vpn1#
vpn1#show run
vpn1#show running-config
Building configuration...
Current configuration : 3994 bytes
!
version 15.7
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname vpn1
!
boot-start-marker
boot-end-marker
!
!
logging buffered 32768
!
no aaa new-model
!
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
no ip icmp rate-limit unreachable
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
redundancy
!
no cdp log mismatch duplex
!
ip tcp synwait-time 5
!
!
crypto ikev2 proposal ikev2proposal
encryption aes-cbc-256
integrity sha256
group 14
!
crypto ikev2 policy ikev2policy
proposal ikev2proposal
!
crypto ikev2 keyring keys
peer vpn2-router
address 172.16.10.129
pre-shared-key presharedkeyphrase
!
!
!
crypto ikev2 profile ikev2profile
match identity remote address 172.16.10.129 255.255.255.255
authentication remote pre-share
authentication local pre-share
keyring local keys
!
!
!
crypto ipsec transform-set TS esp-aes esp-sha256-hmac
mode tunnel
!
!
!
crypto map cmap 10 ipsec-isakmp
set peer 172.16.10.129
set transform-set TS
set ikev2-profile ikev2profile
match address cryptoacl
!
!
!
!
!
interface GigabitEthernet0/0
ip address 172.16.10.1 255.255.255.128
duplex auto
speed auto
media-type rj45
crypto map cmap
!
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/3
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 172.16.10.128 255.255.255.128 172.16.10.126
ip route 192.168.2.0 255.255.255.0 172.16.10.126
!
ip access-list extended cryptoacl
permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
!
ipv6 ioam timestamp
!
!
!
control-plane
!
banner exec ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************^C
banner incoming ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************^C
banner login ^C
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS *
* education. IOSv is provided as-is and is not supported by Cisco's *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any *
* purposes is expressly prohibited except as otherwise authorized by *
* Cisco in writing. *
**************************************************************************^C
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
transport input none
!
no scheduler allocate
!
end
vpn1#
vpn1#show crypto ikev2 sa
IPv4 Crypto IKEv2 SA
Tunnel-id Local Remote fvrf/ivrf Status
1 172.16.10.1/500 172.16.10.129/500 none/none READY
Encr: AES-CBC, keysize: 256, PRF: SHA256, Hash: SHA256, DH Grp:14, Auth sign: PSK, Auth verify: PSK
Life/Active Time: 86400/43 sec
IPv6 Crypto IKEv2 SA
vpn1#
vpn1#
vpn1#show crypto ipsec sa
interface: GigabitEthernet0/0
Crypto map tag: cmap, local addr 172.16.10.1
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.2.0/255.255.255.0/0/0)
current_peer 172.16.10.129 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 4, #pkts encrypt: 4, #pkts digest: 4
#pkts decaps: 4, #pkts decrypt: 4, #pkts verify: 4
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 172.16.10.1, remote crypto endpt.: 172.16.10.129
plaintext mtu 1438, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
current outbound spi: 0xE3B78ED3(3820457683)
PFS (Y/N): N, DH group: none
inbound esp sas:
spi: 0x2F4DBF90(793624464)
transform: esp-aes esp-sha256-hmac ,
in use settings ={Tunnel, }
conn id: 2, flow_id: SW:2, sibling_flags 80000040, crypto map: cmap
sa timing: remaining key lifetime (k/sec): (4313568/3553)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xE3B78ED3(3820457683)
transform: esp-aes esp-sha256-hmac ,
in use settings ={Tunnel, }
conn id: 1, flow_id: SW:1, sibling_flags 80000040, crypto map: cmap
sa timing: remaining key lifetime (k/sec): (4313568/3553)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
outbound ah sas:
outbound pcp sas:
vpn1#
vpn1#clear crypto ikev2 sa
vpn1#
Payload contents:
DELETE Next payload: NOTIFY, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, num of spi: 0
