
普通的配置方法已经有很多人发帖了,这里不再重复。发debug。彩色字体部分详细的标识了VPN的建立过程,希望对大家排错有所帮助!* E, f; n4 J0 T
' b- n: Q! I- d
*Mar 1 04:05:04.103: ISAKMP: received ke message (1/1)
) `( x3 Z; h1 e5 B*Mar 1 04:05:04.103: ISAKMP (0:0): SA request profile is (NULL)
% k; e9 ~3 w0 I, n: k*Mar 1 04:05:04.103: ISAKMP: local port 500, remote port 500( Y' _1 v& Y/ C- k
*Mar 1 04:05:04.107: ISAKMP: set new node 0 to QM_IDLE
0 k+ a, X! F7 S3 U6 d2 {*Mar 1 04:05:04.107: ISAKMP: insert sa successfully sa = 82D88E8C4 n; [" o6 G/ P: z. H. ]
*Mar 1 04:05:04.107: ISAKMP (0:1): Can not start Aggressive mode, trying Main mode.
" g3 `4 d5 B L*Mar 1 04:05:04.107: ISAKMP: Looking for a matching key for 202.100.2.1 in default : success7 M# w. @/ s+ r6 o
*Mar 1 04:05:04.107: ISAKMP (0:1): found peer pre-shared key matching 202.100.2.1- b( i, g, k( ]: o
*Mar 1 04:05:04.111: ISAKMP (0:1): constructed NAT-T vendor-07 ID, k j& O- N8 A. D0 n
*Mar 1 04:05:04.111: ISAKMP (0:1): constructed NAT-T vendor-03 ID, |2 U, e5 Y# Q0 G# H
*Mar 1 04:05:04.111: ISAKMP (0:1): constructed NAT-T vendor-02 ID- `5 q. v$ G" h% z. o: T! s6 v; J
*Mar 1 04:05:04.111: ISAKMP (0:1): Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM& ^! M# h1 Y; r. M
*Mar 1 04:05:04.111: ISAKMP (0:1): Old State = IKE_READY New State = IKE_I_MM1 2 e5 z4 E$ }0 G0 A$ V. k
6 W$ V( G, b# V! x" @*Mar 1 04:05:04.111: ISAKMP (0:1): beginning Main Mode exchange9 M# k5 C- K! U3 K
*Mar 1 04:05:04.115: ISAKMP (0:1): sending packet to 202.100.2.1 my_port 500 peer_port 500 (I) MM_NO_STATE
" `$ R3 D: p) h* `8 {6 A*Mar 1 04:05:04.***: ISAKMP (0:1): received packet from 202.100.2.1 dport 500 sport 500 Global (I) MM_NO_STATE*Mar 1 04:05:04.428: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH- N3 d5 s2 I& M' I* r8 e: e
*Mar 1 04:05:04.428: ISAKMP (0:1): Old State = IKE_I_MM1 New State = IKE_I_MM2
, c: W# ?% \ a" c0 R' K. E$ G0 e
*Mar 1 04:05:04.428: ISAKMP (0:1): processing SA payload. message ID = 06 S- I- U; r4 A1 O3 g
*Mar 1 04:05:04..!!!!
/ P+ X: _# K4 }9 E# ^! b: QSuccess rate is 80 percent (4/5), round-trip min/avg/max = 8/9/12 ms/ P( O0 z6 X* F% j( v/ L! d
r1#428: ISAKMP (0:1): processing vendor id payload
8 V4 M5 _4 z; c9 u2 O8 V, P4 @*Mar 1 04:05:04.432: ISAKMP (0:1): vendor ID seems Unity/DPD but major 245 mismatch
+ _( |3 O) \/ z) e# J. E3 f*Mar 1 04:05:04.432: ISAKMP (0:1): vendor ID is NAT-T v7
2 o: S7 r5 a' X& u7 q*Mar 1 04:05:04.432: ISAKMP: Looking for a matching key for 202.100.2.1 in default : success
% ?) z: h$ z* w5 ~& |: h1 o8 k+ m$ s*Mar 1 04:05:04.432: ISAKMP (0:1): found peer pre-shared key matching 202.100.2.1+ C% r$ V# ^2 S8 |
*Mar 1 04:05:04.432: ISAKMP (0:1) local preshared key found
' H! w1 B7 ]6 b' L*Mar 1 04:05:04.432: ISAKMP : Scanning profiles for xauth ...
