Globalprotect IPSec crypto

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Globalprotect IPSec crypto

L4 Transporter

A couple of questions 

1. Is the IPSec crypto for global protect completely separate for the IPSec crypto option that you find lower down in the list on the firewall?

2. Is the Globalprotect IPSec crypto still used when x-auth is turned on?

2 REPLIES 2

L3 Networker

Hi Mate, 

 

someone may correct me, but looking at the logs.. 

 

1. yes different things altogether.. ones for the gp ones for site to sites.

2. yes. Even though they are two different connection methods they end up negotiating and establishing tunnels based on the crypto settings in the gp profile. 

 

 

 

 

Screen Shot 2017-11-21 at 01.04.26.png

 

tail end of the xauth auth, ends up with same crypto, 

 

 

 

 

 

Screen Shot 2017-11-21 at 01.09.02.png

 

xauth connecting below.. 

 

2017-11-21 00:02:46.171 +0000  [INFO]: {1000001:     }: GP gateway gwGP-N domain  user robert (e35a0e6d71847f22394aafbce8751a44) from 10.10.20.102 login rtn 1 lifetime 3600
2017-11-21 00:02:46.172 +0000  [DEBG]: {1000001:     }: sending command to sw.rasmgr.sslvpn.client_config:
<request><gp-ike>
	<client-config>
		<portal>gwGP-N</portal>
		<protocol-version>IKE</protocol-version>
		<app-version>Cisco Systems VPN Client</app-version>
		<client-os-version>iPhone OS:11.1.2</client-os-version>
		<client-type>4</client-type>
		<user>robert</user>
		<authcookie>e35a0e6d71847f22394aafbce8751a44</authcookie>
	</client-config>
</gp-ike></request>
2017-11-21 00:02:46.178 +0000  [DEBG]: {1000001:     }: response:

	<response status="success">
		<need-tunnel>yes</need-tunnel>
		<ssl-tunnel-url>/ssl-tunnel-connect.sslvpn</ssl-tunnel-url>
		<portal>gwGP-N</portal>
		<user>robert</user>
		<lifetime>2592000</lifetime>
		<timeout>10800</timeout>
		<disconnect-on-idle>10800</disconnect-on-idle>
		<bw-c2s>1000</bw-c2s>
		<bw-s2c>1000</bw-s2c>
		<gw-address>10.10.24.1</gw-address>
		<ip-address>10.10.30.124</ip-address>
		<netmask>255.255.255.255</netmask>
		<dns>
			<member>10.10.30.1</member>
		</dns> 
		<wins>
		</wins> 
		<dns-suffix>
		</dns-suffix> 
		<default-gateway>10.10.30.124</default-gateway>
		<mtu>0</mtu>
		<no-direct-access-to-local-network>no</no-direct-access-to-local-network>
		<access-routes>
			<member>0.0.0.0/0</member>
		</access-routes> 
		<exclude-access-routes>
		</exclude-access-routes> 
	</response>

