VPN Tunnel down - Troubleshoot

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L4 Transporter

hi all,

thank you all for your help. We don't have a Cisco ASA. Its a Cisco 871 Router per default. But lets see, may we can find a idle timeout setting on this device.

So I will first change the lifetime settings and check wherever I can set the idle time out. Will report the result.

Highlighted
L2 Linker

Hello, maybe this helps you for your cisco device:

Configuring the IPSec SA Idle Timer Globally

To configure the IPSec SA idle timer globally, enter the crypto ipsec security-association idle-time command in global configuration mode as follows:  Router(config)# crypto ipsec security-association idle-time seconds 

In this command, seconds specifies the time, in seconds, that the idle timer will allow an inactive peer to maintain an SA. Valid values range from 60 to 86400.

Configuring the IPSec SA Idle Timer per Crypto Map

  To configure the IPSec SA idle timer for a specified crypto map, use the set security-association idle-time command within a crypto map configuration beginning in global configuration mode:

Command

Purpose

Step 1 

Router(config)# crypto map map-name seq-number ipsec-isakmp

Creates or modifies a crypto map entry and enters crypto map configuration mode.

map-name—Name that identifies the crypto map set.

seq-number—Sequence number you assign to the crypto map entry. Lower values have higher priority.

ipsec-isakmp—Indicates that IKE will be used to establish the IPSec security associations.

Step 2 

Router(config-crypto-map)# set security-association idle-time seconds

Configures the IPSec SA idle timer.

seconds—Time, in seconds, that the idle timer will allow an inactive peer to maintain an SA. Valid values range from 60 to 86400.

Highlighted
L4 Transporter

we did the changes and now we will monitor it. lets see.

Highlighted
L4 Transporter

hi I'm again,

sorry for the delayed response (was busy with other projects).

The config you gave me helped us a little more. thank you all.

The outages are not more so often than before. But still happen sometimes. Would you please so kind and help me to identify the problem?

Here a example of two tunnels:

5-27-2014 2-32-11 PM.png

2014-05-27 13:51:00.083 +0200 debug: ifmon_request_put(daemon/panike_sysd_if.c:916): 16 write to pipe: keyacquire

2014-05-27 13:51:00.083 +0200 debug: ifmon_request_get(daemon/panike_sysd_if.c:932): 16 read from pipe, msg type 3

2014-05-27 13:51:00.083 +0200 debug: pan_msg_process(daemon/panike_sysd_if.c:1030): request from pipe: keyacquire

2014-05-27 13:51:00 [DEBUG]: if_spmd.c:912:parserep_slid(): SLID ok: 250 Tunnel-to-MEL1A(Gateway-MEL1A)_out

2014-05-27 13:51:00 [INFO]: ikev1.c:710:ikev1_initiate(): 0:122.152.XXX.XX[0] - 0.0.0.0[0]:(nil):remote Gateway-MEL1A passive mode specified for IKEv1, dropping acquire request

2014-05-27 13:51:04.083 +0200 debug: ifmon_request_put(daemon/panike_sysd_if.c:916): 16 write to pipe: keyacquire

2014-05-27 13:51:04.083 +0200 debug: ifmon_request_get(daemon/panike_sysd_if.c:932): 16 read from pipe, msg type 3

2014-05-27 13:51:04.083 +0200 debug: pan_msg_process(daemon/panike_sysd_if.c:1030): request from pipe: keyacquire

2014-05-27 13:51:04 [DEBUG]: if_spmd.c:912:parserep_slid(): SLID ok: 250 Tunnel-to-MEL1A(Gateway-MEL1A)_out

2014-05-27 13:51:04 [INFO]: ikev1.c:710:ikev1_initiate(): 0:122.152.XXX.XX[0] - 0.0.0.0[0]:(nil):remote Gateway-MEL1A passive mode specified for IKEv1, dropping acquire request

2014-05-27 13:51:08.083 +0200 debug: ifmon_request_put(daemon/panike_sysd_if.c:916): 16 write to pipe: keyacquire

2014-05-27 13:51:08.083 +0200 debug: ifmon_request_get(daemon/panike_sysd_if.c:932): 16 read from pipe, msg type 3

2014-05-27 13:51:08.083 +0200 debug: pan_msg_process(daemon/panike_sysd_if.c:1030): request from pipe: keyacquire

2014-05-27 13:51:08 [DEBUG]: if_spmd.c:912:parserep_slid(): SLID ok: 250 Tunnel-to-MEL1A(Gateway-MEL1A)_out

2014-05-27 13:51:08 [INFO]: ikev1.c:710:ikev1_initiate(): 0:122.152.XXX.XX[0] - 0.0.0.0[0]:(nil):remote Gateway-MEL1A passive mode specified for IKEv1, dropping acquire request

2014-05-27 13:51:11 [DEBUG]: isakmp.c:982:isakmp_handler(): ===

2014-05-27 13:51:11 [DEBUG]: isakmp.c:983:isakmp_handler(): 140 bytes message received from 165.228.XXX.XXX[500]

2014-05-27 13:51:11 [DEBUG]: isakmp.c:986:isakmp_handler():

b6e8816f 09c21be4 50cce73b 3460ab8a 08100501 f9b31c8b 0000008c 9941a48b

f8f6e4fc 80a16d47 54b041f9 3623576b b9527c0b 1a5bbb8c 5829c7ba c8533b3b

0434b298 3accbb6a aa199fb9 91131da9 6498556b 2b000f59 3df2ab3c 87d2e4d1

98a75664 cd72eb33 c1afe678 c2c6a153 f80bbb3f 3ba63935 8b68b669 f386a647

b126020d f3819408 6f47de3d

2014-05-27 13:51:11 [DEBUG]: isakmp_inf.c:147:isakmp_info_recv(): receive Information.

2014-05-27 13:51:11 [DEBUG]: oakley.c:3811:oakley_newiv2(): compute IV for phase2

2014-05-27 13:51:11 [DEBUG]: oakley.c:3812:oakley_newiv2(): phase1 last IV:

2014-05-27 13:51:11 [DEBUG]: oakley.c:3813:oakley_newiv2():

7af22e17 a3c0ea53 db5a6e97 88e563f3 f9b31c8b

2014-05-27 13:51:11 [DEBUG]: algorithm.c:386:alg_oakley_hashdef(): hash(sha512)

2014-05-27 13:51:11 [DEBUG]: algorithm.c:529:alg_oakley_encdef(): encryption(aes)

2014-05-27 13:51:11 [DEBUG]: oakley.c:3846:oakley_newiv2(): phase2 IV computed:

2014-05-27 13:51:11 [DEBUG]: oakley.c:3847:oakley_newiv2():

e2d2c6dc edb2254f f4a5d69c c7bb329d

2014-05-27 13:51:11 [DEBUG]: oakley.c:3892:oakley_do_decrypt(): begin decryption.

2014-05-27 13:51:11 [DEBUG]: algorithm.c:529:alg_oakley_encdef(): encryption(aes)

2014-05-27 13:51:11 [DEBUG]: oakley.c:3906:oakley_do_decrypt(): IV was saved for next processing:

2014-05-27 13:51:11 [DEBUG]: oakley.c:3908:oakley_do_decrypt():

f386a647 b126020d f3819408 6f47de3d

2014-05-27 13:51:11 [DEBUG]: algorithm.c:529:alg_oakley_encdef(): encryption(aes)

2014-05-27 13:51:11 [DEBUG]: oakley.c:3931:oakley_do_decrypt(): with key:

2014-05-27 13:51:11 [DEBUG]: oakley.c:3932:oakley_do_decrypt():

d3afb025 07033c6c efa1e863 b4640243 e0b57508 bc394080 b1d13a42 7c271880

2014-05-27 13:51:11 [DEBUG]: oakley.c:3937:oakley_do_decrypt(): decrypted payload by IV:

2014-05-27 13:51:11 [DEBUG]: oakley.c:3938:oakley_do_decrypt():

e2d2c6dc edb2254f f4a5d69c c7bb329d

2014-05-27 13:51:11 [DEBUG]: oakley.c:3940:oakley_do_decrypt(): decrypted payload, but not trimed.

2014-05-27 13:51:11 [DEBUG]: oakley.c:3942:oakley_do_decrypt():

0b000044 dea2d538 75fefdf4 793a440e ed624add 58bcc605 8687be48 5b62388d

395038fd 9272e584 2845d20a e35d406b f08b29d4 76f2ee39 942f35ae 3431bfc3

bfc16856 00000020 00000001 01108d28 b6e8816f 09c21be4 50cce73b 3460ab8a

712c11c8 00000000 00000000 00000000

2014-05-27 13:51:11 [DEBUG]: oakley.c:3951:oakley_do_decrypt(): padding len=0

2014-05-27 13:51:11 [DEBUG]: oakley.c:3982:oakley_do_decrypt(): decrypted.

2014-05-27 13:51:11 [DEBUG]: oakley.c:3983:oakley_do_decrypt():

b6e8816f 09c21be4 50cce73b 3460ab8a 08100501 f9b31c8b 0000008c 0b000044

dea2d538 75fefdf4 793a440e ed624add 58bcc605 8687be48 5b62388d 395038fd

9272e584 2845d20a e35d406b f08b29d4 76f2ee39 942f35ae 3431bfc3 bfc16856

00000020 00000001 01108d28 b6e8816f 09c21be4 50cce73b 3460ab8a 712c11c8

00000000 00000000 00000000

2014-05-27 13:51:11 [DEBUG]: oakley.c:3871:oakley_delivm(): IV freed

2014-05-27 13:51:11 [DEBUG]: oakley.c:698:oakley_compute_hash1(): HASH with:

2014-05-27 13:51:11 [DEBUG]: oakley.c:699:oakley_compute_hash1():

f9b31c8b 00000020 00000001 01108d28 b6e8816f 09c21be4 50cce73b 3460ab8a

712c11c8

2014-05-27 13:51:11 [DEBUG]: algorithm.c:469:alg_oakley_hmacdef(): hmac(hmac_sha2_512)

2014-05-27 13:51:11 [DEBUG]: oakley.c:708:oakley_compute_hash1(): HASH computed:

2014-05-27 13:51:11 [DEBUG]: oakley.c:709:oakley_compute_hash1():

dea2d538 75fefdf4 793a440e ed624add 58bcc605 8687be48 5b62388d 395038fd

9272e584 2845d20a e35d406b f08b29d4 76f2ee39 942f35ae 3431bfc3 bfc16856

2014-05-27 13:51:11 [DEBUG]: isakmp_inf.c:262:isakmp_info_recv(): hash validated.

2014-05-27 13:51:11 [DEBUG]: ikev1.c:2843:isakmp_parsewoh(): begin.

2014-05-27 13:51:11 [DEBUG]: ikev1.c:2870:isakmp_parsewoh(): seen nptype=8(hash)

2014-05-27 13:51:11 [DEBUG]: ikev1.c:2870:isakmp_parsewoh(): seen nptype=11(notify)

2014-05-27 13:51:11 [DEBUG]: ikev1.c:2909:isakmp_parsewoh(): succeed.