: x: ` V+ X/ R# X; O; H% w*Mar 1 04:05:04.432: ISAKMP (0:1): Checking ISAKMP transform 1 against priority 10 policy, |2 f0 P( d6 S+ _6 P' G( k1 R
*Mar 1 04:05:04.436: ISAKMP: encryption 3DES-CBC
! } [# O5 W+ ~7 c* l+ j; j*Mar 1 04:05:04.436: ISAKMP: hash MD5
: {9 `0 B2 [: q4 n5 F. U*Mar 1 04:05:04.436: ISAKMP: default group 2 O$ O2 Q3 b, r3 W! Z# b* v, p4 C% R
*Mar 1 04:05:04.436: ISAKMP: auth pre-share; F) ?; C. F* }" R$ {4 i
*Mar 1 04:05:04.436: ISAKMP: life type in seconds
* E2 N1 l7 k% ~4 Y: @5 [* z' b' ~& J*Mar 1 04:05:04.436: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
( I3 c! N1 I% S, x, `3 b*Mar 1 04:05:04.436: ISAKMP (0:1): atts are acceptable. Next payload is 0
* N9 U4 ^* y3 B5 G*Mar 1 04:05:04.712: ISAKMP (0:1): processing vendor id payload; y: _; c' @4 n- [
*Mar 1 04:05:04.712: ISAKMP (0:1): vendor ID seems Unity/DPD but major 245 mismatch
$ H8 A M9 M/ A& h*Mar 1 04:05:04.712: ISAKMP (0:1): vendor ID is NAT-T v7; V; [- ]) C, v/ @5 T2 u$ G
*Mar 1 04:05:04.712: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE5 B: y: v/ \( m4 k
*Mar 1 04:05:04.716: ISAKMP (0:1): Old State = IKE_I_MM2 New State = IKE_I_MM2 * Z4 `$ b8 d8 {& s6 h! o! p
3 a/ ?, Y8 f4 N; `* z
*Mar 1 04:05:04.732: ISAKMP (0:1): sending packet to 202.100.2.1 my_port 500 peer_port 500 (I) MM_SA_SETUP
% Y: T; U, x1 N( @3 u8 Y3 e" e( @*Mar 1 04:05:04.732: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
; {' x9 }, o5 O( Z/ R- i# K*Mar 1 04:05:04.732: ISAKMP (0:1): Old State = IKE_I_MM2 New State = IKE_I_MM3 % s7 x2 c) H1 W; m' f' y
, G2 ?$ I& l% R
*Mar 1 04:05:05.113: ISAKMP (0:1): received packet from 202.100.2.1 dport 500 sport 500 Global (I) MM_SA_SETUP*Mar 1 04:05:05.117: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH! b3 h6 o$ N2 b7 P0 B+ N& Z
*Mar 1 04:05:05.117: ISAKMP (0:1): Old State = IKE_I_MM3 New State = IKE_I_MM4 / n- p1 H3 d6 Z+ ^
6 _1 ^3 ?+ A- d2 T3 B: L5 S2 C6 y*Mar 1 04:05:05.121: ISAKMP (0:1): processing KE payload. message ID = 00 P6 |5 m1 M0 F- x3 G
*Mar 1 04:05:05.458: ISAKMP (0:1): processing NONCE payload. message ID = 0*Mar 1 04:05:05.462: ISAKMP: Looking for a matching key for 202.100.2.1 in default : success" w0 {! H6 n' @+ d" `) D* l/ _
*Mar 1 04:05:05.462: ISAKMP (0:1): found peer pre-shared key matching 202.100.2.13 r( a8 O7 |2 G$ X n: d `
*Mar 1 04:05:05.466: ISAKMP (0:1): SKEYID state generated
1 O+ s# }- k, E/ N: c*Mar 1 04:05:05.466: ISAKMP (0:1): processing vendor id payload
2 M2 i" S% ^; A$ U4 A*Mar 1 04:05:05.466: ISAKMP (0:1): vendor ID is Unity2 \4 J/ T, _# X4 _& \- l
*Mar 1 04:05:05.466: ISAKMP (0:1): processing vendor id payload
/ v, ]9 o/ u4 B, Z4 I, u3 Z*Mar 1 04:05:05.466: ISAKMP (0:1): vendor ID is DPD
. E& a7 w: @( w*Mar 1 04:05:05.470: ISAKMP (0:1): processing vendor id payload. }1 O# T, L p2 G
*Mar 1 04:05:05.470: ISAKMP (0:1): speaking to another IOS box!% P* Y" ?8 T/ K& W
*Mar 1 04:05:05.470: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
q5 ^; x# D- C$ Y- U3 w*Mar 1 04:05:05.470: ISAKMP (0:1): Old State = IKE_I_MM4 New State = IKE_I_MM4
9 D* `3 @% }. M- P O