2017-11-21 00:02:46.178 +0000  [DEBG]: {1000001:     }: Attribute INTERNAL_IP4_ADDRESS, len 0
2017-11-21 00:02:46.178 +0000  [DEBG]: {1000001:     }: Attribute INTERNAL_IP4_NETMASK, len 0
2017-11-21 00:02:46.178 +0000  [DEBG]: {1000001:     }: Attribute INTERNAL_IP4_DNS, len 0
2017-11-21 00:02:46.178 +0000  [DEBG]: {1000001:     }: Attribute INTERNAL_IP4_NBNS, len 0
2017-11-21 00:02:46.178 +0000  [DEBG]: {1000001:     }: Attribute INTERNAL_ADDRESS_EXPIRY, len 0
2017-11-21 00:02:46.178 +0000  [PWRN]: {1000001:     }: Ignored attribute INTERNAL_ADDRESS_EXPIRY
2017-11-21 00:02:46.178 +0000  [DEBG]: {1000001:     }: Attribute APPLICATION_VERSION, len 41
2017-11-21 00:02:46.184 +0000  [DEBG]: {1000001:     }: Attribute UNITY_BANNER, len 0
2017-11-21 00:02:46.184 +0000  [DEBG]: {1000001:     }: Attribute UNITY_DEF_DOMAIN, len 0
2017-11-21 00:02:46.184 +0000  [DEBG]: {1000001:     }: Attribute UNITY_SPLITDNS_NAME, len 0
2017-11-21 00:02:46.184 +0000  [DEBG]: {1000001:     }: Attribute UNITY_SPLIT_INCLUDE, len 0
2017-11-21 00:02:46.184 +0000  [DEBG]: {1000001:     }: Attribute UNITY_LOCAL_LAN, len 0
2017-11-21 00:02:46.184 +0000  [DEBG]: {1000001:     }: Attribute UNITY_PFS, len 0
2017-11-21 00:02:46.184 +0000  [DEBG]: {1000001:     }: Attribute UNITY_SAVE_PASSWD, len 0
2017-11-21 00:02:46.184 +0000  [DEBG]: {1000001:     }: Attribute UNITY_FW_TYPE, len 0
2017-11-21 00:02:46.184 +0000  [DEBG]: {1000001:     }: Ignored attribute 28680
2017-11-21 00:02:46.184 +0000  [DEBG]: {1000001:     }: Attribute UNITY_BACKUP_SERVERS, len 0
2017-11-21 00:02:46.184 +0000  [DEBG]: {1000001:     }: Ignored attribute 28681
2017-11-21 00:02:46.184 +0000  [DEBG]: {1000001:     }: Attribute UNITY_BROWSER_PROXY, len 0
2017-11-21 00:02:46.184 +0000  [PWRN]: {1000001:     }: Ignored attribute UNITY_BROWSER_PROXY
2017-11-21 00:02:46.184 +0000  [DEBG]: {1000001:     }: Sending MODE_CFG REPLY
2017-11-21 00:02:46.184 +0000  [DEBG]: {1000001:     }: HASH with:
2017-11-21 00:02:46.184 +0000  [DUMP]: 
9c0b18a7 00000042 02007b4e 00010004 0a0a1e7c 00020004 ffffffff 00030004
0a0a1e01 0007000c 50414e4f 5320382e 302e3600 70020001 00700300 0100f007
0000f001 0001
2017-11-21 00:02:46.184 +0000  [DEBG]: {1000001:     }: hmac(hmac_sha2_256)
2017-11-21 00:02:46.184 +0000  [DEBG]: {1000001:     }: HASH computed:
2017-11-21 00:02:46.184 +0000  [DUMP]: 
67fb16c7 848ce6e0 8d881049 62d59001 4ea8261a bace29cd 02198679 c2827cf9
2017-11-21 00:02:46.184 +0000  [DEBG]: {1000001:     }: MODE_CFG packet to send
2017-11-21 00:02:46.185 +0000  [DUMP]: 
fca4e2f2 4fbe4aff f665c10c b7f08135 08100601 9c0b18a7 00000082 0e000024
67fb16c7 848ce6e0 8d881049 62d59001 4ea8261a bace29cd 02198679 c2827cf9
00000042 02007b4e 00010004 0a0a1e7c 00020004 ffffffff 00030004 0a0a1e01
0007000c 50414e4f 5320382e 302e3600 70020001 00700300 0100f007 0000f001
0001
2017-11-21 00:02:46.185 +0000  [DEBG]: {1000001:     }: begin encryption.
2017-11-21 00:02:46.185 +0000  [DEBG]: {1000001:     }: encryption(aes)
2017-11-21 00:02:46.185 +0000  [DEBG]: {1000001:     }: pad length = 10
2017-11-21 00:02:46.185 +0000  [DUMP]: 
0e000024 67fb16c7 848ce6e0 8d881049 62d59001 4ea8261a bace29cd 02198679
c2827cf9 00000042 02007b4e 00010004 0a0a1e7c 00020004 ffffffff 00030004
0a0a1e01 0007000c 50414e4f 5320382e 302e3600 70020001 00700300 0100f007
0000f001 00016051 70389164 418fee0a
2017-11-21 00:02:46.185 +0000  [DEBG]: {1000001:     }: encryption(aes)
2017-11-21 00:02:46.185 +0000  [DEBG]: {1000001:     }: with key:
2017-11-21 00:02:46.185 +0000  [DUMP]: 
543cccd5 9075082b 1ce7154a b097db71 90265b2e 50b3b942 ccef9915 774d713c
2017-11-21 00:02:46.185 +0000  [DEBG]: {1000001:     }: encrypted payload by IV:
2017-11-21 00:02:46.185 +0000  [DUMP]: 
029e9573 b2faa51b da217b95 cb294d56
2017-11-21 00:02:46.185 +0000  [DEBG]: {1000001:     }: save IV for next:
2017-11-21 00:02:46.185 +0000  [DUMP]: 
0a712906 a5ecfd7f 50ee98e3 4deb62f2
2017-11-21 00:02:46.185 +0000  [DEBG]: {1000001:     }: encrypted.
2017-11-21 00:02:46.185 +0000  [DEBG]: {1000001:     }: 140 bytes from 10.10.24.1[500] to 10.10.20.102[500]
2017-11-21 00:02:46.185 +0000  [DEBG]: 10.10.24.1[500] - 10.10.20.102[500]:(nil) 1 times of 140 bytes message will be sent over socket 1024
2017-11-21 00:02:46.185 +0000  [DUMP]: 
fca4e2f2 4fbe4aff f665c10c b7f08135 08100601 9c0b18a7 0000008c 463a70d7
a94c56f3 299659fa 0bf8d264 f8305d18 0b2f967c da909f8f 02597871 e637f64b
e47741f1 11161d56 fd5f356f bd7f8ecd 8d13b64e 22e98212 ffe8a760 204bb82d
f45f69f1 374dcc8b 58a2f57c 28ccf90d b87b82ee 242948bd a41adcfb 0a712906
a5ecfd7f 50ee98e3 4deb62f2
2017-11-21 00:02:46.185 +0000  [DEBG]: {1000001:     }: sendto mode config attr.
2017-11-21 00:02:46.186 +0000  [INFO]: disconnect user 3de1921f4221df0a329ac77d400d27a5
2017-11-21 00:02:46.186 +0000  [DEBG]: {     :    1}: Deleting a Ph2... status 9
2017-11-21 00:02:46.186 +0000  [DEBG]: {1000001:     }: compute IV for phase2
2017-11-21 00:02:46.186 +0000  [DEBG]: {1000001:     }: phase1 last IV:
2017-11-21 00:02:46.186 +0000  [DUMP]: 
aef80e89 e8afa82f fa697c21 539ec9a6 65239de7
2017-11-21 00:02:46.186 +0000  [DEBG]: hash(sha256)
2017-11-21 00:02:46.186 +0000  [DEBG]: {1000001:     }: encryption(aes)
2017-11-21 00:02:46.186 +0000  [DEBG]: {1000001:     }: phase2 IV computed:
2017-11-21 00:02:46.186 +0000  [DUMP]: 
9aab1f2b 746d1600 bc0db927 3f1872d2