2014-05-27 13:51:11 [DEBUG]: isakmp_inf.c:1546:isakmp_info_recv_r_u(): DPD R-U-There received

2014-05-27 13:51:11 [DEBUG]: oakley.c:3811:oakley_newiv2(): compute IV for phase2

2014-05-27 13:51:11 [DEBUG]: oakley.c:3812:oakley_newiv2(): phase1 last IV:

2014-05-27 13:51:11 [DEBUG]: oakley.c:3813:oakley_newiv2():

7af22e17 a3c0ea53 db5a6e97 88e563f3 47c30db6

2014-05-27 13:51:11 [DEBUG]: algorithm.c:386:alg_oakley_hashdef(): hash(sha512)

2014-05-27 13:51:11 [DEBUG]: algorithm.c:529:alg_oakley_encdef(): encryption(aes)

2014-05-27 13:51:11 [DEBUG]: oakley.c:3846:oakley_newiv2(): phase2 IV computed:

2014-05-27 13:51:11 [DEBUG]: oakley.c:3847:oakley_newiv2():

08ebdd81 a246ddc3 c1ea14c5 d1910c18

2014-05-27 13:51:11 [DEBUG]: oakley.c:698:oakley_compute_hash1(): HASH with:

2014-05-27 13:51:11 [DEBUG]: oakley.c:699:oakley_compute_hash1():

47c30db6 00000020 00000001 01108d29 b6e8816f 09c21be4 50cce73b 3460ab8a

712c11c8

2014-05-27 13:51:11 [DEBUG]: algorithm.c:469:alg_oakley_hmacdef(): hmac(hmac_sha2_512)

2014-05-27 13:51:11 [DEBUG]: oakley.c:708:oakley_compute_hash1(): HASH computed:

2014-05-27 13:51:11 [DEBUG]: oakley.c:709:oakley_compute_hash1():

3a3f77df 2231fb89 12ac4d39 3664edc8 d7f630cb f98f4465 2c32a72e a2a81a2f

00a9d4b2 0fefd248 f6c1d52b 67884f5a 83f3b79e df2bdab0 b6ce386f 4584b950

2014-05-27 13:51:11 [DEBUG]: oakley.c:4017:oakley_do_encrypt(): begin encryption.

2014-05-27 13:51:11 [DEBUG]: algorithm.c:529:alg_oakley_encdef(): encryption(aes)

2014-05-27 13:51:11 [DEBUG]: oakley.c:4033:oakley_do_encrypt(): pad length = 12

2014-05-27 13:51:11 [DEBUG]: oakley.c:4063:oakley_do_encrypt():

0b000044 3a3f77df 2231fb89 12ac4d39 3664edc8 d7f630cb f98f4465 2c32a72e

a2a81a2f 00a9d4b2 0fefd248 f6c1d52b 67884f5a 83f3b79e df2bdab0 b6ce386f

4584b950 00000020 00000001 01108d29 b6e8816f 09c21be4 50cce73b 3460ab8a

712c11c8 588810ea ef8db091 24ee320c

2014-05-27 13:51:11 [DEBUG]: algorithm.c:529:alg_oakley_encdef(): encryption(aes)

2014-05-27 13:51:11 [DEBUG]: oakley.c:4073:oakley_do_encrypt(): with key:

2014-05-27 13:51:11 [DEBUG]: oakley.c:4074:oakley_do_encrypt():

d3afb025 07033c6c efa1e863 b4640243 e0b57508 bc394080 b1d13a42 7c271880

2014-05-27 13:51:11 [DEBUG]: oakley.c:4079:oakley_do_encrypt(): encrypted payload by IV:

2014-05-27 13:51:11 [DEBUG]: oakley.c:4080:oakley_do_encrypt():

08ebdd81 a246ddc3 c1ea14c5 d1910c18

2014-05-27 13:51:11 [DEBUG]: oakley.c:4086:oakley_do_encrypt(): save IV for next:

2014-05-27 13:51:11 [DEBUG]: oakley.c:4087:oakley_do_encrypt():

70ac70bb 857a6869 6d4950a5 99dcc517

2014-05-27 13:51:11 [DEBUG]: oakley.c:4103:oakley_do_encrypt(): encrypted.

2014-05-27 13:51:11 [DEBUG]: ikev1.c:2990:isakmp_send(): 140 bytes from 122.152.XXX.XX[500] to 165.228.XXX.XXX[500]

2014-05-27 13:51:11 [DEBUG]: sockmisc.c:336:sendfromto(): sockname 122.152.XXX.XX[500]

2014-05-27 13:51:11 [DEBUG]: sockmisc.c:338:sendfromto(): send packet from 122.152.XXX.XX[500]

2014-05-27 13:51:11 [DEBUG]: sockmisc.c:340:sendfromto(): send packet to 165.228.XXX.XXX[500]

2014-05-27 13:51:11 [DEBUG]: sockmisc.c:525:sendfromto(): 1 times of 140 bytes message will be sent to 165.228.XXX.XXX[500]

2014-05-27 13:51:11 [DEBUG]: sockmisc.c:529:sendfromto():

b6e8816f 09c21be4 50cce73b 3460ab8a 08100501 47c30db6 0000008c eb651d0f

9430ce83 708741d1 e4a89130 507390e9 7347b879 4744c7ef 2ea5a2f5 fcb218eb

4aea4e33 b8b3f0d1 8f5f74f2 4665efc4 30bc0cb3 284e949f 026157fb 994161cf

55404d7a bbe1c004 92d5f3c9 d9f5c834 77f4ceef 69205228 348f0d8f 70ac70bb

857a6869 6d4950a5 99dcc517

2014-05-27 13:51:11 [DEBUG]: isakmp_inf.c:805:isakmp_info_send_common(): sendto Information notify.

2014-05-27 13:51:11 [DEBUG]: oakley.c:3871:oakley_delivm(): IV freed

2014-05-27 13:51:11 [DEBUG]: isakmp_inf.c:1575:isakmp_info_recv_r_u(): received a valid R-U-THERE, ACK sent

2014-05-27 13:51:11 [PROTO_NOTIFY]: isakmp_inf.c:1159:isakmp_info_recv_n(): notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=b6e8816f09c21be4 50cce73b3460ab8a (size=16).

2014-05-27 13:51:15.083 +0200 debug: ifmon_request_put(daemon/panike_sysd_if.c:916): 16 write to pipe: keyacquire

2014-05-27 13:51:15.083 +0200 debug: ifmon_request_get(daemon/panike_sysd_if.c:932): 16 read from pipe, msg type 3

2014-05-27 13:51:15.083 +0200 debug: pan_msg_process(daemon/panike_sysd_if.c:1030): request from pipe: keyacquire

2014-05-27 13:51:15 [DEBUG]: if_spmd.c:912:parserep_slid(): SLID ok: 250 Tunnel-to-MEL1A(Gateway-MEL1A)_out

2014-05-27 13:51:15 [INFO]: ikev1.c:710:ikev1_initiate(): 0:122.152.XXX.XX[0] - 0.0.0.0[0]:(nil):remote Gateway-MEL1A passive mode specified for IKEv1, dropping acquire request

2014-05-27 13:51:19.083 +0200 debug: ifmon_request_put(daemon/panike_sysd_if.c:916): 16 write to pipe: keyacquire

2014-05-27 13:51:19.083 +0200 debug: ifmon_request_get(daemon/panike_sysd_if.c:932): 16 read from pipe, msg type 3

2014-05-27 13:51:19.083 +0200 debug: pan_msg_process(daemon/panike_sysd_if.c:1030): request from pipe: keyacquire

2014-05-27 13:51:19 [DEBUG]: if_spmd.c:912:parserep_slid(): SLID ok: 250 Tunnel-to-MEL1A(Gateway-MEL1A)_out

2014-05-27 13:51:19 [INFO]: ikev1.c:710:ikev1_initiate(): 0:122.152.XXX.XX[0] - 0.0.0.0[0]:(nil):remote Gateway-MEL1A passive mode specified for IKEv1, dropping acquire request

2014-05-27 13:51:19 [DEBUG]: ikev1_natt.c:348:natt_keepalive_send(): KA: 122.152.XXX.XX[4500]->60.231.XX.XXX[64951]

2014-05-27 13:51:19 [DEBUG]: sockmisc.c:336:sendfromto(): sockname 122.152.XXX.XX[4500]

2014-05-27 13:51:19 [DEBUG]: sockmisc.c:338:sendfromto(): send packet from 122.152.XXX.XX[4500]

2014-05-27 13:51:19 [DEBUG]: sockmisc.c:340:sendfromto(): send packet to 60.231.XX.XXX[64951]

2014-05-27 13:51:19 [DEBUG]: sockmisc.c:525:sendfromto(): 1 times of 1 bytes message will be sent to 60.231.XX.XXX[64951]

2014-05-27 13:51:19 [DEBUG]: sockmisc.c:529:sendfromto():

ff

2014-05-27 13:51:19 [DEBUG]: ikev1_natt.c:348:natt_keepalive_send(): KA: 122.152.XXX.XX[4500]->195.243.XXX.XXX[61006]

2014-05-27 13:51:19 [DEBUG]: sockmisc.c:336:sendfromto(): sockname 122.152.XXX.XX[4500]

2014-05-27 13:51:19 [DEBUG]: sockmisc.c:338:sendfromto(): send packet from 122.152.XXX.XX[4500]

2014-05-27 13:51:19 [DEBUG]: sockmisc.c:340:sendfromto(): send packet to 195.243.XXX.XXX[61006]

2014-05-27 13:51:19 [DEBUG]: sockmisc.c:525:sendfromto(): 1 times of 1 bytes message will be sent to 195.243.XXX.XXX[61006]

2014-05-27 13:51:19 [DEBUG]: sockmisc.c:529:sendfromto():

ff

2014-05-27 13:51:25.084 +0200 debug: ifmon_request_put(daemon/panike_sysd_if.c:916): 16 write to pipe: keyacquire

2014-05-27 13:51:25.084 +0200 debug: ifmon_request_get(daemon/panike_sysd_if.c:932): 16 read from pipe, msg type 3

2014-05-27 13:51:25.084 +0200 debug: pan_msg_process(daemon/panike_sysd_if.c:1030): request from pipe: keyacquire

2014-05-27 13:51:25 [DEBUG]: if_spmd.c:912:parserep_slid(): SLID ok: 250 Tunnel-to-MEL1A(Gateway-MEL1A)_out

2014-05-27 13:51:25 [INFO]: ikev1.c:710:ikev1_initiate(): 0:122.152.XXX.XX[0] - 0.0.0.0[0]:(nil):remote Gateway-MEL1A passive mode specified for IKEv1, dropping acquire request

2014-05-27 13:51:29.083 +0200 debug: ifmon_request_put(daemon/panike_sysd_if.c:916): 16 write to pipe: keyacquire

2014-05-27 13:51:29.083 +0200 debug: ifmon_request_get(daemon/panike_sysd_if.c:932): 16 read from pipe, msg type 3

2014-05-27 13:51:29.083 +0200 debug: pan_msg_process(daemon/panike_sysd_if.c:1030): request from pipe: keyacquire

2014-05-27 13:51:29 [DEBUG]: if_spmd.c:912:parserep_slid(): SLID ok: 250 Tunnel-to-MEL1A(Gateway-MEL1A)_out

2014-05-27 13:51:29 [INFO]: ikev1.c:710:ikev1_initiate(): 0:122.152.XXX.XX[0] - 0.0.0.0[0]:(nil):remote Gateway-MEL1A passive mode specified for IKEv1, dropping acquire request

2014-05-27 13:51:35.084 +0200 debug: ifmon_request_put(daemon/panike_sysd_if.c:916): 16 write to pipe: keyacquire

2014-05-27 13:51:35.084 +0200 debug: ifmon_request_get(daemon/panike_sysd_if.c:932): 16 read from pipe, msg type 3

2014-05-27 13:51:35.084 +0200 debug: pan_msg_process(daemon/panike_sysd_if.c:1030): request from pipe: keyacquire

2014-05-27 13:51:35 [DEBUG]: if_spmd.c:912:parserep_slid(): SLID ok: 250 Tunnel-to-MEL1A(Gateway-MEL1A)_out

2014-05-27 13:51:35 [INFO]: ikev1.c:710:ikev1_initiate(): 0:122.152.XXX.XX[0] - 0.0.0.0[0]:(nil):remote Gateway-MEL1A passive mode specified for IKEv1, dropping acquire request

2014-05-27 13:51:39.085 +0200 debug: ifmon_request_put(daemon/panike_sysd_if.c:916): 16 write to pipe: keyacquire

2014-05-27 13:51:39.086 +0200 debug: ifmon_request_get(daemon/panike_sysd_if.c:932): 16 read from pipe, msg type 3

2014-05-27 13:51:39.086 +0200 debug: pan_msg_process(daemon/panike_sysd_if.c:1030): request from pipe: keyacquire

2014-05-27 13:51:39 [DEBUG]: if_spmd.c:912:parserep_slid(): SLID ok: 250 Tunnel-to-BPN2B(Gateway-BPN2B)_out