1 ^, }3 T9 s# |' ~*Mar 1 04:05:05.474: ISAKMP (0:1): Send initial contact3 n& V; z: U$ e
*Mar 1 04:05:05.474: ISAKMP (0:1): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR) h: J. v1 d2 }9 l9 R3 s
*Mar 1 04:05:05.474: ISAKMP (0:1): ID payload 2 F+ ~" Z; i* _7 J' h# I% H1 \1 J: M
next-payload : 8
; G2 ^- \! h! a4 f3 Z( b type : 1
& o: E$ }, G& c# W address : 202.100.1.1 + [. w8 n# Q. e+ Z7 Y
protocol : 17 ( C& y$ M$ L% L
port : 500
2 u& `# {. z) u( @. J) K5 v length : 12
8 ?, D1 t2 f4 [" c" s*Mar 1 04:05:05.478: ISAKMP (1): Total payload length: 125 U3 u5 M; @+ |$ f
*Mar 1 04:05:05.478: ISAKMP (0:1): sending packet to 202.100.2.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH" x0 Y* }4 U, G3 U' J, X
*Mar 1 04:05:05.482: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
) n$ [" X6 t: z*Mar 1 04:05:05.482: ISAKMP (0:1): Old State = IKE_I_MM4 New State = IKE_I_MM5 0 s2 W3 c' A c
- n6 k% N% X" t" a' B5 w d
*Mar 1 04:05:05.522: ISAKMP (0:1): received packet from 202.100.2.1 dport 500 sport 500 Global (I) MM_KEY_EXCH*Mar 1 04:05:05.526: ISAKMP (0:1): processing ID payload. message ID = 0
H% q* M g7 ?*Mar 1 04:05:05.526: ISAKMP (0:1): ID payload
7 l' b. V! N( m next-payload : 8" O+ I2 y: g* D. R8 n* ]2 c: ]) D
type : 1
, V/ X1 E: z( U) W! ?, i6 B address : 202.100.2.1 4 d2 h6 N# k- j; G2 I
protocol : 17
4 E! r( \5 k) H, F& \/ l port : 500
- M) o5 O/ S0 o length : 12
; {! z$ _7 Z; x/ A*Mar 1 04:05:05.530: ISAKMP (0:1): processing HASH payload. message ID = 0) J. [" d2 O( ^) @6 u" ?
*Mar 1 04:05:05.530: ISAKMP (0:1): SA authentication status:
. S `# m/ X5 T, r6 r authenticated# O$ g5 _1 [" M9 P# S
*Mar 1 04:05:05.530: ISAKMP (0:1): SA has been authenticated with 202.100.2.1( `% S* N5 Z8 \* S6 J$ Z- e' f8 C
*Mar 1 04:05:05.530: ISAKMP (0:1): peer matches *none* of the profiles& @( ?, e0 v/ W
*Mar 1 04:05:05.530: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
5 B) `4 T/ k- k* @* m) ^1 _*Mar 1 04:05:05.534: ISAKMP (0:1): Old State = IKE_I_MM5 New State = IKE_I_MM6
4 ]+ V4 I! q% h: e$ ^ g2 ^8 g
( a0 k3 a d: {7 Z9 a$ V*Mar 1 04:05:05.534: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
0 I2 K/ r4 c7 q( }6 U2 \# h* |*Mar 1 04:05:05.534: ISAKMP (0:1): Old State = IKE_I_MM6 New State = IKE_I_MM6
7 J/ c9 t4 |3 Q" ~+ e8 `2 ?+ c# T9 ]5 G: L; e- I# k" s: k Y7 X& a
*Mar 1 04:05:05.538: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE1 ~; E2 E7 }6 c& t1 V' c
*Mar 1 04:05:05.538: ISAKMP (0:1): Old State = IKE_I_MM6 New State = IKE_P1_COMPLETE 8 k y1 J2 T9 T# j* j t
9 S) m! x) K* }; l* h2 `
*Mar 1 04:05:05.542: ISAKMP (0:1): received packet from 202.100.2.1 dport 500 sport 500 Global (I) MM_KEY_EXCH8 M( M e% V% `# y0 F6 i5 G
*Mar 1 04:05:05.542: ISAKMP: set new node 2146831297 to QM_IDLE 1 `! f# ~9 Z7 S2 t
*Mar 1 04:05:05.546: ISAKMP (0:1): processing HASH payload. message ID = 2146831297
W( B( ?. n% z+ @5 I% d*Mar 1 04:05:05.546: ISAKMP (0:1): processing DELETE payload. message ID = 2146831297
( q& b8 N& o# W. m- n' A*Mar 1 04:05:05.546: ISAKMP (0:1): peer does not do paranoid keepalives.