2017-11-21 00:02:46.186 +0000  [DEBG]: {1000001:     }: HASH with:
2017-11-21 00:02:46.186 +0000  [DUMP]: 
65239de7 00000010 00000001 03040001 9a5beaf1
2017-11-21 00:02:46.186 +0000  [DEBG]: {1000001:     }: hmac(hmac_sha2_256)
2017-11-21 00:02:46.186 +0000  [DEBG]: {1000001:     }: HASH computed:
2017-11-21 00:02:46.186 +0000  [DUMP]: 
dbfd8088 56f13bff 955052c3 3cf989ee 1bb921ef 94dac02f dae75331 4a961824
2017-11-21 00:02:46.186 +0000  [DEBG]: {1000001:     }: begin encryption.
2017-11-21 00:02:46.186 +0000  [DEBG]: {1000001:     }: encryption(aes)
2017-11-21 00:02:46.186 +0000  [DEBG]: {1000001:     }: pad length = 12
2017-11-21 00:02:46.187 +0000  [DUMP]: 
0c000024 dbfd8088 56f13bff 955052c3 3cf989ee 1bb921ef 94dac02f dae75331
4a961824 00000010 00000001 03040001 9a5beaf1 fcd8c41a 59ba2f37 2bc9d00c
2017-11-21 00:02:46.187 +0000  [DEBG]: {1000001:     }: encryption(aes)
2017-11-21 00:02:46.187 +0000  [DEBG]: {1000001:     }: with key:
2017-11-21 00:02:46.187 +0000  [DUMP]: 
543cccd5 9075082b 1ce7154a b097db71 90265b2e 50b3b942 ccef9915 774d713c
2017-11-21 00:02:46.187 +0000  [DEBG]: {1000001:     }: encrypted payload by IV:
2017-11-21 00:02:46.187 +0000  [DUMP]: 
9aab1f2b 746d1600 bc0db927 3f1872d2
2017-11-21 00:02:46.187 +0000  [DEBG]: {1000001:     }: save IV for next:
2017-11-21 00:02:46.187 +0000  [DUMP]: 
963049c1 6ac1343f 948d2ba4 84f412e0
2017-11-21 00:02:46.187 +0000  [DEBG]: {1000001:     }: encrypted.
2017-11-21 00:02:46.187 +0000  [DEBG]: {1000001:     }: 92 bytes from 10.10.24.1[500] to 10.10.20.102[500]
2017-11-21 00:02:46.187 +0000  [DEBG]: 10.10.24.1[500] - 10.10.20.102[500]:(nil) 1 times of 92 bytes message will be sent over socket 1024
2017-11-21 00:02:46.187 +0000  [DUMP]: 
fca4e2f2 4fbe4aff f665c10c b7f08135 08100501 65239de7 0000005c 4439031e
97a40663 d527a407 36368038 04c2dbe6 b43e8425 81b77b00 86b13c2c f2dc4eba
014a0e82 b82cde10 6f43b469 963049c1 6ac1343f 948d2ba4 84f412e0
2017-11-21 00:02:46.187 +0000  [DEBG]: {1000001:     }: sendto Information delete.
2017-11-21 00:02:46.188 +0000  [DEBG]: IV freed
2017-11-21 00:02:46.189 +0000  [DUMP]: {     :    1}: proto 3 spi 0x9a5beaf1
2017-11-21 00:02:46.189 +0000  [PNTF]: {     :    1}: ====> IPSEC KEY DELETED <====
                                                      ====> Deleted SA: 10.10.24.1[500]-10.10.20.102[500] SPI:0x9A5BEAF1/0x09B5AE88 <====
2017-11-21 00:02:46.190 +0000  [INFO]: {1684353:    1}: SADB_DELETE proto=0 src=10.10.24.1[500] dst=10.10.20.102[500] ESP spi=0x9A5BEAF1
2017-11-21 00:02:46.192 +0000  [DEBG]: IV freed
2017-11-21 00:02:46.215 +0000  [DEBG]: processing isakmp packet
2017-11-21 00:02:46.215 +0000  [DEBG]: ===
2017-11-21 00:02:46.215 +0000  [DEBG]: 300 bytes message received from 10.10.20.102[500]
2017-11-21 00:02:46.215 +0000  [DUMP]: 
fca4e2f2 4fbe4aff f665c10c b7f08135 08102001 ce87ce19 0000012c 57024d36
9ec5e4d2 bd057efa ff35197d d6816e58 fc5f2e3d e2ba72f1 57a8e910 8c80aa51
3db9eac3 722fcaad 60871c9b cd10c7de ff252e05 d9823bc4 728ba9a5 8074ee5c
1fbd0de1 47ff4f2f 4526d541 18f3fe6f ca907f1a f2f81118 ea7df3df 30c90457
b6b735dd 08adebcd 4711e34a a7047f1c 20c51536 82d35ba9 59d17a18 cfff66a6
2f676621 c2411009 f6fe5bfd db5bbe0d 95861a1d 53bae714 7fcf491e 7834f120
3ffe2cf4 53fbb54a 38bc9e67 d2ca6dd6 e82d38b9 b7f05040 b065b1a3 2254181e
466102ff 054bd23a 7f516421 333964dd c2dc8830 1230809b 0a689d60 e6f2e001
11d0c3f7 4c7ef2fd c88e7312 2158817b e258dea2 028b4c53 ea8ae976 cb071bef
51f820c7 4fcc473b 538a4459
2017-11-21 00:02:46.215 +0000  [DEBG]: chk packet 3b4c30e7:20 size   300, rcp 2, NF rc 0
2017-11-21 00:02:46.215 +0000  [DEBG]: {1000001:     }: compute IV for phase2
2017-11-21 00:02:46.216 +0000  [DEBG]: {1000001:     }: phase1 last IV:
2017-11-21 00:02:46.216 +0000  [DUMP]: 
aef80e89 e8afa82f fa697c21 539ec9a6 ce87ce19
2017-11-21 00:02:46.216 +0000  [DEBG]: hash(sha256)
2017-11-21 00:02:46.216 +0000  [DEBG]: {1000001:     }: encryption(aes)
2017-11-21 00:02:46.216 +0000  [DEBG]: {1000001:     }: phase2 IV computed:
2017-11-21 00:02:46.216 +0000  [DUMP]: 
217e0ba1 0d3374ec 053ab2cf 4d443ebe
2017-11-21 00:02:46.216 +0000  [PNTF]: {1000001:     }: ====> PHASE-2 NEGOTIATION STARTED AS RESPONDER, (QUICK MODE) <====
                                                      ====> Initiated SA: 10.10.24.1[500]-10.10.20.102[500] message id:0xCE87CE19 <====
2017-11-21 00:02:46.217 +0000  [DEBG]: {1000001:     }: begin decryption.
2017-11-21 00:02:46.217 +0000  [DEBG]: {1000001:     }: encryption(aes)
2017-11-21 00:02:46.217 +0000  [DEBG]: {1000001:     }: IV was saved for next processing:
2017-11-21 00:02:46.217 +0000  [DUMP]: 
cb071bef 51f820c7 4fcc473b 538a4459
2017-11-21 00:02:46.217 +0000  [DEBG]: {1000001:     }: encryption(aes)
2017-11-21 00:02:46.217 +0000  [DEBG]: {1000001:     }: with key:
2017-11-21 00:02:46.217 +0000  [DUMP]: 
543cccd5 9075082b 1ce7154a b097db71 90265b2e 50b3b942 ccef9915 774d713c
2017-11-21 00:02:46.217 +0000  [DEBG]: {1000001:     }: decrypted payload by IV:
2017-11-21 00:02:46.217 +0000  [DUMP]: 
217e0ba1 0d3374ec 053ab2cf 4d443ebe
2017-11-21 00:02:46.217 +0000  [DEBG]: {1000001:     }: decrypted payload, but not trimed.
2017-11-21 00:02:46.218 +0000  [DUMP]: 
01000024 7981bc4b 75f4a9f2 e804f3e9 5e1df1a0 ceaeab8c b2f6ccca 462489bb
26455f24 0a0000b8 00000001 00000001 000000ac 01030406 066f0787 0300001c