2014-05-27 13:51:39 [INFO]: ikev1.c:710:ikev1_initiate(): 0:122.152.XXX.XX[0] - 0.0.0.0[0]:(nil):remote Gateway-BPN2B passive mode specified for IKEv1, dropping acquire request

2014-05-27 13:51:39 [DEBUG]: ikev1_natt.c:348:natt_keepalive_send(): KA: 122.152.XXX.XX[4500]->60.231.XX.XXX[64951]

2014-05-27 13:51:39 [DEBUG]: sockmisc.c:336:sendfromto(): sockname 122.152.XXX.XX[4500]

2014-05-27 13:51:39 [DEBUG]: sockmisc.c:338:sendfromto(): send packet from 122.152.XXX.XX[4500]

2014-05-27 13:51:39 [DEBUG]: sockmisc.c:340:sendfromto(): send packet to 60.231.XX.XXX[64951]

2014-05-27 13:51:39 [DEBUG]: sockmisc.c:525:sendfromto(): 1 times of 1 bytes message will be sent to 60.231.XX.XXX[64951]

2014-05-27 13:51:39 [DEBUG]: sockmisc.c:529:sendfromto():

ff

2014-05-27 13:51:39 [DEBUG]: ikev1_natt.c:348:natt_keepalive_send(): KA: 122.152.XXX.XX[4500]->195.243.XXX.XXX[61006]

2014-05-27 13:51:39 [DEBUG]: sockmisc.c:336:sendfromto(): sockname 122.152.XXX.XX[4500]

2014-05-27 13:51:39 [DEBUG]: sockmisc.c:338:sendfromto(): send packet from 122.152.XXX.XX[4500]

2014-05-27 13:51:39 [DEBUG]: sockmisc.c:340:sendfromto(): send packet to 195.243.XXX.XXX[61006]

2014-05-27 13:51:39 [DEBUG]: sockmisc.c:525:sendfromto(): 1 times of 1 bytes message will be sent to 195.243.XXX.XXX[61006]

2014-05-27 13:51:39 [DEBUG]: sockmisc.c:529:sendfromto():

ff

2014-05-27 13:51:39.090 +0200 debug: ifmon_request_put(daemon/panike_sysd_if.c:916): 16 write to pipe: keyacquire

2014-05-27 13:51:39.093 +0200 debug: ifmon_request_put(daemon/panike_sysd_if.c:916): 16 write to pipe: keyacquire

2014-05-27 13:51:39.094 +0200 debug: ifmon_request_get(daemon/panike_sysd_if.c:932): 16 read from pipe, msg type 3

2014-05-27 13:51:39.094 +0200 debug: pan_msg_process(daemon/panike_sysd_if.c:1030): request from pipe: keyacquire

2014-05-27 13:51:39 [DEBUG]: if_spmd.c:912:parserep_slid(): SLID ok: 250 Tunnel-to-BDB3B(Gateway-BDB4A)_out

2014-05-27 13:51:39 [INFO]: ikev1.c:710:ikev1_initiate(): 0:122.152.XXX.XX[0] - 0.0.0.0[0]:(nil):remote Gateway-BDB4A passive mode specified for IKEv1, dropping acquire request

2014-05-27 13:51:39.094 +0200 debug: ifmon_request_get(daemon/panike_sysd_if.c:932): 16 read from pipe, msg type 3

2014-05-27 13:51:39.094 +0200 debug: pan_msg_process(daemon/panike_sysd_if.c:1030): request from pipe: keyacquire

2014-05-27 13:51:39 [DEBUG]: if_spmd.c:912:parserep_slid(): SLID ok: 250 Tunnel-to-MEL1A(Gateway-MEL1A)_out

2014-05-27 13:51:39 [INFO]: ikev1.c:710:ikev1_initiate(): 0:122.152.XXX.XX[0] - 0.0.0.0[0]:(nil):remote Gateway-MEL1A passive mode specified for IKEv1, dropping acquire request

2014-05-27 13:51:41 [DEBUG]: isakmp.c:982:isakmp_handler(): ===

2014-05-27 13:51:41 [DEBUG]: isakmp.c:983:isakmp_handler(): 140 bytes message received from 165.228.XXX.XXX[500]

2014-05-27 13:51:41 [DEBUG]: isakmp.c:986:isakmp_handler():

b6e8816f 09c21be4 50cce73b 3460ab8a 08100501 5bad2888 0000008c cb35c8ab

44be8172 1fb33f92 be086c99 0a34ec8e 9ce53d3a 9d0e7c40 916f7c04 d400918e

18c895a2 d8e4fcf6 14a42749 0fee6f5c 25cc534b 8de6798b b2fb87c2 170073d9

ad7bacb0 0f3a8064 ed92c4a7 b559712a b263e460 8248f868 b5a6b441 b08e2789

7e6d93d5 a8725455 4ebf339f

2014-05-27 13:51:41 [DEBUG]: isakmp_inf.c:147:isakmp_info_recv(): receive Information.

2014-05-27 13:51:41 [DEBUG]: oakley.c:3811:oakley_newiv2(): compute IV for phase2

2014-05-27 13:51:41 [DEBUG]: oakley.c:3812:oakley_newiv2(): phase1 last IV:

2014-05-27 13:51:41 [DEBUG]: oakley.c:3813:oakley_newiv2():

7af22e17 a3c0ea53 db5a6e97 88e563f3 5bad2888

2014-05-27 13:51:41 [DEBUG]: algorithm.c:386:alg_oakley_hashdef(): hash(sha512)

2014-05-27 13:51:41 [DEBUG]: algorithm.c:529:alg_oakley_encdef(): encryption(aes)

2014-05-27 13:51:41 [DEBUG]: oakley.c:3846:oakley_newiv2(): phase2 IV computed:

2014-05-27 13:51:41 [DEBUG]: oakley.c:3847:oakley_newiv2():

5f0ea8ed 6b42564e 5f86f338 e9a27179

2014-05-27 13:51:41 [DEBUG]: oakley.c:3892:oakley_do_decrypt(): begin decryption.

2014-05-27 13:51:41 [DEBUG]: algorithm.c:529:alg_oakley_encdef(): encryption(aes)

2014-05-27 13:51:41 [DEBUG]: oakley.c:3906:oakley_do_decrypt(): IV was saved for next processing:

2014-05-27 13:51:41 [DEBUG]: oakley.c:3908:oakley_do_decrypt():

b08e2789 7e6d93d5 a8725455 4ebf339f

2014-05-27 13:51:41 [DEBUG]: algorithm.c:529:alg_oakley_encdef(): encryption(aes)

2014-05-27 13:51:41 [DEBUG]: oakley.c:3931:oakley_do_decrypt(): with key:

2014-05-27 13:51:41 [DEBUG]: oakley.c:3932:oakley_do_decrypt():

d3afb025 07033c6c efa1e863 b4640243 e0b57508 bc394080 b1d13a42 7c271880

2014-05-27 13:51:41 [DEBUG]: oakley.c:3937:oakley_do_decrypt(): decrypted payload by IV:

2014-05-27 13:51:41 [DEBUG]: oakley.c:3938:oakley_do_decrypt():

5f0ea8ed 6b42564e 5f86f338 e9a27179

2014-05-27 13:51:41 [DEBUG]: oakley.c:3940:oakley_do_decrypt(): decrypted payload, but not trimed.

2014-05-27 13:51:41 [DEBUG]: oakley.c:3942:oakley_do_decrypt():

0b000044 257f7a23 8de37f13 54a2b585 90a920a9 0c1ad032 8c7d0599 40191d8a

1def89d7 080d3094 5bd85e4f 4f9263a3 119c86b6 8dc367b9 6798b04c 40e8873f

629deee0 00000020 00000001 01108d28 b6e8816f 09c21be4 50cce73b 3460ab8a

712c11cb 00000000 00000000 00000000

2014-05-27 13:51:41 [DEBUG]: oakley.c:3951:oakley_do_decrypt(): padding len=0

2014-05-27 13:51:41 [DEBUG]: oakley.c:3982:oakley_do_decrypt(): decrypted.

2014-05-27 13:51:41 [DEBUG]: oakley.c:3983:oakley_do_decrypt():

b6e8816f 09c21be4 50cce73b 3460ab8a 08100501 5bad2888 0000008c 0b000044

257f7a23 8de37f13 54a2b585 90a920a9 0c1ad032 8c7d0599 40191d8a 1def89d7

080d3094 5bd85e4f 4f9263a3 119c86b6 8dc367b9 6798b04c 40e8873f 629deee0

00000020 00000001 01108d28 b6e8816f 09c21be4 50cce73b 3460ab8a 712c11cb

00000000 00000000 00000000

2014-05-27 13:51:41 [DEBUG]: oakley.c:3871:oakley_delivm(): IV freed

2014-05-27 13:51:41 [DEBUG]: oakley.c:698:oakley_compute_hash1(): HASH with:

2014-05-27 13:51:41 [DEBUG]: oakley.c:699:oakley_compute_hash1():

5bad2888 00000020 00000001 01108d28 b6e8816f 09c21be4 50cce73b 3460ab8a

712c11cb

2014-05-27 13:51:41 [DEBUG]: algorithm.c:469:alg_oakley_hmacdef(): hmac(hmac_sha2_512)

2014-05-27 13:51:41 [DEBUG]: oakley.c:708:oakley_compute_hash1(): HASH computed:

2014-05-27 13:51:41 [DEBUG]: oakley.c:709:oakley_compute_hash1():

257f7a23 8de37f13 54a2b585 90a920a9 0c1ad032 8c7d0599 40191d8a 1def89d7

080d3094 5bd85e4f 4f9263a3 119c86b6 8dc367b9 6798b04c 40e8873f 629deee0

2014-05-27 13:51:41 [DEBUG]: isakmp_inf.c:262:isakmp_info_recv(): hash validated.

2014-05-27 13:51:41 [DEBUG]: ikev1.c:2843:isakmp_parsewoh(): begin.

2014-05-27 13:51:41 [DEBUG]: ikev1.c:2870:isakmp_parsewoh(): seen nptype=8(hash)

2014-05-27 13:51:41 [DEBUG]: ikev1.c:2870:isakmp_parsewoh(): seen nptype=11(notify)

2014-05-27 13:51:41 [DEBUG]: ikev1.c:2909:isakmp_parsewoh(): succeed.

2014-05-27 13:51:41 [DEBUG]: isakmp_inf.c:1546:isakmp_info_recv_r_u(): DPD R-U-There received

2014-05-27 13:51:41 [DEBUG]: oakley.c:3811:oakley_newiv2(): compute IV for phase2

2014-05-27 13:51:41 [DEBUG]: oakley.c:3812:oakley_newiv2(): phase1 last IV:

2014-05-27 13:51:41 [DEBUG]: oakley.c:3813:oakley_newiv2():

7af22e17 a3c0ea53 db5a6e97 88e563f3 fb68d376

2014-05-27 13:51:41 [DEBUG]: algorithm.c:386:alg_oakley_hashdef(): hash(sha512)

2014-05-27 13:51:41 [DEBUG]: algorithm.c:529:alg_oakley_encdef(): encryption(aes)

2014-05-27 13:51:41 [DEBUG]: oakley.c:3846:oakley_newiv2(): phase2 IV computed:

2014-05-27 13:51:41 [DEBUG]: oakley.c:3847:oakley_newiv2():

67f7c4a9 f86bf49e 957f44d1 a54c8127

2014-05-27 13:51:41 [DEBUG]: oakley.c:698:oakley_compute_hash1(): HASH with:

2014-05-27 13:51:41 [DEBUG]: oakley.c:699:oakley_compute_hash1():

fb68d376 00000020 00000001 01108d29 b6e8816f 09c21be4 50cce73b 3460ab8a

712c11cb

2014-05-27 13:51:41 [DEBUG]: algorithm.c:469:alg_oakley_hmacdef(): hmac(hmac_sha2_512)

2014-05-27 13:51:41 [DEBUG]: oakley.c:708:oakley_compute_hash1(): HASH computed:

2014-05-27 13:51:41 [DEBUG]: oakley.c:709:oakley_compute_hash1():

9cddf373 2998146a a716af6f 53281d3e be6bc11c 326f9578 aec8fa0a 1a1d5590

f4393332 7c18314f 8230a9db 4f36817f bd32b38c 874e66d3 e1625fed 26c77edc

2014-05-27 13:51:41 [DEBUG]: oakley.c:4017:oakley_do_encrypt(): begin encryption.