; Z+ N- F( @; ~' U3 p+ y5 Q2 Z. w: V( M+ Q. D
*Mar 1 04:05:05.546: ISAKMP (0:1): deleting node 2146831297 error FALSE reason "informational (in) state 1"3 S: k( w y0 q
*Mar 1 04:05:05.550: ISAKMP (0:1): beginning Quick Mode exchange, M-ID of 1272987518
7 e; k! S, \7 _*Mar 1 04:05:05.550: IPSEC(key_engine): got a queue event...3 k" P4 e1 e7 P4 B R0 M, w
*Mar 1 04:05:05.550: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP
5 @1 C T: Y6 M6 |. W* c& _*Mar 1 04:05:05.554: ISAKMP (0:1): sending packet to 202.100.2.1 my_port 500 peer_port 500 (I) QM_IDLE ) h5 x( F! [6 n* Y0 Y4 w( B
*Mar 1 04:05:05.558: ISAKMP (0:1): Node 1272987518, Input = IKE_MESG_INTERNAL, IKE_INIT_QM h2 i5 e' e' Q" L
*Mar 1 04:05:05.558: ISAKMP (0:1): Old State = IKE_QM_READY New State = IKE_QM_I_QM1 c9 F. Z3 G9 k
*Mar 1 04:05:05.558: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE# G1 [+ G! Y4 a/ I' _3 h. ~
*Mar 1 04:05:05.558: ISAKMP (0:1): Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
5 k0 _* w+ Y& S# l* Z# B7 l
5 a1 r: w) d, H+ Z*Mar 1 04:05:05.846: ISAKMP (0:1): received packet from 202.100.2.1 dport 500 sport 500 Global (I) QM_IDLE
/ ^$ O8 N5 n. b7 [, [*Mar 1 04:05:05.850: ISAKMP (0:1): processing HASH payload. message ID = 1272987518
! D" t! w" W4 |+ o*Mar 1 04:05:05.854: ISAKMP (0:1): processing SA payload. message ID = 1272987518
0 m6 U3 L! z7 L8 R: J5 }*Mar 1 04:05:05.854: ISAKMP (0:1): Checking IPSec proposal 1
( P* r& O1 e" I F, I( ~1 K*Mar 1 04:05:05.854: ISAKMP: transform 1, ESP_DES, |3 J' c' a" b
*Mar 1 04:05:05.854: ISAKMP: attributes in transform:; l% Y+ z8 T; ]3 k ~# w2 c, H
*Mar 1 04:05:05.854: ISAKMP: encaps is 1 (Tunnel)
' x ~. U* X" u4 `*Mar 1 04:05:05.854: ISAKMP: SA life type in seconds
: m; {# Y0 G0 e$ D*Mar 1 04:05:05.854: ISAKMP: SA life duration (basic) of 3600
% N! @# p- F0 G$ ^*Mar 1 04:05:05.854: ISAKMP: SA life type in kilobytes* I; T8 M* N7 N; _
*Mar 1 04:05:05.854: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 0 k/ p4 y0 h2 i9 w7 c
*Mar 1 04:05:05.858: ISAKMP: authenticator is HMAC-MD5/ S* N# Q9 u& r" w+ v0 @
*Mar 1 04:05:05.858: ISAKMP (0:1): atts are acceptable.
