12/05/24 23:57:01 >> : -- transform #16 payload 12/05/24 23:57:01 >> : -- transform #17 payload 12/05/24 23:57:01 >> : -- transform #18 payload 12/05/24 23:57:01 >> : nonce payload 12/05/24 23:57:01 >> : identification payload 12/05/24 23:57:01 >> : identification payload 12/05/24 23:57:01 == : phase2 hash_i ( input ) ( 632 bytes ) 12/05/24 23:57:01 == : phase2 hash_i ( computed ) ( 20 bytes ) 12/05/24 23:57:01 == : new phase2 iv ( 16 bytes ) 12/05/24 23:57:01 >= : cookies 5791401bca29a9a8:879667a27f584432 12/05/24 23:57:01 >= : message 018a997c 12/05/24 23:57:01 >= : encrypt iv ( 16 bytes ) 12/05/24 23:57:01 == : encrypt packet ( 680 bytes ) 12/05/24 23:57:01 == : stored iv ( 16 bytes ) 12/05/24 23:57:01 -> : send NAT-T:IKE packet 192.168.1.146:4500 -> *.*.*.*:4500 ( 716 bytes ) 12/05/24 23:57:01 DB : phase2 resend event scheduled ( ref count = 2 ) 12/05/24 23:57:01 <- : recv NAT-T:IKE packet *.*.*.*:4500 -> 192.168.1.146:4500 ( 172 bytes ) 12/05/24 23:57:01 DB : phase1 found 12/05/24 23:57:01 ii : processing phase2 packet ( 172 bytes ) 12/05/24 23:57:01 DB : phase2 found 12/05/24 23:57:01 =< : cookies 5791401bca29a9a8:879667a27f584432 12/05/24 23:57:01 =< : message 018a997c 12/05/24 23:57:01 =< : decrypt iv ( 16 bytes ) 12/05/24 23:57:01 == : decrypt packet ( 172 bytes ) 12/05/24 23:57:01 <= : trimmed packet padding ( 12 bytes ) 12/05/24 23:57:01 <= : stored iv ( 16 bytes ) 12/05/24 23:57:01 << : hash payload 12/05/24 23:57:01 << : security association payload 12/05/24 23:57:01 << : - propsal #1 payload 12/05/24 23:57:01 << : -- transform #1 payload 12/05/24 23:57:01 << : nonce payload 12/05/24 23:57:01 << : identification payload 12/05/24 23:57:01 << : identification payload 12/05/24 23:57:01 == : phase2 hash_r ( input ) ( 132 bytes ) 12/05/24 23:57:01 == : phase2 hash_r ( computed ) ( 20 bytes ) 12/05/24 23:57:01 == : phase2 hash_r ( received ) ( 20 bytes ) 12/05/24 23:57:01 ii : unmatched ipsec-esp proposal/transform 12/05/24 23:57:01 ii : key length ( 128 != 256 ) 12/05/24 23:57:01 ii : unmatched ipsec-esp proposal/transform 12/05/24 23:57:01 ii : key length ( 128 != 256 ) 12/05/24 23:57:01 ii : unmatched ipsec-esp proposal/transform 12/05/24 23:57:01 ii : key length ( 128 != 192 ) 12/05/24 23:57:01 ii : unmatched ipsec-esp proposal/transform 12/05/24 23:57:01 ii : key length ( 128 != 192 ) 12/05/24 23:57:01 !! : peer violates RFC, transform number mismatch ( 1 != 5 ) 12/05/24 23:57:01 ii : matched ipsec-esp proposal #1 transform #5 12/05/24 23:57:01 ii : - transform = esp-aes 12/05/24 23:57:01 ii : - key length = 128 bits 12/05/24 23:57:01 ii : - encap mode = udp-tunnel ( draft ) 12/05/24 23:57:01 ii : - msg auth = hmac-md5 12/05/24 23:57:01 ii : - pfs dh group = none 12/05/24 23:57:01 ii : - life seconds = 3600 12/05/24 23:57:01 ii : - life kbytes = 0 12/05/24 23:57:01 DB : policy found 12/05/24 23:57:01 K> : send pfkey GETSPI ESP message 12/05/24 23:57:01 ii : phase2 ids accepted 12/05/24 23:57:01 ii : - loc ANY:10.2.21.1:* -> ANY:10.1.2.0/24:* 12/05/24 23:57:01 ii : - rmt ANY:10.1.2.0/24:* -> ANY:10.2.21.1:* 12/05/24 23:57:01 K< : recv pfkey GETSPI ESP message 12/05/24 23:57:01 DB : phase2 found 12/05/24 23:57:01 ii : phase2 sa established 12/05/24 23:57:01 ii : 192.168.1.146:4500 <-> *.*.*.