010c0000 80010001 80020e10 80040001 80060100 80050002 0300001c 020c0000
80010001 80020e10 80040001 80060100 80050001 0300001c 030c0000 80010001
80020e10 80040001 80060080 80050002 0300001c 040c0000 80010001 80020e10
80040001 80060080 80050001 03000018 05030000 80010001 80020e10 80040001
80050002 00000018 06030000 80010001 80020e10 80040001 80050001 05000014
f1f5ff8a 93f0d284 188b4f4e dd15e61c 0500000c 01000000 0a0a1e7c 00000010
04000000 00000000 00000000 00000004
2017-11-21 00:02:46.218 +0000  [DEBG]: {1000001:     }: padding len=4
2017-11-21 00:02:46.218 +0000  [DEBG]: {1000001:     }: decrypted.
2017-11-21 00:02:46.218 +0000  [DUMP]: 
fca4e2f2 4fbe4aff f665c10c b7f08135 08102001 ce87ce19 0000012c 01000024
7981bc4b 75f4a9f2 e804f3e9 5e1df1a0 ceaeab8c b2f6ccca 462489bb 26455f24
0a0000b8 00000001 00000001 000000ac 01030406 066f0787 0300001c 010c0000
80010001 80020e10 80040001 80060100 80050002 0300001c 020c0000 80010001
80020e10 80040001 80060100 80050001 0300001c 030c0000 80010001 80020e10
80040001 80060080 80050002 0300001c 040c0000 80010001 80020e10 80040001
80060080 80050001 03000018 05030000 80010001 80020e10 80040001 80050002
00000018 06030000 80010001 80020e10 80040001 80050001 05000014 f1f5ff8a
93f0d284 188b4f4e dd15e61c 0500000c 01000000 0a0a1e7c 00000010 04000000
00000000 00000000 00000004
2017-11-21 00:02:46.218 +0000  [DEBG]: {1000001:     }: begin.
2017-11-21 00:02:46.218 +0000  [DEBG]: {1000001:     }: seen nptype=8(hash)
2017-11-21 00:02:46.218 +0000  [DEBG]: {1000001:     }: seen nptype=1(sa)
2017-11-21 00:02:46.218 +0000  [DEBG]: {1000001:     }: seen nptype=10(nonce)
2017-11-21 00:02:46.218 +0000  [DEBG]: {1000001:     }: seen nptype=5(id)
2017-11-21 00:02:46.218 +0000  [DEBG]: {1000001:     }: seen nptype=5(id)
2017-11-21 00:02:46.218 +0000  [DEBG]: {1000001:     }: succeed.
2017-11-21 00:02:46.218 +0000  [DEBG]: {1000001:     }: received IDci2:
2017-11-21 00:02:46.218 +0000  [DUMP]: 
01000000 0a0a1e7c
2017-11-21 00:02:46.218 +0000  [DEBG]: {1000001:     }: received IDcr2:
2017-11-21 00:02:46.218 +0000  [DUMP]: 
04000000 00000000 00000000
2017-11-21 00:02:46.218 +0000  [DEBG]: {1000001:     }: HASH(1) validate:
2017-11-21 00:02:46.218 +0000  [DUMP]: 
7981bc4b 75f4a9f2 e804f3e9 5e1df1a0 ceaeab8c b2f6ccca 462489bb 26455f24
2017-11-21 00:02:46.218 +0000  [DEBG]: {1000001:     }: HASH with:
2017-11-21 00:02:46.219 +0000  [DUMP]: 
ce87ce19 0a0000b8 00000001 00000001 000000ac 01030406 066f0787 0300001c
010c0000 80010001 80020e10 80040001 80060100 80050002 0300001c 020c0000
80010001 80020e10 80040001 80060100 80050001 0300001c 030c0000 80010001
80020e10 80040001 80060080 80050002 0300001c 040c0000 80010001 80020e10
80040001 80060080 80050001 03000018 05030000 80010001 80020e10 80040001
80050002 00000018 06030000 80010001 80020e10 80040001 80050001 05000014
f1f5ff8a 93f0d284 188b4f4e dd15e61c 0500000c 01000000 0a0a1e7c 00000010
04000000 00000000 00000000
2017-11-21 00:02:46.219 +0000  [DEBG]: {1000001:     }: hmac(hmac_sha2_256)
2017-11-21 00:02:46.219 +0000  [DEBG]: {1000001:     }: HASH computed:
2017-11-21 00:02:46.219 +0000  [DUMP]: 
7981bc4b 75f4a9f2 e804f3e9 5e1df1a0 ceaeab8c b2f6ccca 462489bb 26455f24
2017-11-21 00:02:46.219 +0000  [DEBG]: encryption(3des)
2017-11-21 00:02:46.219 +0000  [DEBG]: encryption(3des)
2017-11-21 00:02:46.219 +0000  [DEBG]: encryption(3des)
2017-11-21 00:02:46.219 +0000  [DEBG]: {     :    1}: total SA len=180
2017-11-21 00:02:46.219 +0000  [DUMP]: 
00000001 00000001 000000ac 01030406 066f0787 0300001c 010c0000 80010001
80020e10 80040001 80060100 80050002 0300001c 020c0000 80010001 80020e10
80040001 80060100 80050001 0300001c 030c0000 80010001 80020e10 80040001
80060080 80050002 0300001c 040c0000 80010001 80020e10 80040001 80060080
80050001 03000018 05030000 80010001 80020e10 80040001 80050002 00000018
06030000 80010001 80020e10 80040001 80050001
2017-11-21 00:02:46.219 +0000  [DEBG]: begin.
2017-11-21 00:02:46.219 +0000  [DEBG]: seen nptype=2(prop)
2017-11-21 00:02:46.219 +0000  [DEBG]: succeed.
2017-11-21 00:02:46.219 +0000  [DEBG]: {     :    1}: proposal #1 len=172
2017-11-21 00:02:46.219 +0000  [DEBG]: begin.
2017-11-21 00:02:46.219 +0000  [DEBG]: seen nptype=3(trns)
2017-11-21 00:02:46.219 +0000  [DEBG]: seen nptype=3(trns)
2017-11-21 00:02:46.219 +0000  [DEBG]: seen nptype=3(trns)
2017-11-21 00:02:46.219 +0000  [DEBG]: seen nptype=3(trns)
2017-11-21 00:02:46.219 +0000  [DEBG]: seen nptype=3(trns)
2017-11-21 00:02:46.219 +0000  [DEBG]: seen nptype=3(trns)
2017-11-21 00:02:46.219 +0000  [DEBG]: succeed.
2017-11-21 00:02:46.219 +0000  [DEBG]: {     :    1}: transform #1 len=28
2017-11-21 00:02:46.219 +0000  [DEBG]: {     :    1}: type=SA Life Type, flag=0x8000, lorv=seconds
2017-11-21 00:02:46.219 +0000  [DEBG]: {     :    1}: type=SA Life Duration, flag=0x8000, lorv=3600
2017-11-21 00:02:46.219 +0000  [DEBG]: {     :    1}: life duration was in TLV.
2017-11-21 00:02:46.219 +0000  [DEBG]: {     :    1}: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2017-11-21 00:02:46.219 +0000  [DEBG]: {     :    1}: type=Key Length, flag=0x8000, lorv=256
2017-11-21 00:02:46.219 +0000  [DEBG]: {     :    1}: type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha
2017-11-21 00:02:46.219 +0000  [DEBG]: {     :    1}: transform #2 len=28