. \$ z; S( t- C* O; m*Mar 1 04:05:05.858: IPSEC(validate_proposal_request): proposal part #1,
* U1 z% ?# h0 x+ ?7 E' o; w% n3 f1 z (key eng. msg.) INBOUND local= 202.100.1.1, remote= 202.100.2.1,
/ C/ \! E ~# [1 z local_proxy= 1.1.1.1/255.255.255.255/0/0 (type=1), / o( J" B6 R% f( H8 H0 ^
remote_proxy= 2.2.2.2/255.255.255.255/0/0 (type=1),0 F6 D6 a Q% `) V0 k: C8 U4 o
protocol= ESP, transform= esp-des esp-md5-hmac (Tunnel), 7 I- N2 N" X n1 `/ j
lifedur= 0s and 0kb, 2 d) }( a4 k3 ]9 ^# q
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2
, W# h. j3 s3 ]- @*Mar 1 04:05:05.862: IPSEC(kei_proxy): head = wolf, map->ivrf = , kei->ivrf =
+ G+ O2 d) j! `9 u0 d*Mar 1 04:05:05.862: ISAKMP (0:1): processing NONCE payload. message ID = 1272987518
, k3 u i$ b8 i7 R8 V5 u. ~*Mar 1 04:05:05.862: ISAKMP (0:1): processing ID payload. message ID = 1272987518! u, W0 G/ ?5 s4 q
*Mar 1 04:05:05.866: ISAKMP (0:1): processing ID payload. message ID = 1272987518
1 Y: T0 T# t8 N. C. p4 S" b- w*Mar 1 04:05:05.870: ISAKMP (0:1): Creating IPSec SAs
/ r$ p6 e% x, K3 n9 k7 l& P( M*Mar 1 04:05:05.870: inbound SA from 202.100.2.1 to 202.100.1.1 (f/i) 0/ 06 U4 r/ a- ~4 }8 p
(proxy 2.2.2.2 to 1.1.1.1)
3 A2 f. S6 m% x* I; v3 e*Mar 1 04:05:05.874: has spi 0x8DFEAD8F and conn_id 2000 and flags 22 F( B7 d) T7 g/ s
*Mar 1 04:05:05.874: lifetime of 3600 seconds4 @, @4 K2 c9 h L
*Mar 1 04:05:05.874: lifetime of 4608000 kilobytes/ W% l7 k+ @8 Q* M/ S
*Mar 1 04:05:05.874: has client flags 0x0
7 t2 O( j$ H) W# M7 S3 T1 [*Mar 1 04:05:05.874: outbound SA from 202.100.1.1 to 202.100.2.1 (f/i) 0/ 0 (proxy 1.1.1.1 to 2.2.2.2 )
+ `5 y1 n3 d' U% _$ j) O*Mar 1 04:05:05.874: has spi 722357331 and conn_id 2001 and flags A
- X' J. n* z& _*Mar 1 04:05:05.874: lifetime of 3600 seconds! R2 h. D7 `. t1 _& b* R0 `
*Mar 1 04:05:05.874: lifetime of 4608000 kilobytes& ?" @: i( ?$ N2 h9 n7 M0 ?
*Mar 1 04:05:05.878: has client flags 0x0
& W4 X' H+ Z; l2 {, w% G4 ^*Mar 1 04:05:05.878: ISAKMP (0:1): sending packet to 202.100.2.1 my_port 500 peer_port 500 (I) QM_IDLE 2 S* Z3 B3 ^6 c$ a1 j
*Mar 1 04:05:05.878: ISAKMP (0:1): deleting node 1272987518 error FALSE reason ""
( w$ m' V% q! n! y: s. h7 W2 O*Mar 1 04:05:05.878: ISAKMP (0:1): Node 1272987518, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
, p4 f4 U, j6 R! v# Z" N*Mar 1 04:05:05.878: ISAKMP (0:1): Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE( n$ S6 V% r& ~) @# L) K7 M
*Mar 1 04:05:05.882: IPSEC(key_engine): got a queue event...