2014-05-27 13:51:41 [DEBUG]: algorithm.c:529:alg_oakley_encdef(): encryption(aes)

2014-05-27 13:51:41 [DEBUG]: oakley.c:4033:oakley_do_encrypt(): pad length = 12

2014-05-27 13:51:41 [DEBUG]: oakley.c:4063:oakley_do_encrypt():

0b000044 9cddf373 2998146a a716af6f 53281d3e be6bc11c 326f9578 aec8fa0a

1a1d5590 f4393332 7c18314f 8230a9db 4f36817f bd32b38c 874e66d3 e1625fed

26c77edc 00000020 00000001 01108d29 b6e8816f 09c21be4 50cce73b 3460ab8a

712c11cb f1a8f6ba b2fe9c40 e915dc0c

2014-05-27 13:51:41 [DEBUG]: algorithm.c:529:alg_oakley_encdef(): encryption(aes)

2014-05-27 13:51:41 [DEBUG]: oakley.c:4073:oakley_do_encrypt(): with key:

2014-05-27 13:51:41 [DEBUG]: oakley.c:4074:oakley_do_encrypt():

d3afb025 07033c6c efa1e863 b4640243 e0b57508 bc394080 b1d13a42 7c271880

2014-05-27 13:51:41 [DEBUG]: oakley.c:4079:oakley_do_encrypt(): encrypted payload by IV:

2014-05-27 13:51:41 [DEBUG]: oakley.c:4080:oakley_do_encrypt():

67f7c4a9 f86bf49e 957f44d1 a54c8127

2014-05-27 13:51:41 [DEBUG]: oakley.c:4086:oakley_do_encrypt(): save IV for next:

2014-05-27 13:51:41 [DEBUG]: oakley.c:4087:oakley_do_encrypt():

8173eedd 64fe576a 151274e8 dd508421

2014-05-27 13:51:41 [DEBUG]: oakley.c:4103:oakley_do_encrypt(): encrypted.

2014-05-27 13:51:41 [DEBUG]: ikev1.c:2990:isakmp_send(): 140 bytes from 122.152.XXX.XX[500] to 165.228.XXX.XXX[500]

2014-05-27 13:51:41 [DEBUG]: sockmisc.c:336:sendfromto(): sockname 122.152.XXX.XX[500]

2014-05-27 13:51:41 [DEBUG]: sockmisc.c:338:sendfromto(): send packet from 122.152.XXX.XX[500]

2014-05-27 13:51:41 [DEBUG]: sockmisc.c:340:sendfromto(): send packet to 165.228.XXX.XXX[500]

2014-05-27 13:51:41 [DEBUG]: sockmisc.c:525:sendfromto(): 1 times of 140 bytes message will be sent to 165.228.XXX.XXX[500]

2014-05-27 13:51:41 [DEBUG]: sockmisc.c:529:sendfromto():

b6e8816f 09c21be4 50cce73b 3460ab8a 08100501 fb68d376 0000008c 25a3c8b3

1ace4c9d e4c88a94 85528a8e 431fcbaf fcb2a1cb b375a8be 45aca317 22b0d05e

9428417e db1634f6 43e98f91 5c43cba2 4ff409dc 89a51afb 257132ed 56e16981

d56ecb05 ea4760eb 548c115e e3011ac4 871e9822 183e2051 792926dd 8173eedd

64fe576a 151274e8 dd508421

2014-05-27 13:51:41 [DEBUG]: isakmp_inf.c:805:isakmp_info_send_common(): sendto Information notify.

2014-05-27 13:51:41 [DEBUG]: oakley.c:3871:oakley_delivm(): IV freed

2014-05-27 13:51:41 [DEBUG]: isakmp_inf.c:1575:isakmp_info_recv_r_u(): received a valid R-U-THERE, ACK sent

2014-05-27 13:51:41 [PROTO_NOTIFY]: isakmp_inf.c:1159:isakmp_info_recv_n(): notification message 36136:R-U-THERE, doi=1 proto_id=1 spi=b6e8816f09c21be4 50cce73b3460ab8a (size=16).

2014-05-27 13:51:43.085 +0200 debug: ifmon_request_put(daemon/panike_sysd_if.c:916): 16 write to pipe: keyacquire

2014-05-27 13:51:43.086 +0200 debug: ifmon_request_get(daemon/panike_sysd_if.c:932): 16 read from pipe, msg type 3

2014-05-27 13:51:43.086 +0200 debug: pan_msg_process(daemon/panike_sysd_if.c:1030): request from pipe: keyacquire

2014-05-27 13:51:43 [DEBUG]: if_spmd.c:912:parserep_slid(): SLID ok: 250 Tunnel-to-MEL1A(Gateway-MEL1A)_out

2014-05-27 13:51:43 [INFO]: ikev1.c:710:ikev1_initiate(): 0:122.152.XXX.XX[0] - 0.0.0.0[0]:(nil):remote Gateway-MEL1A passive mode specified for IKEv1, dropping acquire request

2014-05-27 13:51:43 [DEBUG]: isakmp.c:982:isakmp_handler(): ===

2014-05-27 13:51:43 [DEBUG]: isakmp.c:983:isakmp_handler(): 492 bytes message received from 175.184.XXX.XXX[500]

2014-05-27 13:51:43 [DEBUG]: isakmp.c:986:isakmp_handler():

145d0809 f142b7d7 e9f6b280 36b395b8 08102001 b940d104 000001ec 6dbb2b8e

3114d6e6 bcf850be 8f218a99 6546c2a4 df0a250e de15b3ee c2231c02 b9759956

0323f9a4 0eea8a6f 0a1ce9ff 890c6c5a 40ba1fe6 9a519581 6ade5c14 147b3356

8c32520e e6b6ba27 8331b8c2 e8f51a48 1fef18d9 ca138ca2 905bf85e 7c4305db

5ce3b8f0 c310e1b5 5b5cd9a7 051b5277 7a4f41f0 96c1969b c2f8db38 3ab4a503

f2643623 b33f057a bf5d5ce9 6147d765 c63c1396 1c48a20a 48fb46fb 51cc3042

8ea0506e b244f1e1 492a65cd 00e8c230 44150663 79a920c3 82d78d66 29a48ec6

e3e8f951 8da619ae 970699f7 08d1e530 b482c5c8 1d5dd221 9976ddee a95ab21d

2b72e9e6 95a9fab3 ddf1695c 2fc70398 10ab3c6a c8158115 e53a30dd fa1405b4

a295f116 41608986 8dce3b8f c363f0a2 d80fb004 bae42480 4a80e0ea 0c2441bd

19ee1d70 d47da9de f0b05e2f a32ed4a2 32b21eda 268b5aaf 615719fe 28736c43

7e0eab30 509c89c4 efea490b 2cfd37e1 d9d9853d 5b7d318c 446f0e2b 0d5ecd88

5c9fec39 ef13e9b6 64a46e30 6f446488 2b067829 9fa44b83 f3d6d172 e239fd4b

5c61d417 4d5322c2 4f1f221c2014-05-27 13:51:43 [DEBUG]: oakley.c:3811:oakley_newiv2(): compute IV for phase2

2014-05-27 13:51:43 [DEBUG]: oakley.c:3812:oakley_newiv2(): phase1 last IV:

2014-05-27 13:51:43 [DEBUG]: oakley.c:3813:oakley_newiv2():

dfc5ede0 0f13942d fec6b0e9 c729bc43 b940d104

2014-05-27 13:51:43 [DEBUG]: algorithm.c:386:alg_oakley_hashdef(): hash(sha512)

2014-05-27 13:51:43 [DEBUG]: algorithm.c:529:alg_oakley_encdef(): encryption(aes)

2014-05-27 13:51:43 [DEBUG]: oakley.c:3846:oakley_newiv2(): phase2 IV computed:

2014-05-27 13:51:43 [DEBUG]: oakley.c:3847:oakley_newiv2():

9786ce5e 136ef42a 9f849af0 a3cdeb52

2014-05-27 13:51:43 [PROTO_NOTIFY]: ikev1.c:2518:log_ph2started(): ====> PHASE-2 NEGOTIATION STARTED AS RESPONDER, (QUICK MODE) <====

====> Initiated SA: 122.152.XXX.XX[500]-175.184.XXX.XXX[500] message id:0xB940D104 <====

2014-05-27 13:51:43 [DEBUG]: oakley.c:3892:oakley_do_decrypt(): begin decryption.

2014-05-27 13:51:43 [DEBUG]: algorithm.c:529:alg_oakley_encdef(): encryption(aes)

2014-05-27 13:51:43 [DEBUG]: oakley.c:3906:oakley_do_decrypt(): IV was saved for next processing:

2014-05-27 13:51:43 [DEBUG]: oakley.c:3908:oakley_do_decrypt():

4abe1bbd accdd8e6 14f44f61 2cb174da

2014-05-27 13:51:43 [DEBUG]: algorithm.c:529:alg_oakley_encdef(): encryption(aes)

2014-05-27 13:51:43 [DEBUG]: oakley.c:3931:oakley_do_decrypt(): with key:

2014-05-27 13:51:43 [DEBUG]: oakley.c:3932:oakley_do_decrypt():

97ce00c8 5f714f8a a13a1bb9 9898eaf0 e204f110 4144f29b 52e58c88 c8b2597f

2014-05-27 13:51:43 [DEBUG]: oakley.c:3937:oakley_do_decrypt(): decrypted payload by IV:

2014-05-27 13:51:43 [DEBUG]: oakley.c:3938:oakley_do_decrypt():

9786ce5e 136ef42a 9f849af0 a3cdeb52

2014-05-27 13:51:43 [DEBUG]: oakley.c:3940:oakley_do_decrypt(): decrypted payload, but not trimed.

2014-05-27 13:51:43 [DEBUG]: oakley.c:3942:oakley_do_decrypt():

01000044 b7be03bd efa58771 daf4a893 df248544 5fb2a34c 8fa8f5bc 6b0ccf81

7d5cd0a1 1b15d554 7dc7de00 cf5e8f72 fda4a7e1 14120312 5db942fd 5710f835

0a2187fb 0a000044 00000001 00000001 00000038 01030401 fdc7c4b0 0000002c

010c0000 80040001 80010001 80020e10 80010002 00020004 00465000 80050007

80060100 8003000e 04000018 3eafd04d 837cec24 3ab9bf06 82cb0b6f b8182ce4

05000104 779b84ef 9c106976 e2dd3520 20929dd4 a6073037 417c513d d50cda25

79e5aba9 62a66718 86f9cf25 27d7d98e 056146f7 92e87823 644c689c 043ff109

4580a0ee 59cbec23 06ed1d0e fdbbce1f 896cd588 622bee94 368c89b9 7e0ba279

74516b8b fda493f5 0cfbbea4 7f1744f8 53eb73c2 1120608b 4af5300f eb712805

e8d0f62e 4edb9500 73e83027 c50a5113 d7051d09 e3f02682 526945ac 0bbf90aa

bad622a3 0feaf4f8 b4baa853 ca77557c 0c3685da f6edf307 ec0003f0 6d674d0e

9984a353 52b6555d 25c8e95d 1d71c51f af779aaf d9c8e4d7 31d07de6 fb499345

6c9c6f6e 46fb0d3e 30f5eedb 3686b022 a75d11ea e73d1424 c5ab9e1f 1eb9e815

9e040b4e 05000010 04002014-05-27 13:51:43 [DEBUG]: oakley.c:3951:oakley_do_decrypt(): padding len=0

2014-05-27 13:51:43 [DEBUG]: oakley.c:3982:oakley_do_decrypt(): decrypted.