2017-11-21 00:02:46.219 +0000  [DEBG]: {     :    1}: type=SA Life Type, flag=0x8000, lorv=seconds
2017-11-21 00:02:46.219 +0000  [DEBG]: {     :    1}: type=SA Life Duration, flag=0x8000, lorv=3600
2017-11-21 00:02:46.219 +0000  [DEBG]: {     :    1}: life duration was in TLV.
2017-11-21 00:02:46.219 +0000  [DEBG]: {     :    1}: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: type=Key Length, flag=0x8000, lorv=256
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: transform #3 len=28
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: type=SA Life Type, flag=0x8000, lorv=seconds
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: type=SA Life Duration, flag=0x8000, lorv=3600
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: life duration was in TLV.
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: type=Key Length, flag=0x8000, lorv=128
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: transform #4 len=28
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: type=SA Life Type, flag=0x8000, lorv=seconds
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: type=SA Life Duration, flag=0x8000, lorv=3600
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: life duration was in TLV.
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: type=Key Length, flag=0x8000, lorv=128
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: transform #5 len=24
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: type=SA Life Type, flag=0x8000, lorv=seconds
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: type=SA Life Duration, flag=0x8000, lorv=3600
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: life duration was in TLV.
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: transform #6 len=24
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: type=SA Life Type, flag=0x8000, lorv=seconds
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: type=SA Life Duration, flag=0x8000, lorv=3600
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: life duration was in TLV.
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: pair 1:
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}:  0xffdc000ba0: next=(nil) tnext=0xffdc003cd0
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}:   0xffdc003cd0: next=(nil) tnext=0xffdc003d00
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}:    0xffdc003d00: next=(nil) tnext=0xffdc003df0
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}:     0xffdc003df0: next=(nil) tnext=0xffdc003e20
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}:      0xffdc003e20: next=(nil) tnext=0xffdc003e50
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}:       0xffdc003e50: next=(nil) tnext=(nil)
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: proposal #1: 6 transform
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: begin compare proposals.
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: pair[1]: 0xffdc000ba0
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}:  0xffdc000ba0: next=(nil) tnext=0xffdc003cd0
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}:   0xffdc003cd0: next=(nil) tnext=0xffdc003d00
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}:    0xffdc003d00: next=(nil) tnext=0xffdc003df0
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}:     0xffdc003df0: next=(nil) tnext=0xffdc003e20
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}:      0xffdc003e20: next=(nil) tnext=0xffdc003e50
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}:       0xffdc003e50: next=(nil) tnext=(nil)
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=1 trns-id=AES
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: type=SA Life Type, flag=0x8000, lorv=seconds
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: type=SA Life Duration, flag=0x8000, lorv=3600
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: lifetime 3600 seconds
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: type=Key Length, flag=0x8000, lorv=256
2017-11-21 00:02:46.220 +0000  [DEBG]: {     :    1}: type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=2 trns-id=AES
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: type=SA Life Type, flag=0x8000, lorv=seconds
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: type=SA Life Duration, flag=0x8000, lorv=3600
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: lifetime 3600 seconds
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: type=Key Length, flag=0x8000, lorv=256
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=3 trns-id=AES
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: type=SA Life Type, flag=0x8000, lorv=seconds
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: type=SA Life Duration, flag=0x8000, lorv=3600
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: lifetime 3600 seconds
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: type=Key Length, flag=0x8000, lorv=128
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=4 trns-id=AES
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: type=SA Life Type, flag=0x8000, lorv=seconds
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: type=SA Life Duration, flag=0x8000, lorv=3600
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: lifetime 3600 seconds
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: type=Key Length, flag=0x8000, lorv=128