. A5 v' g/ _' p1 ]& k2 c% F) k*Mar 1 04:05:05.882: IPSEC(initialize_sas): ,% V$ z6 e7 q. p
(key eng. msg.) INBOUND local= 202.100.1.1, remote= 202.100.2.1,
: _; o7 }1 O4 E L, I9 K* s local_proxy= 1.1.1.1/0.0.0.0/0/0 (type=1),
L' ?" c7 ?/ |0 y remote_proxy= 2.2.2.2/0.0.0.0/0/0 (type=1),
1 F8 B& z5 S: x8 \ protocol= ESP, transform= esp-des esp-md5-hmac (Tunnel),
# ]0 m( I" B* b lifedur= 3600s and 4608000kb, 5 W3 O3 z1 V+ I8 G! X* K
spi= 0x8DFEAD8F(2382278031), conn_id= 2000, keysize= 0, flags= 0x2* ?( Y G/ F1 W* X6 v: W( g
*Mar 1 04:05:05.886: IPSEC(initialize_sas): ,
3 L. j" V9 i0 [9 O% l# X ~% g8 v( o (key eng. msg.) OUTBOUND local= 202.100.1.1, remote= 202.100.2.1, 2 a" t& T9 P S, e1 C
local_proxy= 1.1.1.1/0.0.0.0/0/0 (type=1),
) I9 L! x- u; G: m remote_proxy= 2.2.2.2/0.0.0.0/0/0 (type=1),
% U5 x. b* N! k2 P! D( X" ^( P protocol= ESP, transform= esp-des esp-md5-hmac (Tunnel), : b b% }6 A* ~+ ?% z `; G
lifedur= 3600s and 4608000kb,
" d* A) @3 G+ i5 N spi= 0x2B0E4C53(722357331), conn_id= 2001, keysize= 0, flags= 0xA
* a! w' f# W2 ^+ ~" [+ }2 e% {9 k8 C*Mar 1 04:05:05.886: IPSEC(kei_proxy): head = wolf, map->ivrf = , kei->ivrf =
, u5 ~9 s/ C3 r9 A/ b*Mar 1 04:05:05.890: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and 202.100.2.13 d1 ?- l8 }4 x/ d/ s3 M4 a8 t
*Mar 1 04:05:05.890: IPSEC(add mtree): src 1.1.1.1, dest 2.2.2.2, dest_port 0
h# V9 o* M& d3 |/ o
* d4 M1 _+ A8 G# @- } k*Mar 1 04:05:05.890: IPSEC(create_sa): sa created,
4 A0 n2 k- y# R1 ^3 ^- @ (sa) sa_dest= 202.100.1.1, sa_prot= 50,
+ a! p$ o, W3 ~+ x+ u( S sa_spi= 0x8DFEAD8F(2382278031),
, f7 g- l; ~" q: h; z5 H sa_trans= esp-des esp-md5-hmac , sa_conn_id= 20002 {- P+ @ L3 f' j1 U6 J
*Mar 1 04:05:05.890: IPSEC(create_sa): sa created,
1 L, v) |- I, h+ i' a/ _) |/ t7 S! m (sa) sa_dest= 202.100.2.1, sa_prot= 50, - G6 }1 t z9 Z% I8 o3 f4 S: U. |5 M
sa_spi= 0x2B0E4C53(722357331),
3 q" b- ]# H; G9 Z sa_trans= esp-des esp-md5-hmac , sa_conn_id= 2001
0 [8 d. g8 k( u3 v*Mar 1 04:05:15.530: ISAKMP (0:1): received packet from 202.100.2.1 dport 500 sport 500 Global (I) QM_IDLE
5 s0 V3 y4 [7 p& Z*Mar 1 04:05:15.530: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet.
, y& R. F1 a7 |1 I*Mar 1 04:05:15.534: ISAKMP (0:1): retransmitting due to retransmit phase 2
0 X& G1 z! A( |9 K: |$ J. ~*Mar 1 04:05:15.534: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 2146831297
* U9 E! J- O9 s, A*Mar 1 04:05:25.530: ISAKMP (0:1): received packet from 202.100.2.1 dport 500 sport 500 Global (I) QM_IDLE ) V0 r3 m* q2 t( ?. j; I/ W
*Mar 1 04:05:25.530: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet.5 b; e2 P' i9 S. O. P
*Mar 1 04:05:25.530: ISAKMP (0:1): retransmitting due to retransmit phase 2
+ _: ~- y* Y ~7 T1 r6 J! u*Mar 1 04:05:25.534: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 2146831297
8 t" j5 j7 G: `, X*Mar 1 04:05:35.531: ISAKMP (0:1): received packet from 202.100.2.1 dport 500 sport 500 Global (I) QM_IDLE H [- g- z6 k. r( G" z
*Mar 1 04:05:35.535: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet.9 _# Q4 @+ z7 `; E, ^- v& w9 P
*Mar 1 04:05:35.535: ISAKMP (0:1): retransmitting due to retransmit phase 2
8 S# f# J5 e, E5 V' u5 C6 {, O8 [*Mar 1 04:05:35.535: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 2146831297
; D. ^. H: e; k# ^: I! O! A7 M8 H# [*Mar 1 04:05:45.531: ISAKMP (0:1): received packet from 202.100.2.1 dport 500 sport 500 Global (I) QM_IDLE
, D2 B& p, r8 a: P% f! Z*Mar 1 04:05:45.531: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet.- R; e, ] m/ R- p7 l
*Mar 1 04:05:45.535: ISAKMP (0:1): retransmitting due to retransmit phase 22 q" f3 _: n0 o/ R; a& Q
*Mar 1 04:05:45.535: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 2146831297
, q: |5 D- D* x; [1 g ^8 xr1# |
|