2014-05-27 13:51:43 [DEBUG]: oakley.c:3983:oakley_do_decrypt():

145d0809 f142b7d7 e9f6b280 36b395b8 08102001 b940d104 000001ec 01000044

b7be03bd efa58771 daf4a893 df248544 5fb2a34c 8fa8f5bc 6b0ccf81 7d5cd0a1

1b15d554 7dc7de00 cf5e8f72 fda4a7e1 14120312 5db942fd 5710f835 0a2187fb

0a000044 00000001 00000001 00000038 01030401 fdc7c4b0 0000002c 010c0000

80040001 80010001 80020e10 80010002 00020004 00465000 80050007 80060100

8003000e 04000018 3eafd04d 837cec24 3ab9bf06 82cb0b6f b8182ce4 05000104

779b84ef 9c106976 e2dd3520 20929dd4 a6073037 417c513d d50cda25 79e5aba9

62a66718 86f9cf25 27d7d98e 056146f7 92e87823 644c689c 043ff109 4580a0ee

59cbec23 06ed1d0e fdbbce1f 896cd588 622bee94 368c89b9 7e0ba279 74516b8b

fda493f5 0cfbbea4 7f1744f8 53eb73c2 1120608b 4af5300f eb712805 e8d0f62e

4edb9500 73e83027 c50a5113 d7051d09 e3f02682 526945ac 0bbf90aa bad622a3

0feaf4f8 b4baa853 ca77557c 0c3685da f6edf307 ec0003f0 6d674d0e 9984a353

52b6555d 25c8e95d 1d71c51f af779aaf d9c8e4d7 31d07de6 fb499345 6c9c6f6e

46fb0d3e 30f5eedb 36862014-05-27 13:51:43 [DEBUG]: ikev1.c:2843:isakmp_parsewoh(): begin.

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2870:isakmp_parsewoh(): seen nptype=8(hash)

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2870:isakmp_parsewoh(): seen nptype=1(sa)

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2870:isakmp_parsewoh(): seen nptype=10(nonce)

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2870:isakmp_parsewoh(): seen nptype=4(ke)

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2870:isakmp_parsewoh(): seen nptype=5(id)

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2870:isakmp_parsewoh(): seen nptype=5(id)

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2909:isakmp_parsewoh(): succeed.

2014-05-27 13:51:43 [DEBUG]: isakmp_quick.c:1163:quick_r1recv(): received IDci2:2014-05-27 13:51:43 [DEBUG]: isakmp_quick.c:1164:quick_r1recv():

04000000 00000000 00000000

2014-05-27 13:51:43 [DEBUG]: isakmp_quick.c:1167:quick_r1recv(): received IDcr2:2014-05-27 13:51:43 [DEBUG]: isakmp_quick.c:1168:quick_r1recv():

04000000 00000000 00000000

2014-05-27 13:51:43 [DEBUG]: isakmp_quick.c:1182:quick_r1recv(): HASH(1) validate:2014-05-27 13:51:43 [DEBUG]: isakmp_quick.c:1183:quick_r1recv():

b7be03bd efa58771 daf4a893 df248544 5fb2a34c 8fa8f5bc 6b0ccf81 7d5cd0a1

1b15d554 7dc7de00 cf5e8f72 fda4a7e1 14120312 5db942fd 5710f835 0a2187fb

2014-05-27 13:51:43 [DEBUG]: oakley.c:698:oakley_compute_hash1(): HASH with:

2014-05-27 13:51:43 [DEBUG]: oakley.c:699:oakley_compute_hash1():

b940d104 0a000044 00000001 00000001 00000038 01030401 fdc7c4b0 0000002c

010c0000 80040001 80010001 80020e10 80010002 00020004 00465000 80050007

80060100 8003000e 04000018 3eafd04d 837cec24 3ab9bf06 82cb0b6f b8182ce4

05000104 779b84ef 9c106976 e2dd3520 20929dd4 a6073037 417c513d d50cda25

79e5aba9 62a66718 86f9cf25 27d7d98e 056146f7 92e87823 644c689c 043ff109

4580a0ee 59cbec23 06ed1d0e fdbbce1f 896cd588 622bee94 368c89b9 7e0ba279

74516b8b fda493f5 0cfbbea4 7f1744f8 53eb73c2 1120608b 4af5300f eb712805

e8d0f62e 4edb9500 73e83027 c50a5113 d7051d09 e3f02682 526945ac 0bbf90aa

bad622a3 0feaf4f8 b4baa853 ca77557c 0c3685da f6edf307 ec0003f0 6d674d0e

9984a353 52b6555d 25c8e95d 1d71c51f af779aaf d9c8e4d7 31d07de6 fb499345

6c9c6f6e 46fb0d3e 30f5eedb 3686b022 a75d11ea e73d1424 c5ab9e1f 1eb9e815

9e040b4e 05000010 04000000 00000000 00000000 00000010 04000000 00000000

00000000

2014-05-27 13:51:43 [DEBUG]: algorithm.c:469:alg_oakley_hmacdef(): hmac(hmac_sha2_512)

2014-05-27 13:51:43 [DEBUG]: oakley.c:708:oakley_compute_hash1(): HASH computed:

2014-05-27 13:51:43 [DEBUG]: oakley.c:709:oakley_compute_hash1():

b7be03bd efa58771 daf4a893 df248544 5fb2a34c 8fa8f5bc 6b0ccf81 7d5cd0a1

1b15d554 7dc7de00 cf5e8f72 fda4a7e1 14120312 5db942fd 5710f835 0a2187fb

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:1299:get_proppair(): total SA len=64

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:1300:get_proppair():

00000001 00000001 00000038 01030401 fdc7c4b0 0000002c 010c0000 80040001

80010001 80020e10 80010002 00020004 00465000 80050007 80060100 8003000e

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2843:isakmp_parsewoh(): begin.

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2870:isakmp_parsewoh(): seen nptype=2(prop)

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2909:isakmp_parsewoh(): succeed.

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:1352:get_proppair(): proposal #1 len=56

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2843:isakmp_parsewoh(): begin.

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2870:isakmp_parsewoh(): seen nptype=3(trns)

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2909:isakmp_parsewoh(): succeed.

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:1498:get_transform(): transform #1 len=44

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:2297:check_attr_ipsec(): type=Encryption Mode, flag=0x8000, lorv=Tunnel

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:2297:check_attr_ipsec(): type=SA Life Type, flag=0x8000, lorv=seconds

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:2297:check_attr_ipsec(): type=SA Life Duration, flag=0x8000, lorv=3600

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:2412:check_attr_ipsec(): life duration was in TLV.

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:2297:check_attr_ipsec(): type=SA Life Type, flag=0x8000, lorv=kilobytes

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:2297:check_attr_ipsec(): type=SA Life Duration, flag=0x0000, lorv=4

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:2297:check_attr_ipsec(): type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha512

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:2297:check_attr_ipsec(): type=Key Length, flag=0x8000, lorv=256

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:2297:check_attr_ipsec(): type=Group Description, flag=0x8000, lorv=14

2014-05-27 13:51:43 [DEBUG]: algorithm.c:770:alg_oakley_dhdef(): dh(modp2048)

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:1395:get_proppair(): pair 1:

2014-05-27 13:51:43 [DEBUG]: proposal.c:1124:print_proppair0():  0x105a7bb8: next=(nil) tnext=(nil)

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:1430:get_proppair(): proposal #1: 1 transform

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:1128:get_ph2approval(): begin compare proposals.

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:1134:get_ph2approval(): pair[1]: 0x105a7bb8

2014-05-27 13:51:43 [DEBUG]: proposal.c:1124:print_proppair0():  0x105a7bb8: next=(nil) tnext=(nil)

2014-05-27 13:51:43 [DEBUG]: proposal.c:913:aproppair2saprop(): prop#=1 prot-id=ESP spi-size=4 #trns=1 trns#=1 trns-id=AES

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:4165:ipsecdoi_t2satrns(): type=Encryption Mode, flag=0x8000, lorv=Tunnel

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:4165:ipsecdoi_t2satrns(): type=SA Life Type, flag=0x8000, lorv=seconds

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:4165:ipsecdoi_t2satrns(): type=SA Life Duration, flag=0x8000, lorv=3600

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:4226:ipsecdoi_t2satrns(): lifetime 3600 seconds

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:4165:ipsecdoi_t2satrns(): type=SA Life Type, flag=0x8000, lorv=kilobytes

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:4165:ipsecdoi_t2satrns(): type=SA Life Duration, flag=0x0000, lorv=4

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:4247:ipsecdoi_t2satrns(): lifesize 4608000 KB

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:4165:ipsecdoi_t2satrns(): type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha512

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:4165:ipsecdoi_t2satrns(): type=Key Length, flag=0x8000, lorv=256

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:4165:ipsecdoi_t2satrns(): type=Group Description, flag=0x8000, lorv=14

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:1172:get_ph2approvalx(): peer's single bundle:

2014-05-27 13:51:43 [DEBUG]: proposal.c:1057:printsaproto():  (proto_id=ESP spisize=4 spi=fdc7c4b0 spi_p=00000000 encmode=Tunnel reqid=0:0)

2014-05-27 13:51:43 [DEBUG]: proposal.c:1091:printsatrns():   (trns_id=AES encklen=256 authtype=hmac-sha512)

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:1175:get_ph2approvalx(): my single bundle:

2014-05-27 13:51:43 [DEBUG]: proposal.c:1057:printsaproto():  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)

2014-05-27 13:51:43 [DEBUG]: proposal.c:1091:printsatrns():   (trns_id=AES encklen=256 authtype=hmac-sha512)

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:1194:get_ph2approvalx(): matched

2014-05-27 13:51:43 [DEBUG]: ikev1.c:1632:isakmp_ph2begin_r(): ===

2014-05-27 13:51:43 [DEBUG]: isakmp_quick.c:1306:quick_r1prep(): pfkey getspi sent.

2014-05-27 13:51:43 [DEBUG]: pfkey.c:696:pk_sendgetspi(): call pfkey_send_getspi

2014-05-27 13:51:43 [DEBUG]: pfkey.c:767:ikev1_getspi_response(): pfkey GETSPI succeeded: ESP/Tunnel 175.184.XXX.XXX[500]->122.152.XXX.XX[500] spi=2679721626(0x9fb94e9a)

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:1299:get_proppair(): total SA len=64

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:1300:get_proppair():

00000001 00000001 00000038 01030401 00000000 0000002c 010c0000 80040001

80010001 80020e10 80010002 00020004 00465000 80050007 80060100 8003000e

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2843:isakmp_parsewoh(): begin.

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2870:isakmp_parsewoh(): seen nptype=2(prop)

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2909:isakmp_parsewoh(): succeed.

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:1352:get_proppair(): proposal #1 len=56

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2843:isakmp_parsewoh(): begin.

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2870:isakmp_parsewoh(): seen nptype=3(trns)

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2909:isakmp_parsewoh(): succeed.

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:1498:get_transform(): transform #1 len=44

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:2297:check_attr_ipsec(): type=Encryption Mode, flag=0x8000, lorv=Tunnel

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:2297:check_attr_ipsec(): type=SA Life Type, flag=0x8000, lorv=seconds

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:2297:check_attr_ipsec(): type=SA Life Duration, flag=0x8000, lorv=3600

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:2412:check_attr_ipsec(): life duration was in TLV.