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=5 trns-id=3DES
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: type=SA Life Type, flag=0x8000, lorv=seconds
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: type=SA Life Duration, flag=0x8000, lorv=3600
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: lifetime 3600 seconds
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=6 trns-id=3DES
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: type=SA Life Type, flag=0x8000, lorv=seconds
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: type=SA Life Duration, flag=0x8000, lorv=3600
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: lifetime 3600 seconds
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: peer's single bundle:
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}:  (proto_id=ESP spisize=4 spi=066f0787 spi_p=00000000 encmode=Tunnel reqid=0:0)
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}:   (trns_id=AES encklen=256 authtype=hmac-sha)
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}:   (trns_id=AES encklen=256 authtype=hmac-md5)
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}:   (trns_id=AES encklen=128 authtype=hmac-sha)
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}:   (trns_id=AES encklen=128 authtype=hmac-md5)
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}:   (trns_id=3DES encklen=0 authtype=hmac-sha)
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}:   (trns_id=3DES encklen=0 authtype=hmac-md5)
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}: my single bundle:
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}:  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}:   (trns_id=AES encklen=256 authtype=hmac-sha512)
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}:   (trns_id=AES encklen=128 authtype=hmac-sha512)
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}:   (trns_id=3DES encklen=192 authtype=hmac-sha512)
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}:   (trns_id=3DES encklen=0 authtype=hmac-sha512)
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}:   (trns_id=AES encklen=256 authtype=hmac-sha256)
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}:   (trns_id=AES encklen=128 authtype=hmac-sha256)
2017-11-21 00:02:46.221 +0000  [DEBG]: {     :    1}:   (trns_id=3DES encklen=192 authtype=hmac-sha256)
2017-11-21 00:02:46.222 +0000  [DEBG]: {     :    1}:   (trns_id=3DES encklen=0 authtype=hmac-sha256)
2017-11-21 00:02:46.222 +0000  [DEBG]: {     :    1}:   (trns_id=AES encklen=256 authtype=hmac-sha)
2017-11-21 00:02:46.222 +0000  [DEBG]: {     :    1}:   (trns_id=AES encklen=128 authtype=hmac-sha)
2017-11-21 00:02:46.222 +0000  [DEBG]: {     :    1}:   (trns_id=3DES encklen=192 authtype=hmac-sha)
2017-11-21 00:02:46.222 +0000  [DEBG]: {     :    1}:   (trns_id=3DES encklen=0 authtype=hmac-sha)
2017-11-21 00:02:46.222 +0000  [DEBG]: {1000001:     }: authtype mismatched: my:hmac-sha512 peer:hmac-sha
2017-11-21 00:02:46.222 +0000  [DEBG]: {1000001:     }: authtype mismatched: my:hmac-sha512 peer:hmac-sha
2017-11-21 00:02:46.222 +0000  [DEBG]: {1000001:     }: trns_id mismatched: my:3DES peer:AES
2017-11-21 00:02:46.222 +0000  [DEBG]: {1000001:     }: trns_id mismatched: my:3DES peer:AES
2017-11-21 00:02:46.222 +0000  [DEBG]: {1000001:     }: authtype mismatched: my:hmac-sha256 peer:hmac-sha
2017-11-21 00:02:46.222 +0000  [DEBG]: {1000001:     }: authtype mismatched: my:hmac-sha256 peer:hmac-sha
2017-11-21 00:02:46.222 +0000  [DEBG]: {1000001:     }: trns_id mismatched: my:3DES peer:AES
2017-11-21 00:02:46.222 +0000  [DEBG]: {1000001:     }: trns_id mismatched: my:3DES peer:AES
2017-11-21 00:02:46.222 +0000  [DEBG]: {     :    1}: matched
2017-11-21 00:02:46.222 +0000  [DEBG]: {     :    1}: ===
2017-11-21 00:02:46.222 +0000  [DEBG]: {1000001:    1}: pfkey getspi sent.
2017-11-21 00:02:46.222 +0000  [DEBG]: {     :    1}: call pfkey_send_getspi
2017-11-21 00:02:46.222 +0000  [DUMP]: sadb_getspi: seq=2, satype=141
2017-11-21 00:02:46.222 +0000  [DUMP]: sadb_getspi_callback: seq=2, spi=0xA884ECD1, satype=141, sa_src=0.0.0.0[500], sa_dst=10.10.24.1[500]
2017-11-21 00:02:46.222 +0000  [DEBG]: {     :    1}: pfkey GETSPI succeeded: ESP/Tunnel 10.10.20.102[500]->10.10.24.1[500] spi=2827283665(0xa884ecd1)
2017-11-21 00:02:46.222 +0000  [DEBG]: {     :    1}: total SA len=48
2017-11-21 00:02:46.222 +0000  [DUMP]: 
00000001 00000001 00000028 01030401 00000000 0000001c 010c0000 80010001
80020e10 80040001 80060100 80050002
2017-11-21 00:02:46.222 +0000  [DEBG]: begin.
2017-11-21 00:02:46.222 +0000  [DEBG]: seen nptype=2(prop)
2017-11-21 00:02:46.222 +0000  [DEBG]: succeed.
2017-11-21 00:02:46.222 +0000  [DEBG]: {     :    1}: proposal #1 len=40
2017-11-21 00:02:46.222 +0000  [DEBG]: begin.
2017-11-21 00:02:46.222 +0000  [DEBG]: seen nptype=3(trns)
2017-11-21 00:02:46.222 +0000  [DEBG]: succeed.
2017-11-21 00:02:46.222 +0000  [DEBG]: {     :    1}: transform #1 len=28
2017-11-21 00:02:46.222 +0000  [DEBG]: {     :    1}: type=SA Life Type, flag=0x8000, lorv=seconds
2017-11-21 00:02:46.222 +0000  [DEBG]: {     :    1}: type=SA Life Duration, flag=0x8000, lorv=3600
2017-11-21 00:02:46.222 +0000  [DEBG]: {     :    1}: life duration was in TLV.