*:4500 12/05/24 23:57:01 == : phase2 hash_p ( input ) ( 45 bytes ) 12/05/24 23:57:01 == : phase2 hash_p ( computed ) ( 20 bytes ) 12/05/24 23:57:01 >> : hash payload 12/05/24 23:57:01 >= : cookies 5791401bca29a9a8:879667a27f584432 12/05/24 23:57:01 >= : message 018a997c 12/05/24 23:57:01 >= : encrypt iv ( 16 bytes ) 12/05/24 23:57:01 == : encrypt packet ( 52 bytes ) 12/05/24 23:57:01 == : stored iv ( 16 bytes ) 12/05/24 23:57:01 DB : phase2 resend event canceled ( ref count = 1 ) 12/05/24 23:57:01 -> : send NAT-T:IKE packet 192.168.1.146:4500 -> *.*.*.*:4500 ( 92 bytes ) 12/05/24 23:57:01 == : spi cipher key data ( 16 bytes ) 12/05/24 23:57:01 == : spi hmac key data ( 16 bytes ) 12/05/24 23:57:01 K> : send pfkey UPDATE ESP message 12/05/24 23:57:01 K< : recv pfkey UPDATE ESP message 12/05/24 23:57:01 == : spi cipher key data ( 16 bytes ) 12/05/24 23:57:01 == : spi hmac key data ( 16 bytes ) 12/05/24 23:57:01 K> : send pfkey UPDATE ESP message 12/05/24 23:57:01 K< : recv pfkey UPDATE ESP message 12/05/24 23:57:12 <A : peer tunnel disable message 12/05/24 23:57:12 DB : policy found 12/05/24 23:57:12 ii : removing IPSEC INBOUND policy ANY:10.1.2.0/24:* -> ANY:10.2.21.1:* 12/05/24 23:57:12 K> : send pfkey X_SPDDELETE2 UNSPEC message 12/05/24 23:57:12 DB : policy found 12/05/24 23:57:12 ii : removing IPSEC OUTBOUND policy ANY:10.2.21.1:* -> ANY:10.1.2.0/24:* 12/05/24 23:57:12 K> : send pfkey X_SPDDELETE2 UNSPEC message 12/05/24 23:57:12 K< : recv pfkey X_SPDDELETE2 UNSPEC message 12/05/24 23:57:12 ii : removed IPSEC policy route for ANY:10.1.2.0/24:* 12/05/24 23:57:12 DB : policy found 12/05/24 23:57:12 ii : removing NONE INBOUND policy ANY:*.*.*.*:* -> ANY:192.168.1.146:* 12/05/24 23:57:12 K> : send pfkey X_SPDDELETE2 UNSPEC message 12/05/24 23:57:12 DB : policy found 12/05/24 23:57:12 ii : removing NONE OUTBOUND policy ANY:192.168.1.146:* -> ANY:*.*.*.*:* 12/05/24 23:57:12 K> : send pfkey X_SPDDELETE2 UNSPEC message 12/05/24 23:57:12 ii : removed NONE policy route for ANY:*.*.*.*:* 12/05/24 23:57:12 DB : policy found 12/05/24 23:57:12 ii : removing NONE INBOUND policy ANY:192.168.1.1:* -> ANY:10.2.21.1:* 12/05/24 23:57:12 K> : send pfkey X_SPDDELETE2 UNSPEC message 12/05/24 23:57:12 DB : policy found 12/05/24 23:57:12 ii : removing NONE OUTBOUND policy ANY:10.2.21.1:* -> ANY:192.168.1.1:* 12/05/24 23:57:12 K> : send pfkey X_SPDDELETE2 UNSPEC message 12/05/24 23:57:12 ii : removed NONE policy route for ANY:192.168.1.1:* 12/05/24 23:57:12 DB : policy found 12/05/24 23:57:12 DB : policy deleted ( obj count = 5 ) 12/05/24 23:57:12 K< : recv pfkey X_SPDDELETE2 UNSPEC message 12/05/24 23:57:12 DB : policy found 12/05/24 23:57:12 DB : policy deleted ( obj count = 4 ) 12/05/24 23:57:12 K< : recv pfkey X_SPDDELETE2 UNSPEC message 12/05/24 23:57:12 DB : policy found 12/05/24 23:57:12 DB : policy deleted ( obj count = 3 ) 12/05/24 23:57:12 K< : recv pfkey X_SPDDELETE2 UNSPEC message 12/05/24 23:57:12 DB : policy found 12/05/24 23:57:12 DB : policy deleted ( obj count = 2 ) 12/05/24 23:57:12 K< : recv pfkey X_SPDDELETE2 UNSPEC message 12/05/24 23:57:12 DB : policy found 12/05/24 23:57:12 DB : policy deleted ( obj count = 1 ) 12/05/24 23:57:12 K< : recv pfkey X_SPDDELETE2 UNSPEC message 12/05/24 23:57:12 DB : policy found 12/05/24 23:57:12 DB : policy deleted ( obj count = 0 ) 12/05/24 23:57:12 ii : disable adapter ROOT\VNET\0000 