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:2297:check_attr_ipsec(): type=SA Life Type, flag=0x8000, lorv=kilobytes

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:2297:check_attr_ipsec(): type=SA Life Duration, flag=0x0000, lorv=4

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:2297:check_attr_ipsec(): type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha512

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:2297:check_attr_ipsec(): type=Key Length, flag=0x8000, lorv=256

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:2297:check_attr_ipsec(): type=Group Description, flag=0x8000, lorv=14

2014-05-27 13:51:43 [DEBUG]: algorithm.c:770:alg_oakley_dhdef(): dh(modp2048)

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:1395:get_proppair(): pair 1:

2014-05-27 13:51:43 [DEBUG]: proposal.c:1124:print_proppair0():  0x10597098: next=(nil) tnext=(nil)

2014-05-27 13:51:43 [DEBUG]: ipsec_doi.c:1430:get_proppair(): proposal #1: 1 transform

2014-05-27 13:51:43 [DEBUG]: algorithm.c:770:alg_oakley_dhdef(): dh(modp2048)

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2260:set_isakmp_payload(): add payload of len 64, next type 10(nonce)

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2260:set_isakmp_payload(): add payload of len 16, next type 4(ke)

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2260:set_isakmp_payload(): add payload of len 256, next type 5(id)

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2260:set_isakmp_payload(): add payload of len 12, next type 5(id)

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2260:set_isakmp_payload(): add payload of len 12, next type 0(none)

2014-05-27 13:51:43 [DEBUG]: oakley.c:698:oakley_compute_hash1(): HASH with:

2014-05-27 13:51:43 [DEBUG]: oakley.c:699:oakley_compute_hash1():

b940d104 3eafd04d 837cec24 3ab9bf06 82cb0b6f b8182ce4 0a000044 00000001

00000001 00000038 01030401 9fb94e9a 0000002c 010c0000 80040001 80010001

80020e10 80010002 00020004 00465000 80050007 80060100 8003000e 04000014

387286dd cf384c7b 47b0c3c5 d609c7f8 05000104 e1402d0a 2dcc98a4 41dbfc1c

5ba32e51 27bea61e 51092aba 647c1e28 ea6a3867 4f8345e0 cd54fc66 077f674b

16dfe5b5 1d7724b2 16f43634 08547b96 8a278f66 8b1c2659 c34ee9ee ea0db751

52e9f59a 6b7ada30 1f16ab75 58f8aa11 82c6eb47 9f79fe61 d57f512c 7d9cc82b

2baae0b5 d1a0e0a9 1cfa871c 9ffd112b 0f39a3f0 6fd6b6fe 2cfe3bdf 273d905d

3f411ea8 045db4cf 3553a34a 7c79eaf5 fb4365d2 1431d969 3dd86643 81a708d6

d44b98f4 f589c523 8ff75530 5c842fa8 b76f5812 5eb45da0 60a85f08 248c5e80

147846f9 58466c4c 9ea4ab2a cc690bd6 9b32e359 3e39afaf 01031ef7 d3428265

70e6372d 7700131b 53adc46b 25334f6e 6bf4c9f3 05000010 04000000 00000000

00000000 00000010 04000000 00000000 00000000

2014-05-27 13:51:43 [DEBUG]: algorithm.c:469:alg_oakley_hmacdef(): hmac(hmac_sha2_512)

2014-05-27 13:51:43 [DEBUG]: oakley.c:708:oakley_compute_hash1(): HASH computed:

2014-05-27 13:51:43 [DEBUG]: oakley.c:709:oakley_compute_hash1():

e0bad1ec 90da1773 f220fcb1 81c35c1e 275b4549 38797764 6d6e5085 ebf6c24d

a95e30bf c4d1004e 4c490267 fd878ae4 f34628af 0f1bf497 24892409 3e109a04

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2260:set_isakmp_payload(): add payload of len 64, next type 1(sa)

2014-05-27 13:51:43 [DEBUG]: oakley.c:4017:oakley_do_encrypt(): begin encryption.

2014-05-27 13:51:43 [DEBUG]: algorithm.c:529:alg_oakley_encdef(): encryption(aes)

2014-05-27 13:51:43 [DEBUG]: oakley.c:4033:oakley_do_encrypt(): pad length = 16

2014-05-27 13:51:43 [DEBUG]: oakley.c:4063:oakley_do_encrypt():

01000044 e0bad1ec 90da1773 f220fcb1 81c35c1e 275b4549 38797764 6d6e5085

ebf6c24d a95e30bf c4d1004e 4c490267 fd878ae4 f34628af 0f1bf497 24892409

3e109a04 0a000044 00000001 00000001 00000038 01030401 9fb94e9a 0000002c

010c0000 80040001 80010001 80020e10 80010002 00020004 00465000 80050007

80060100 8003000e 04000014 387286dd cf384c7b 47b0c3c5 d609c7f8 05000104

e1402d0a 2dcc98a4 41dbfc1c 5ba32e51 27bea61e 51092aba 647c1e28 ea6a3867

4f8345e0 cd54fc66 077f674b 16dfe5b5 1d7724b2 16f43634 08547b96 8a278f66

8b1c2659 c34ee9ee ea0db751 52e9f59a 6b7ada30 1f16ab75 58f8aa11 82c6eb47

9f79fe61 d57f512c 7d9cc82b 2baae0b5 d1a0e0a9 1cfa871c 9ffd112b 0f39a3f0

6fd6b6fe 2cfe3bdf 273d905d 3f411ea8 045db4cf 3553a34a 7c79eaf5 fb4365d2

1431d969 3dd86643 81a708d6 d44b98f4 f589c523 8ff75530 5c842fa8 b76f5812

5eb45da0 60a85f08 248c5e80 147846f9 58466c4c 9ea4ab2a cc690bd6 9b32e359

3e39afaf 01031ef7 d3428265 70e6372d 7700131b 53adc46b 25334f6e 6bf4c9f3

05000010 04000000 00002014-05-27 13:51:43 [DEBUG]: algorithm.c:529:alg_oakley_encdef(): encryption(aes)

2014-05-27 13:51:43 [DEBUG]: oakley.c:4073:oakley_do_encrypt(): with key:

2014-05-27 13:51:43 [DEBUG]: oakley.c:4074:oakley_do_encrypt():

97ce00c8 5f714f8a a13a1bb9 9898eaf0 e204f110 4144f29b 52e58c88 c8b2597f

2014-05-27 13:51:43 [DEBUG]: oakley.c:4079:oakley_do_encrypt(): encrypted payload by IV:

2014-05-27 13:51:43 [DEBUG]: oakley.c:4080:oakley_do_encrypt():

4abe1bbd accdd8e6 14f44f61 2cb174da

2014-05-27 13:51:43 [DEBUG]: oakley.c:4086:oakley_do_encrypt(): save IV for next:

2014-05-27 13:51:43 [DEBUG]: oakley.c:4087:oakley_do_encrypt():

964778c0 07b90c44 c71c1768 c01d78ef

2014-05-27 13:51:43 [DEBUG]: oakley.c:4103:oakley_do_encrypt(): encrypted.

2014-05-27 13:51:43 [DEBUG]: ikev1.c:1759:isakmp_ph2resend(): resend phase2 packet 145d0809f142b7d7:e9f6b28036b395b8:B940D104

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2990:isakmp_send(): 492 bytes from 122.152.XXX.XX[500] to 175.184.XXX.XXX[500]

2014-05-27 13:51:43 [DEBUG]: sockmisc.c:336:sendfromto(): sockname 122.152.XXX.XX[500]

2014-05-27 13:51:43 [DEBUG]: sockmisc.c:338:sendfromto(): send packet from 122.152.XXX.XX[500]

2014-05-27 13:51:43 [DEBUG]: sockmisc.c:340:sendfromto(): send packet to 175.184.XXX.XXX[500]

2014-05-27 13:51:43 [DEBUG]: sockmisc.c:525:sendfromto(): 1 times of 492 bytes message will be sent to 175.184.XXX.XXX[500]

2014-05-27 13:51:43 [DEBUG]: sockmisc.c:529:sendfromto():

145d0809 f142b7d7 e9f6b280 36b395b8 08102001 b940d104 000001ec abfae145

8f7fbfac be5de3d8 52f5f58b 5cf09b64 ea47975c 537f5290 e44a50b5 6e86b2d3

1ad08865 cbe8e4b1 1ff833e2 bed2eea6 8e3bf1ef 47c87af4 0b752c1b 328d1b6a

fa8a6630 62e120fe 6682a9a3 0cef3b96 7d4e641d 27ac3e85 3be8d218 52f667f3

8899b3b6 ae02274c d90b812b d0b43859 0cba9e98 4993c35c 5bb81710 42969426

96b786f6 ad20623b f1d4613a 1e398c79 a0fe74d3 3f48dda7 d0a9a70d 6aa2b04b

9eb70d3b ec158b49 7c9d8cef 68bdfdf7 aa716e43 539dc90f 0a050552 ffc87cdf

9de6d8f0 2066635f 285ba5a2 7c484ed4 72f9865c 7c8dc223 6fb994e0 7c034d7e

6f10acb5 5bbce145 13fb54dc 2e3171d4 8538357a 17532626 9502cb83 5c3c647f

449606b9 cde80190 cf01b570 ac5599ab e5a1d131 957b78a8 c104f456 e1c31c0d

a669c05a 6598489d 70ec45e0 d7bc0abc 64b473fe 3b841941 8eee4b2a c7aa4589

5fd8e6db 8b4c021a 4ac2c170 1d265cb8 8965f6e8 542e54cd 96e4a313 34f15c8d

e002aace 64c07059 8008f8c8 99c4ff90 67474f2a df607055 c876feb8 21b7439d

beccf8e8 3d04f088 631f7629 22014-05-27 13:51:43 [DEBUG]: pfkey.c:722:pk_sendgetspi(): pfkey GETSPI sent: ESP/Tunnel 0.0.0.0[500]->122.152.XXX.XX[500]

2014-05-27 13:51:43 [DEBUG]: isakmp.c:982:isakmp_handler(): ===

2014-05-27 13:51:43 [DEBUG]: isakmp.c:983:isakmp_handler(): 108 bytes message received from 175.184.XXX.XXX[500]

2014-05-27 13:51:43 [DEBUG]: isakmp.c:986:isakmp_handler():

145d0809 f142b7d7 e9f6b280 36b395b8 08102001 b940d104 0000006c e035bfe6

66896dce 6b209c1d 3da4b305 ca0d8dc0 4b42654f 0041f4ff e331c9a2 012bdb22

2d3e31cb 2df5ac4e 6105689c 77594d68 337e5796 65b4451b 445b9831 b8b2cf23

db5f8d75 a05d4cfc 3bb72e39

2014-05-27 13:51:43 [DEBUG]: oakley.c:3892:oakley_do_decrypt(): begin decryption.

2014-05-27 13:51:43 [DEBUG]: algorithm.c:529:alg_oakley_encdef(): encryption(aes)

2014-05-27 13:51:43 [DEBUG]: oakley.c:3906:oakley_do_decrypt(): IV was saved for next processing:

2014-05-27 13:51:43 [DEBUG]: oakley.c:3908:oakley_do_decrypt():

b8b2cf23 db5f8d75 a05d4cfc 3bb72e39

2014-05-27 13:51:43 [DEBUG]: algorithm.c:529:alg_oakley_encdef(): encryption(aes)

2014-05-27 13:51:43 [DEBUG]: oakley.c:3931:oakley_do_decrypt(): with key:

2014-05-27 13:51:43 [DEBUG]: oakley.c:3932:oakley_do_decrypt():

97ce00c8 5f714f8a a13a1bb9 9898eaf0 e204f110 4144f29b 52e58c88 c8b2597f

2014-05-27 13:51:43 [DEBUG]: oakley.c:3937:oakley_do_decrypt(): decrypted payload by IV:

2014-05-27 13:51:43 [DEBUG]: oakley.c:3938:oakley_do_decrypt():

964778c0 07b90c44 c71c1768 c01d78ef

2014-05-27 13:51:43 [DEBUG]: oakley.c:3940:oakley_do_decrypt(): decrypted payload, but not trimed.

2014-05-27 13:51:43 [DEBUG]: oakley.c:3942:oakley_do_decrypt():

00000044 93c5402c 8b2a6b1f de37531d 7f309941 7855f566 bd19d673 59c5ab81

fdd70412 68c21815 5dad5523 c70ff2d7 f06754f6 40561b18 2d67db16 5c5f8038

dcf1b337 00000000 00000000 00000000

2014-05-27 13:51:43 [DEBUG]: oakley.c:3951:oakley_do_decrypt(): padding len=0

2014-05-27 13:51:43 [DEBUG]: oakley.c:3982:oakley_do_decrypt(): decrypted.

2014-05-27 13:51:43 [DEBUG]: oakley.c:3983:oakley_do_decrypt():

145d0809 f142b7d7 e9f6b280 36b395b8 08102001 b940d104 0000006c 00000044

93c5402c 8b2a6b1f de37531d 7f309941 7855f566 bd19d673 59c5ab81 fdd70412

68c21815 5dad5523 c70ff2d7 f06754f6 40561b18 2d67db16 5c5f8038 dcf1b337

00000000 00000000 00000000

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2843:isakmp_parsewoh(): begin.