2017-11-21 00:02:46.222 +0000  [DEBG]: {     :    1}: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2017-11-21 00:02:46.222 +0000  [DEBG]: {     :    1}: type=Key Length, flag=0x8000, lorv=256
2017-11-21 00:02:46.222 +0000  [DEBG]: {     :    1}: type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha
2017-11-21 00:02:46.222 +0000  [DEBG]: {     :    1}: pair 1:
2017-11-21 00:02:46.222 +0000  [DEBG]: {     :    1}:  0xffdc000f10: next=(nil) tnext=(nil)
2017-11-21 00:02:46.222 +0000  [DEBG]: {     :    1}: proposal #1: 1 transform
2017-11-21 00:02:46.222 +0000  [DEBG]: {1000001:    1}: add payload of len 48, next type 10(nonce)
2017-11-21 00:02:46.222 +0000  [DEBG]: {1000001:    1}: add payload of len 16, next type 5(id)
2017-11-21 00:02:46.222 +0000  [DEBG]: {1000001:    1}: add payload of len 8, next type 5(id)
2017-11-21 00:02:46.222 +0000  [DEBG]: {1000001:    1}: add payload of len 12, next type 0(none)
2017-11-21 00:02:46.222 +0000  [DEBG]: {1000001:     }: HASH with:
2017-11-21 00:02:46.223 +0000  [DUMP]: 
ce87ce19 f1f5ff8a 93f0d284 188b4f4e dd15e61c 0a000034 00000001 00000001
00000028 01030401 a884ecd1 0000001c 010c0000 80010001 80020e10 80040001
80060100 80050002 05000014 0b4b7d18 4c77efb5 43fbb3ef 82c5efb5 0500000c
01000000 0a0a1e7c 00000010 04000000 00000000 00000000
2017-11-21 00:02:46.223 +0000  [DEBG]: {1000001:     }: hmac(hmac_sha2_256)
2017-11-21 00:02:46.223 +0000  [DEBG]: {1000001:     }: HASH computed:
2017-11-21 00:02:46.223 +0000  [DUMP]: 
9ced2010 4eefd36c e2a48ee8 1cf5e012 75a7056b ec9538f1 3fb88e00 2aeb43e9
2017-11-21 00:02:46.223 +0000  [DEBG]: {1000001:    1}: add payload of len 32, next type 1(sa)
2017-11-21 00:02:46.223 +0000  [DEBG]: {1000001:     }: begin encryption.
2017-11-21 00:02:46.223 +0000  [DEBG]: {1000001:     }: encryption(aes)
2017-11-21 00:02:46.223 +0000  [DEBG]: {1000001:     }: pad length = 8
2017-11-21 00:02:46.223 +0000  [DUMP]: 
01000024 9ced2010 4eefd36c e2a48ee8 1cf5e012 75a7056b ec9538f1 3fb88e00
2aeb43e9 0a000034 00000001 00000001 00000028 01030401 a884ecd1 0000001c
010c0000 80010001 80020e10 80040001 80060100 80050002 05000014 0b4b7d18
4c77efb5 43fbb3ef 82c5efb5 0500000c 01000000 0a0a1e7c 00000010 04000000
00000000 00000000 312d042a 34a62208
2017-11-21 00:02:46.223 +0000  [DEBG]: {1000001:     }: encryption(aes)
2017-11-21 00:02:46.223 +0000  [DEBG]: {1000001:     }: with key:
2017-11-21 00:02:46.223 +0000  [DUMP]: 
543cccd5 9075082b 1ce7154a b097db71 90265b2e 50b3b942 ccef9915 774d713c
2017-11-21 00:02:46.223 +0000  [DEBG]: {1000001:     }: encrypted payload by IV:
2017-11-21 00:02:46.223 +0000  [DUMP]: 
cb071bef 51f820c7 4fcc473b 538a4459
2017-11-21 00:02:46.223 +0000  [DEBG]: {1000001:     }: save IV for next:
2017-11-21 00:02:46.223 +0000  [DUMP]: 
a220b9c9 9c6e63ca 2b6b382c 97b16e83
2017-11-21 00:02:46.223 +0000  [DEBG]: {1000001:     }: encrypted.
2017-11-21 00:02:46.223 +0000  [DEBG]: {     :    1}: resend phase2 packet fca4e2f24fbe4aff:f665c10cb7f08135:CE87CE19
2017-11-21 00:02:46.223 +0000  [DEBG]: {1000001:     }: 172 bytes from 10.10.24.1[500] to 10.10.20.102[500]
2017-11-21 00:02:46.223 +0000  [DEBG]: 10.10.24.1[500] - 10.10.20.102[500]:(nil) 1 times of 172 bytes message will be sent over socket 1024
2017-11-21 00:02:46.224 +0000  [DUMP]: 
fca4e2f2 4fbe4aff f665c10c b7f08135 08102001 ce87ce19 000000ac a2273b6a
6c2f5e9e 9dc8df4d a0a0fc31 1805791e ba96a061 422cabcc 07f03fdf 16245843
56280160 ed6015b4 9ac2387b 5d98e93e 9006c31e a0ac1e5b d18bf3f8 0e7f3cee
a8ea80c0 79a7113c d1c739c1 c49f348c 468fbdc0 c68195e7 cc650c0d e117e8ec
9532eaa1 1422f9a9 283ebbb6 c189faba 1dbe3efa 9c9db794 4da6c7b6 a220b9c9
9c6e63ca 2b6b382c 97b16e83
2017-11-21 00:02:46.224 +0000  [DEBG]: {1000001:    1}: add packet 3b4c30e7:20 size   300, rcp 3
2017-11-21 00:02:46.224 +0000  [DEBG]: {     :    1}: pfkey GETSPI sent: ESP/Tunnel 0.0.0.0[500]->10.10.24.1[500] 
2017-11-21 00:02:46.227 +0000  [DEBG]: processing isakmp packet
2017-11-21 00:02:46.227 +0000  [DEBG]: ===
2017-11-21 00:02:46.227 +0000  [DEBG]: 76 bytes message received from 10.10.20.102[500]
2017-11-21 00:02:46.227 +0000  [DUMP]: 
fca4e2f2 4fbe4aff f665c10c b7f08135 08102001 ce87ce19 0000004c 7b4bbf7c
574ec50b 6aa647f2 b11910cd dcb155c7 4d01ad01 df87c8d0 a3ee5221 d59d34b8
deef8b2c b3532766 a0450a87
2017-11-21 00:02:46.228 +0000  [DEBG]: chk packet 8a9b4f9f:20 size    76, rcp 3, NF rc 0
2017-11-21 00:02:46.228 +0000  [DEBG]: {1000001:     }: begin decryption.
2017-11-21 00:02:46.228 +0000  [DEBG]: {1000001:     }: encryption(aes)
2017-11-21 00:02:46.228 +0000  [DEBG]: {1000001:     }: IV was saved for next processing:
2017-11-21 00:02:46.228 +0000  [DUMP]: 
d59d34b8 deef8b2c b3532766 a0450a87
2017-11-21 00:02:46.228 +0000  [DEBG]: {1000001:     }: encryption(aes)
2017-11-21 00:02:46.228 +0000  [DEBG]: {1000001:     }: with key:
2017-11-21 00:02:46.228 +0000  [DUMP]: 
543cccd5 9075082b 1ce7154a b097db71 90265b2e 50b3b942 ccef9915 774d713c
2017-11-21 00:02:46.228 +0000  [DEBG]: {1000001:     }: decrypted payload by IV:
2017-11-21 00:02:46.228 +0000  [DUMP]: 
a220b9c9 9c6e63ca 2b6b382c 97b16e83
2017-11-21 00:02:46.228 +0000  [DEBG]: {1000001:     }: decrypted payload, but not trimed.
2017-11-21 00:02:46.228 +0000  [DUMP]: 
00000024 1233462e 70e2d790 3893ed6c aae44872 1a2c5c9d 96b00d52 acdab609
b1d668be 00000000 00000000 0000000c