12/05/24 23:57:12 DB : tunnel dpd event canceled ( ref count = 6 ) 12/05/24 23:57:12 DB : tunnel natt event canceled ( ref count = 5 ) 12/05/24 23:57:12 DB : tunnel stats event canceled ( ref count = 4 ) 12/05/24 23:57:12 DB : removing tunnel config references 12/05/24 23:57:12 DB : config deleted ( obj count = 0 ) 12/05/24 23:57:12 DB : removing tunnel phase2 references 12/05/24 23:57:12 DB : phase2 soft event canceled ( ref count = 2 ) 12/05/24 23:57:12 DB : phase2 hard event canceled ( ref count = 1 ) 12/05/24 23:57:12 DB : phase1 found 12/05/24 23:57:12 ii : sending peer DELETE message 12/05/24 23:57:12 ii : - 192.168.1.146:4500 -> *.*.*.*:4500 12/05/24 23:57:12 ii : - ipsec-esp spi = 0xcb66c637 12/05/24 23:57:12 ii : - data size 0 12/05/24 23:57:12 >> : hash payload 12/05/24 23:57:12 >> : delete payload 12/05/24 23:57:12 == : new informational hash ( 20 bytes ) 12/05/24 23:57:12 == : new informational iv ( 16 bytes ) 12/05/24 23:57:12 >= : cookies 5791401bca29a9a8:879667a27f584432 12/05/24 23:57:12 >= : message dd8b56d7 12/05/24 23:57:12 >= : encrypt iv ( 16 bytes ) 12/05/24 23:57:12 == : encrypt packet ( 68 bytes ) 12/05/24 23:57:12 == : stored iv ( 16 bytes ) 12/05/24 23:57:12 -> : send NAT-T:IKE packet 192.168.1.146:4500 -> *.*.*.*:4500 ( 108 bytes ) 12/05/24 23:57:12 K> : send pfkey DELETE ESP message 12/05/24 23:57:12 K> : send pfkey DELETE ESP message 12/05/24 23:57:12 ii : phase2 removal before expire time 12/05/24 23:57:12 DB : phase2 deleted ( obj count = 0 ) 12/05/24 23:57:12 DB : removing tunnel phase1 references 12/05/24 23:57:12 DB : phase1 soft event canceled ( ref count = 3 ) 12/05/24 23:57:12 DB : phase1 hard event canceled ( ref count = 2 ) 12/05/24 23:57:12 DB : phase1 dead event canceled ( ref count = 1 ) 12/05/24 23:57:12 ii : sending peer DELETE message 12/05/24 23:57:12 ii : - 192.168.1.146:4500 -> *.*.*.*:4500 12/05/24 23:57:12 ii : - isakmp spi = 5791401bca29a9a8:879667a27f584432 12/05/24 23:57:12 ii : - data size 0 12/05/24 23:57:12 >> : hash payload 12/05/24 23:57:12 >> : delete payload 12/05/24 23:57:12 == : new informational hash ( 20 bytes ) 12/05/24 23:57:12 == : new informational iv ( 16 bytes ) 12/05/24 23:57:12 >= : cookies 5791401bca29a9a8:879667a27f584432 12/05/24 23:57:12 >= : message 6dbea7fa 12/05/24 23:57:12 >= : encrypt iv ( 16 bytes ) 12/05/24 23:57:12 == : encrypt packet ( 80 bytes ) 12/05/24 23:57:12 == : stored iv ( 16 bytes ) 12/05/24 23:57:12 -> : send NAT-T:IKE packet 192.168.1.146:4500 -> *.*.*.*:4500 ( 124 bytes ) 12/05/24 23:57:12 ii : phase1 removal before expire time 12/05/24 23:57:12 DB : phase1 deleted ( obj count = 0 ) 12/05/24 23:57:12 DB : tunnel deleted ( obj count = 0 ) 12/05/24 23:57:12 DB : removing all peer tunnel refrences 12/05/24 23:57:12 DB : peer deleted ( obj count = 0 ) 12/05/24 23:57:12 ii : ipc client process thread exit ... 12/05/24 23:57:12 K< : recv pfkey DELETE ESP message 12/05/24 23:57:12 K< : recv pfkey DELETE ESP message 12/05/24 23:57:16 ii : halt signal received, shutting down 12/05/24 23:57:16 ii : pfkey process thread exit ... 12/05/24 23:57:16 ii : ipc server process thread exit ... Any help would be greatly appreciated! Kevin _______________________________________________ vpn-help mailing list vpn-help@lists.shrew.net http://lists.shrew.net/mailman/listinfo/vpn-help