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2870:isakmp_parsewoh(): seen nptype=8(hash)

2014-05-27 13:51:43 [DEBUG]: ikev1.c:2909:isakmp_parsewoh(): succeed.

2014-05-27 13:51:43 [DEBUG]: isakmp_quick.c:1604:quick_r3recv(): HASH(3) validate:2014-05-27 13:51:43 [DEBUG]: isakmp_quick.c:1605:quick_r3recv():

93c5402c 8b2a6b1f de37531d 7f309941 7855f566 bd19d673 59c5ab81 fdd70412

68c21815 5dad5523 c70ff2d7 f06754f6 40561b18 2d67db16 5c5f8038 dcf1b337

2014-05-27 13:51:43 [DEBUG]: oakley.c:642:oakley_compute_hash3(): HASH with:

2014-05-27 13:51:43 [DEBUG]: oakley.c:643:oakley_compute_hash3():

00b940d1 043eafd0 4d837cec 243ab9bf 0682cb0b 6fb8182c e4387286 ddcf384c

7b47b0c3 c5d609c7 f8

2014-05-27 13:51:43 [DEBUG]: algorithm.c:469:alg_oakley_hmacdef(): hmac(hmac_sha2_512)

2014-05-27 13:51:43 [DEBUG]: oakley.c:652:oakley_compute_hash3(): HASH computed:

2014-05-27 13:51:43 [DEBUG]: oakley.c:653:oakley_compute_hash3():

93c5402c 8b2a6b1f de37531d 7f309941 7855f566 bd19d673 59c5ab81 fdd70412

68c21815 5dad5523 c70ff2d7 f06754f6 40561b18 2d67db16 5c5f8038 dcf1b337

2014-05-27 13:51:43 [DEBUG]: ikev1.c:1136:quick_main(): ===

2014-05-27 13:51:43 [DEBUG]: oakley.c:407:oakley_compute_keymat_x(): KEYMAT compute with

2014-05-27 13:51:43 [DEBUG]: oakley.c:408:oakley_compute_keymat_x():

586c803e 8a25a3fc dbde67bf f9f3f8ca 11fcf226 b97ebdf6 2590f5f2 f2d77625

e0b8c508 e40ed2bb b2dc18bf 810b40fe a0f7372e fad257af 9704895c a75220a2

7336eb43 1fdcd664 f21313a2 086e2f09 2d964811 b8bed111 6a7b1ef7 dae68c35

417b4edf 822c9a13 306972b6 9d235d54 525bb6ea 336c3418 f9a02d4d a6961204

ffdfb139 ff7a94c1 5d50f1e5 54a3fedc 18c8a104 6230e567 90b4c0f2 211b4fd0

a383bb3f 26e210ae 4ce83f1c c9429ebe e5e40a2d 85a941dc 29277d7a 962be086

1ac59c78 8f6c87c5 f25cd40a 44e2624a fe10d6c2 5af2874e f5e1e821 5e48ab50

79b55a79 7c4a4558 c870c614 5059af27 1cf8d976 064bf229 8ca8ee02 01bc7db2

039fb94e 9a3eafd0 4d837cec 243ab9bf 0682cb0b 6fb8182c e4387286 ddcf384c

7b47b0c3 c5d609c7 f8

2014-05-27 13:51:43 [DEBUG]: algorithm.c:469:alg_oakley_hmacdef(): hmac(hmac_sha2_512)

2014-05-27 13:51:43 [DEBUG]: algorithm.c:669:alg_ipsec_encdef(): encryption(aes)

2014-05-27 13:51:43 [DEBUG]: algorithm.c:712:alg_ipsec_hmacdef(): hmac(null)

2014-05-27 13:51:43 [DEBUG]: oakley.c:440:oakley_compute_keymat_x(): encklen=256 authklen=512

2014-05-27 13:51:43 [DEBUG]: oakley.c:447:oakley_compute_keymat_x(): generating 1536 bits of key (dupkeymat=3)

2014-05-27 13:51:43 [DEBUG]: oakley.c:465:oakley_compute_keymat_x(): generating K1...K3 for KEYMAT.

2014-05-27 13:51:43 [DEBUG]: algorithm.c:469:alg_oakley_hmacdef(): hmac(hmac_sha2_512)

2014-05-27 13:51:43 [DEBUG]: algorithm.c:469:alg_oakley_hmacdef(): hmac(hmac_sha2_512)

2014-05-27 13:51:43 [DEBUG]: oakley.c:526:oakley_compute_keymat_x():

615e859b e2851d1d 8fedb0ba 66ff111a 6d72bc32 216877c0 86f52832 c47404c9

8cccbcdc bf21309e d3f15f84 8ede06c4 b064ccfe f178d00d 5beac694 41a2625e

65152001 8663b589 19da562f 832670ea 3975fd07 96c681ad f6a61925 992feab9

45e73dd6 cb9b21d9 ef55e76d 88953bc7 7595134c ea97761d 77d1c50e 0ea0f67a

0f695343 39fd70e0 1f6557c7 16757e88 1566652e 235f5e89 c4f54827 56261c5a

e03a6aaa 22adc039 239c1ef4 bdee3a8b bad3c598 b8b0a01c f4c1f35d a545125e

2014-05-27 13:51:43 [DEBUG]: oakley.c:407:oakley_compute_keymat_x(): KEYMAT compute with

2014-05-27 13:51:43 [DEBUG]: oakley.c:408:oakley_compute_keymat_x():

586c803e 8a25a3fc dbde67bf f9f3f8ca 11fcf226 b97ebdf6 2590f5f2 f2d77625

e0b8c508 e40ed2bb b2dc18bf 810b40fe a0f7372e fad257af 9704895c a75220a2

7336eb43 1fdcd664 f21313a2 086e2f09 2d964811 b8bed111 6a7b1ef7 dae68c35

417b4edf 822c9a13 306972b6 9d235d54 525bb6ea 336c3418 f9a02d4d a6961204

ffdfb139 ff7a94c1 5d50f1e5 54a3fedc 18c8a104 6230e567 90b4c0f2 211b4fd0

a383bb3f 26e210ae 4ce83f1c c9429ebe e5e40a2d 85a941dc 29277d7a 962be086

1ac59c78 8f6c87c5 f25cd40a 44e2624a fe10d6c2 5af2874e f5e1e821 5e48ab50

79b55a79 7c4a4558 c870c614 5059af27 1cf8d976 064bf229 8ca8ee02 01bc7db2

03fdc7c4 b03eafd0 4d837cec 243ab9bf 0682cb0b 6fb8182c e4387286 ddcf384c

7b47b0c3 c5d609c7 f8

2014-05-27 13:51:43 [DEBUG]: algorithm.c:469:alg_oakley_hmacdef(): hmac(hmac_sha2_512)

2014-05-27 13:51:43 [DEBUG]: algorithm.c:669:alg_ipsec_encdef(): encryption(aes)

2014-05-27 13:51:43 [DEBUG]: algorithm.c:712:alg_ipsec_hmacdef(): hmac(null)

2014-05-27 13:51:43 [DEBUG]: oakley.c:440:oakley_compute_keymat_x(): encklen=256 authklen=512

2014-05-27 13:51:43 [DEBUG]: oakley.c:447:oakley_compute_keymat_x(): generating 1536 bits of key (dupkeymat=3)

2014-05-27 13:51:43 [DEBUG]: oakley.c:465:oakley_compute_keymat_x(): generating K1...K3 for KEYMAT.

2014-05-27 13:51:43 [DEBUG]: algorithm.c:469:alg_oakley_hmacdef(): hmac(hmac_sha2_512)

2014-05-27 13:51:43 [DEBUG]: algorithm.c:469:alg_oakley_hmacdef(): hmac(hmac_sha2_512)

2014-05-27 13:51:43 [DEBUG]: oakley.c:526:oakley_compute_keymat_x():

51a89fb3 9abeaa15 90b5123f e344f5b8 aa6d4a60 60f53bce e80ae76d 86050c74

2c52d064 78498b47 c3569c37 84e0f59a e19af447 60357bdd 2533dadc e06508a5

3ad41e56 e83204a8 cb6fb021 972c46de 1fea8211 5de90b84 4cb1cb35 d38aa763

16216c20 e3a54b2e 93a2ae75 a9405da6 21b95dae f0a3e1ad bd2dc274 671cf9e0

3c357437 e0427c2a 1e045182 636d4138 1f559612 c53a07e3 7e3bc8d7 c69cbaee

2dd960a7 6ee4af35 85adc895 5f39bf63 163fd9e6 b3771a4c 12b5adb8 39102693

2014-05-27 13:51:43 [DEBUG]: oakley.c:335:oakley_compute_keymat(): KEYMAT computed.

2014-05-27 13:51:43 [PROTO_NOTIFY]: ikev1.c:2560:log_ph2established(): ====> PHASE-2 NEGOTIATION SUCCEEDED AS RESPONDER, (QUICK MODE) <====

====> Established SA: 122.152.XXX.XX[500]-175.184.XXX.XXX[500] message id:0xB940D104, SPI:0x9FB94E9A/0xFDC7C4B0 <====

2014-05-27 13:51:43 [DEBUG]: isakmp_quick.c:1824:quick_r3prep(): call pk_sendupdate

2014-05-27 13:51:43 [DEBUG]: algorithm.c:669:alg_ipsec_encdef(): encryption(aes)

2014-05-27 13:51:43 [DEBUG]: algorithm.c:712:alg_ipsec_hmacdef(): hmac(null)

2014-05-27 13:51:43 [INFO]: ike_pfkey.c:339:sadb_log_add(): SADB_UPDATE ul_proto=255 src=175.184.XXX.XXX[500] dst=122.152.XXX.XX[500] satype=ESP samode=tunl spi=0x9FB94E9A authtype=SHA512 enctype=AES256 lifetime soft time=3600 bytes=4718

592000 hard time=3600 bytes=4718592000

2014-05-27 13:51:43 [DEBUG]: isakmp_quick.c:1829:quick_r3prep(): pfkey update sent.

2014-05-27 13:51:43 [DEBUG]: algorithm.c:669:alg_ipsec_encdef(): encryption(aes)

2014-05-27 13:51:43 [DEBUG]: algorithm.c:712:alg_ipsec_hmacdef(): hmac(null)

2014-05-27 13:51:43 [INFO]: ike_pfkey.c:339:sadb_log_add(): SADB_ADD ul_proto=255 src=122.152.XXX.XX[500] dst=175.184.XXX.XXX[500] satype=ESP samode=tunl spi=0xFDC7C4B0 authtype=SHA512 enctype=AES256 lifetime soft time=3600 bytes=4718592

000 hard time=3600 bytes=4718592000

2014-05-27 13:51:43.409 +0200 debug: ifmon_request_put(daemon/panike_sysd_if.c:916): 16 write to pipe: keymirror_add

2014-05-27 13:51:43 [DEBUG]: pfkey.c:1182:ikev1_update_response(): pfkey UPDATE succeeded: ESP/Tunnel 175.184.XXX.XXX[500]->122.152.XXX.XX[500] spi=2679721626(0x9fb94e9a)

2014-05-27 13:51:43 [INFO]: pfkey.c:1187:ikev1_update_response(): IPsec-SA established: ESP/Tunnel 175.184.XXX.XXX[500]->122.152.XXX.XX[500] spi=2679721626(0x9fb94e9a)

2014-05-27 13:51:43 [PROTO_NOTIFY]: ikev1.c:2609:log_ipseckeyinstalled(): ====> IPSEC KEY INSTALLATION SUCCEEDED <====

====> Installed SA: 122.152.XXX.XX[500]-175.184.XXX.XXX[500] SPI:0x9FB94E9A/0xFDC7C4B0 lifetime 3600 Sec lifesize 4608000 KB <====

2014-05-27 13:51:43 [DEBUG]: isakmp_quick.c:1836:quick_r3prep(): pfkey add sent.