2017-11-21 00:02:46.228 +0000  [DEBG]: {1000001:     }: padding len=12
2017-11-21 00:02:46.228 +0000  [DEBG]: {1000001:     }: decrypted.
2017-11-21 00:02:46.228 +0000  [DUMP]: 
fca4e2f2 4fbe4aff f665c10c b7f08135 08102001 ce87ce19 0000004c 00000024
1233462e 70e2d790 3893ed6c aae44872 1a2c5c9d 96b00d52 acdab609 b1d668be
00000000 00000000 0000000c
2017-11-21 00:02:46.228 +0000  [DEBG]: {1000001:     }: begin.
2017-11-21 00:02:46.228 +0000  [DEBG]: {1000001:     }: seen nptype=8(hash)
2017-11-21 00:02:46.228 +0000  [DEBG]: {1000001:     }: succeed.
2017-11-21 00:02:46.228 +0000  [DEBG]: {1000001:    1}: HASH(3) validate:
2017-11-21 00:02:46.228 +0000  [DUMP]: 
1233462e 70e2d790 3893ed6c aae44872 1a2c5c9d 96b00d52 acdab609 b1d668be
2017-11-21 00:02:46.228 +0000  [DEBG]: {1000001:     }: HASH with:
2017-11-21 00:02:46.228 +0000  [DUMP]: 
00ce87ce 19f1f5ff 8a93f0d2 84188b4f 4edd15e6 1c0b4b7d 184c77ef b543fbb3
ef82c5ef b5
2017-11-21 00:02:46.228 +0000  [DEBG]: {1000001:     }: hmac(hmac_sha2_256)
2017-11-21 00:02:46.228 +0000  [DEBG]: {1000001:     }: HASH computed:
2017-11-21 00:02:46.228 +0000  [DUMP]: 
1233462e 70e2d790 3893ed6c aae44872 1a2c5c9d 96b00d52 acdab609 b1d668be
2017-11-21 00:02:46.228 +0000  [DEBG]: {1000001:    1}: add packet 8a9b4f9f:20 size    76, rcp 4
2017-11-21 00:02:46.228 +0000  [DEBG]: {     :    1}: ===
2017-11-21 00:02:46.228 +0000  [DEBG]: {1000001:    1}: KEYMAT compute with
2017-11-21 00:02:46.229 +0000  [DUMP]: 
03a884ec d1f1f5ff 8a93f0d2 84188b4f 4edd15e6 1c0b4b7d 184c77ef b543fbb3
ef82c5ef b5
2017-11-21 00:02:46.229 +0000  [DEBG]: {1000001:     }: hmac(hmac_sha2_256)
2017-11-21 00:02:46.229 +0000  [DEBG]: encryption(aes)
2017-11-21 00:02:46.229 +0000  [DEBG]: {1000001:    1}: encklen=256 authklen=160
2017-11-21 00:02:46.229 +0000  [DEBG]: {1000001:    1}: generating 768 bits of key (dupkeymat=3)
2017-11-21 00:02:46.229 +0000  [DEBG]: {1000001:    1}: generating K1...K3 for KEYMAT.
2017-11-21 00:02:46.229 +0000  [DEBG]: {1000001:     }: hmac(hmac_sha2_256)
2017-11-21 00:02:46.229 +0000  [DEBG]: {1000001:     }: hmac(hmac_sha2_256)
2017-11-21 00:02:46.229 +0000  [DUMP]: 
453db98a c7124fd1 91c627c2 ca66f436 c936a07b 3bb3a77b e082f1fa 08228332
7e10bc8d e99ef469 bfa96328 bb370e0b 97c203da e054ca84 c9148a60 d838f723
e7883c3c 79ffea97 43585e3c fcaac860 fac926cc f5bb7792 4073ce07 78a57d2b
2017-11-21 00:02:46.229 +0000  [DEBG]: {1000001:    1}: KEYMAT compute with
2017-11-21 00:02:46.229 +0000  [DUMP]: 
03066f07 87f1f5ff 8a93f0d2 84188b4f 4edd15e6 1c0b4b7d 184c77ef b543fbb3
ef82c5ef b5
2017-11-21 00:02:46.229 +0000  [DEBG]: {1000001:     }: hmac(hmac_sha2_256)
2017-11-21 00:02:46.229 +0000  [DEBG]: encryption(aes)
2017-11-21 00:02:46.229 +0000  [DEBG]: {1000001:    1}: encklen=256 authklen=160
2017-11-21 00:02:46.229 +0000  [DEBG]: {1000001:    1}: generating 768 bits of key (dupkeymat=3)
2017-11-21 00:02:46.229 +0000  [DEBG]: {1000001:    1}: generating K1...K3 for KEYMAT.
2017-11-21 00:02:46.229 +0000  [DEBG]: {1000001:     }: hmac(hmac_sha2_256)
2017-11-21 00:02:46.229 +0000  [DEBG]: {1000001:     }: hmac(hmac_sha2_256)
2017-11-21 00:02:46.229 +0000  [DUMP]: 
f7385777 d6854db1 939601f9 2f271288 5f64f0e2 b7fff356 f7eb62c4 79ab11b0
34ea816e ebbc13d8 209f4e1c 941c1e66 66d25ea8 2525017f 55eb4551 dd37ad40
df8c0902 8dcf8aa4 bce53a45 72e9de9a 35d71467 2afe0572 939c10be 22934ec6
2017-11-21 00:02:46.229 +0000  [DEBG]: {     :    1}: KEYMAT computed.
2017-11-21 00:02:46.229 +0000  [PNTF]: {     :    1}: ====> PHASE-2 NEGOTIATION SUCCEEDED AS RESPONDER, (QUICK MODE) <====
                                                      ====> Established SA: 10.10.24.1[500]-10.10.20.102[500] message id:0xCE87CE19, SPI:0xA884ECD1/0x066F0787 <====
2017-11-21 00:02:46.231 +0000  [DEBG]: {1000001:    1}: call pk_sendupdate
2017-11-21 00:02:46.231 +0000  [DEBG]: encryption(aes)
2017-11-21 00:02:46.231 +0000  [INFO]: {1000001:    1}: pfkey update: ESP/Tunnel 10.10.20.102[500]->10.10.24.1[500] spi=2827283665(0xa884ecd1); client ip 10.10.30.124
2017-11-21 00:02:46.231 +0000  [INFO]: {1000001:    1}: SADB_UPDATE proto=255 10.10.20.102[500]=>10.10.24.1[500] ESP tunl spi 0xA884ECD1 auth=SHA1 enc=AES256/32 lifetime soft 3600/0 hard 3600/0
2017-11-21 00:02:46.231 +0000  [DUMP]: sadb_update: seq=2, ul_proto=255 sa_src=10.10.20.102[500]/0, sa_dst=10.10.24.1[500]/0, satype=141 (ESP), spi=0xA884ECD1, wsize=4, authtype=40 (SHA1), enctype=17 (AES256), saflags=0x0, samode=137 (tunl), reqid=0, lifetime hard time 3600, bytes 0, lifetime soft time 3600, bytes 0, enckey len=32 [453db98ac7124fd191c627c2ca66f436c936a07b3bb3a77be082f1fa08228332], authkey len=20 [7e10bc8de99ef469bfa96328bb370e0b97c203da]
2017-11-21 00:02:46.231 +0000  [DEBG]: {1000001:    1}: pfkey update sent.
2017-11-21 00:02:46.231 +0000  [DEBG]: encryption(aes)
2017-11-21 00:02:46.231 +0000  [INFO]: {1000001:    1}: SADB_ADD proto=255 10.10.24.1[500]=>10.10.20.102[500] ESP tunl spi 0x066F0787 auth=SHA1 enc=AES256/32 lifetime soft 2962/0 hard 3600/0

 

 

 

good tech note .. 

https://live.paloaltonetworks.com/t5/Tech-Note-Articles/GlobalProtect-Configuration-for-the-IPsec-Cl...

 

 

hope it helps, 

 

Rob 

 

 

 

 

hope this helps, 

 

rob 

 

 

@DonohoeRobert

 

Fabulous information thanks

  • 2579 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!