2014-05-27 13:51:43.415 +0200 debug: ifmon_request_get(daemon/panike_sysd_if.c:932): 16 read from pipe, msg type 4

2014-05-27 13:51:43.415 +0200 debug: pan_msg_process(daemon/panike_sysd_if.c:1030): request from pipe: keymirror_add

2014-05-27 13:51:43 [INFO]: keymgr_keymirror.c:83:ike_do_keymirror_add(): keymirror add start ++++++++++++++++

2014-05-27 13:51:43.415 +0200 debug: keymgr_keydb_insert(ikemgr/keymgr_db.c:108): keymgr: key insert called for tid:7

2014-05-27 13:51:43 [INFO]: keymgr_keymirror.c:87:ike_do_keymirror_add(): keymirror add for gw 6, tn 7, selfSPI 9FB94E9A, retcode 0.

2014-05-27 13:51:44.099 +0200 debug: ifmon_request_put(daemon/panike_sysd_if.c:916): 16 write to pipe: keymirror_del

2014-05-27 13:51:44.100 +0200 debug: ifmon_request_get(daemon/panike_sysd_if.c:932): 16 read from pipe, msg type 5

2014-05-27 13:51:44.100 +0200 debug: pan_msg_process(daemon/panike_sysd_if.c:1030): request from pipe: keymirror_del

2014-05-27 13:51:44 [INFO]: keymgr_keymirror.c:125:ike_do_keymirror_del(): keymirror del start ----------------

2014-05-27 13:51:44 [INFO]: keymgr_keymirror.c:130:ike_do_keymirror_del(): keymirror del for gw 6, tn 7, selfSPI B255F30F, retcode 0.

2014-05-27 13:51:44 [DEBUG]: handler.c:1710:remove_ph2(): Deleting a Ph2... status 9

2014-05-27 13:51:44 [DEBUG]: oakley.c:3811:oakley_newiv2(): compute IV for phase2

2014-05-27 13:51:44 [DEBUG]: oakley.c:3812:oakley_newiv2(): phase1 last IV:

2014-05-27 13:51:44 [DEBUG]: oakley.c:3813:oakley_newiv2():

dfc5ede0 0f13942d fec6b0e9 c729bc43 f5deef46

2014-05-27 13:51:44 [DEBUG]: algorithm.c:386:alg_oakley_hashdef(): hash(sha512)

2014-05-27 13:51:44 [DEBUG]: algorithm.c:529:alg_oakley_encdef(): encryption(aes)

2014-05-27 13:51:44 [DEBUG]: oakley.c:3846:oakley_newiv2(): phase2 IV computed:

2014-05-27 13:51:44 [DEBUG]: oakley.c:3847:oakley_newiv2():

d9c2329e 16054b7a 9f6a8ed8 5d5be2e1

2014-05-27 13:51:44 [DEBUG]: oakley.c:698:oakley_compute_hash1(): HASH with:

2014-05-27 13:51:44 [DEBUG]: oakley.c:699:oakley_compute_hash1():

f5deef46 00000010 00000001 03040001 b255f30f

2014-05-27 13:51:44 [DEBUG]: algorithm.c:469:alg_oakley_hmacdef(): hmac(hmac_sha2_512)

2014-05-27 13:51:44 [DEBUG]: oakley.c:708:oakley_compute_hash1(): HASH computed:

2014-05-27 13:51:44 [DEBUG]: oakley.c:709:oakley_compute_hash1():

f59bfe8c 35a4b8a8 85e5035b 418e38ee d3e206f2 84bbd907 473b6b5c f59fdadd

c85d504f 920da931 d3476a75 ed46c4fb 76283738 c489ee91 18bc35a7 6ca181c5

2014-05-27 13:51:44 [DEBUG]: oakley.c:4017:oakley_do_encrypt(): begin encryption.

2014-05-27 13:51:44 [DEBUG]: algorithm.c:529:alg_oakley_encdef(): encryption(aes)

2014-05-27 13:51:44 [DEBUG]: oakley.c:4033:oakley_do_encrypt(): pad length = 12

2014-05-27 13:51:44 [DEBUG]: oakley.c:4063:oakley_do_encrypt():

0c000044 f59bfe8c 35a4b8a8 85e5035b 418e38ee d3e206f2 84bbd907 473b6b5c

f59fdadd c85d504f 920da931 d3476a75 ed46c4fb 76283738 c489ee91 18bc35a7

6ca181c5 00000010 00000001 03040001 b255f30f d7784e92 5c4e0226 b7bf140c

2014-05-27 13:51:44 [DEBUG]: algorithm.c:529:alg_oakley_encdef(): encryption(aes)

2014-05-27 13:51:44 [DEBUG]: oakley.c:4073:oakley_do_encrypt(): with key:

2014-05-27 13:51:44 [DEBUG]: oakley.c:4074:oakley_do_encrypt():

97ce00c8 5f714f8a a13a1bb9 9898eaf0 e204f110 4144f29b 52e58c88 c8b2597f

2014-05-27 13:51:44 [DEBUG]: oakley.c:4079:oakley_do_encrypt(): encrypted payload by IV:

2014-05-27 13:51:44 [DEBUG]: oakley.c:4080:oakley_do_encrypt():

d9c2329e 16054b7a 9f6a8ed8 5d5be2e1

2014-05-27 13:51:44 [DEBUG]: oakley.c:4086:oakley_do_encrypt(): save IV for next:

2014-05-27 13:51:44 [DEBUG]: oakley.c:4087:oakley_do_encrypt():

74bfc887 5f0b2df9 09bf2f66 6d6a60ed

2014-05-27 13:51:44 [DEBUG]: oakley.c:4103:oakley_do_encrypt(): encrypted.

2014-05-27 13:51:44 [DEBUG]: ikev1.c:2990:isakmp_send(): 124 bytes from 122.152.XXX.XX[500] to 175.184.XXX.XXX[500]

2014-05-27 13:51:44 [DEBUG]: sockmisc.c:336:sendfromto(): sockname 122.152.XXX.XX[500]

2014-05-27 13:51:44 [DEBUG]: sockmisc.c:338:sendfromto(): send packet from 122.152.XXX.XX[500]

2014-05-27 13:51:44 [DEBUG]: sockmisc.c:340:sendfromto(): send packet to 175.184.XXX.XXX[500]

2014-05-27 13:51:44 [DEBUG]: sockmisc.c:525:sendfromto(): 1 times of 124 bytes message will be sent to 175.184.XXX.XXX[500]

2014-05-27 13:51:44 [DEBUG]: sockmisc.c:529:sendfromto():

145d0809 f142b7d7 e9f6b280 36b395b8 08100501 f5deef46 0000007c 86fe2a98

fd597097 9fec3f35 df039276 d08f05a8 8e8c2b3f 2169016b 804ae135 b444b13e

fa29352c f073c9aa 8818a667 3d557186 bc0c8c29 bf420e7c f7a8acfe 8043f286

d1535c44 7e6d3b05 9303acd7 74bfc887 5f0b2df9 09bf2f66 6d6a60ed

2014-05-27 13:51:44 [DEBUG]: isakmp_inf.c:805:isakmp_info_send_common(): sendto Information delete.

2014-05-27 13:51:44 [DEBUG]: oakley.c:3871:oakley_delivm(): IV freed

2014-05-27 13:51:44 [PROTO_NOTIFY]: ikev1.c:2632:log_ipseckeydeleted(): ====> IPSEC KEY DELETED <====

====> Deleted SA: 122.152.XXX.XX[500]-175.184.XXX.XXX[500] SPI:0xB255F30F/0xFDAC699A <====

2014-05-27 13:51:44 [INFO]: ike_pfkey.c:446:sadb_delete(): SADB_DELETE ul_proto=0 src=122.152.XXX.XX[500] dst=175.184.XXX.XXX[500] satype=ESP spi=0xB255F30F

2014-05-27 13:51:44 [INFO]: ike_pfkey.c:693:sadb_delete_callback(): received PFKEY_DELETE seq=0 satype=ESP spi=0xB255F30F

2014-05-27 13:51:44 [DEBUG]: oakley.c:3871:oakley_delivm(): IV freed

2014-05-27 13:51:47.083 +0200 debug: ifmon_request_put(daemon/panike_sysd_if.c:916): 16 write to pipe: keyacquire

2014-05-27 13:51:47.083 +0200 debug: ifmon_request_get(daemon/panike_sysd_if.c:932): 16 read from pipe, msg type 3

2014-05-27 13:51:47.083 +0200 debug: pan_msg_process(daemon/panike_sysd_if.c:1030): request from pipe: keyacquire

2014-05-27 13:51:47 [DEBUG]: if_spmd.c:912:parserep_slid(): SLID ok: 250 Tunnel-to-MEL1A(Gateway-MEL1A)_out

2014-05-27 13:51:47 [INFO]: ikev1.c:710:ikev1_initiate(): 0:122.152.XXX.XX[0] - 0.0.0.0[0]:(nil):remote Gateway-MEL1A passive mode specified for IKEv1, dropping acquire request

thank you in advance.

Highlighted
L3 Networker

It looks like something sends the request to delete the SA:

2014-05-27 13:51:44 [DEBUG]: isakmp_inf.c:805:isakmp_info_send_common(): sendto Information delete. 


Could you try to capture the IKE packets with "debug ike pcap on"?


You can look into the file with "debug ike pcap view" or export it via tftp/scp and look into it wiht wireshark for more information.


How much traffic goes through the tunnel? The lifetime is pretty big but if someone sends an image or bigger files over the tunnel it could be the reason. Did you create the tunnel?

Highlighted
L4 Transporter

thx.

Yes I set it up.... but we have not much experience with cisco and paloalto tunnels... so help is required =)

Here are some outputs:

13:51:11.227051 IP 165.228.XXX.XXX.500 > 122.152.XXX.XX.500: isakmp: phase 2/others I inf

13:51:11.228118 IP 122.152.XXX.XX.500 > 165.228.XXX.XXX.500: isakmp: phase 2/others R inf

13:51:41.473616 IP 165.228.XXX.XXX.500 > 122.152.XXX.XX.500: isakmp: phase 2/others I inf

13:51:41.474677 IP 122.152.XXX.XX.500 > 165.228.XXX.XXX.500: isakmp: phase 2/others R inf

13:51:43.122819 IP 175.184.XXX.XXX.500 > 122.152.XXX.XX.500: isakmp: phase 2/others I oakley-quick

13:51:43.151751 IP 122.152.XXX.XX.500 > 175.184.XXX.XXX.500: isakmp: phase 2/others R oakley-quick

13:51:43.377068 IP 175.184.XXX.XXX.500 > 122.152.XXX.XX.500: isakmp: phase 2/others I oakley-quick

13:51:44.100986 IP 122.152.XXX.XX.500 > 175.184.XXX.XXX.500: isakmp: phase 2/others R inf

13:51:50.700915 IP 165.228.XXX.XXX.500 > 122.152.XXX.XX.500: isakmp: phase 2/others I inf

13:51:50.701992 IP 122.152.XXX.XX.500 > 165.228.XXX.XXX.500: isakmp: phase 2/others R inf

13:52:10.381501 IP 165.228.XXX.XXX.500 > 122.152.XXX.XX.500: isakmp: phase 2/others I inf

Searched in wirkeshark for "delete" :

5-27-2014 3-25-36 PM.png5-27-2014 3-23-23 PM.png5-27-2014 3-23-02 PM.png5-27-2014 3-21-47 PM.png

Highlighted
L3 Networker

Did you check again if every phase is the same on the paloalto and the cisco device?

The last time I saw this behavior it was a damaged SA on the cisco device which generated two SAs for the same subnets and after a time one was deleted. I would delete the lifesize of the phase 2 if it's not needed. Do you have access to both sides?

Highlighted
L4 Transporter

the lifesize at PaloAlto side is not set and at Cisco side also with:

crypto IPsec profile P1

set security-association lifetime kilobytes disable


Highlighted
L7 Applicator

Hello Hithead,

Could you please share SYSTEM logs from Palo Alto FW during that time. It will give us some indication here.

Thanks

Highlighted
L4 Transporter

5-28-2014 9-37-34 AM.png

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!