NOTIFY(DELETE_REASON) Next payload: NONE, reserved: 0x0, length: 14
Security protocol id: Unknown - 0, spi size: 0, type: DELETE_REASON
*Sep 24 12:13:34.725: IKEv2-PAK:(SESSION ID = 1,SA ID = 1):Next payload: ENCR, version: 2.0 Exchange type: INFORMATIONAL, flags: INITIATOR Message id: 2, length: 96
Payload contents:
ENCR Next payload: DELETE, reserved: 0x0, length: 68
*Sep 24 12:13:34.744: [Delete SA] -> [Sibling 2F4DBF90]: message Message - Delete Sibling
vpn1#
vpn1#
vpn1#
vpn1#
*Sep 24 12:13:34.744: [Sibling 2F4DBF90]: message = Message - Delete Sibling
*Sep 24 12:13:34.745: [Sibling 2F4DBF90] -> [Ident 80000002]: message Message - Delete SA
*Sep 24 12:13:34.746: [Ident 80000002]: message = Message - Delete SA
*Sep 24 12:13:34.754: [Sibling 2F4DBF90] -> [Session]: message Message - Not In Use
*Sep 24 12:13:34.754: [Session]: message = Message - Not In Use
*Sep 24 12:13:34.761: IKEv2-PAK:(SESSION ID = 1,SA ID = 1):Next payload: ENCR, version: 2.0 Exchange type: INFORMATIONAL, flags: RESPONDER MSG-RESPONSE Message id: 2, length: 80
Payload contents:
vpn1#
vpn1#
vpn1#
*Sep 24 12:13:45.600: [] -> [ACL cryptoacl]: message ACL notify RP
*Sep 24 12:13:45.601: [ACL cryptoacl]: message = ACL notify RP
*Sep 24 12:13:45.654: IKEv2-PAK:(SESSION ID = 1,SA ID = 1):Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: INITIATOR Message id: 0, length: 518
Payload contents:
SA Next payload: KE, reserved: 0x0, length: 48
last proposal: 0x0, reserved: 0x0, length: 44
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
KE Next payload: N, reserved: 0x0, length: 264
DH group: 14, Reserved: 0x0
N Next payload: VID, reserved: 0x0, length: 36
VID Next payload: VID, reserved: 0x0, length: 23
VID Next payload: VID, reserved: 0x0, length: 19
VID Next payload: VID, reserved: 0x0, length: 23
VID Next payload: NOTIFY, reserved: 0x0, length: 21
NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_SOURCE_IP
NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: NONE, reserved: 0x0, length: 28
Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
*Sep 24 12:13:45.729: IKEv2-PAK:(SESSION ID = 1,SA ID = 1):Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE Message id: 0, length: 518
Payload contents:
SA Next payload: KE, reserved: 0x0, length: 48
last proposal: 0x0, reserved: 0x0, length: 44
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last
vpn1# transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
KE Next payload: N, reserved: 0x0, length: 264
DH group: 14, Reserved: 0x0
N Next payload: VID, reserved: 0x0, length: 36
VID Next payload: VID, reserved: 0x0, length: 23
VID Next payload: VID, reserved: 0x0, length: 19
VID Next payload: VID, reser
vpn1#ved: 0x0, length: 23
VID Next payload: NOTIFY, reserved: 0x0, length: 21
NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_SOURCE_IP
NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: NONE, reserved: 0x0, length: 28
Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
Payload contents:
VID Next payload: IDi, reserved: 0x0, length: 20
IDi Next payload: AUTH, res
vpn1#erved: 0x0, length: 12
Id type: IPv4 address, Reserved: 0x0 0x0
AUTH Next payload: SA, reserved: 0x0, length: 40
Auth method PSK, reserved: 0x0, reserved 0x0
SA Next payload: TSi, reserved: 0x0, length: 44
last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 3 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
last t
vpn1#ransform: 0x0, reserved: 0x0: length: 8
type: 5, reserved: 0x0, id: Don't use ESN
TSi Next payload: TSr, reserved: 0x0, length: 40
Num of TSs: 2, reserved 0x0, reserved 0x0
TS type: TS_IPV4_ADDR_RANGE, proto id: 1, length: 16
start port: 0, end port: 65535
start addr: 192.168.1.2, end addr: 192.168.1.2
TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
start port: 0, end port: 65535
start addr: 192.168.1.0, end addr: 192.168.1.255
TSr Next payload: NOTIFY, reserved: 0x
vpn1#0, length: 40
Num of TSs: 2, reserved 0x0, reserved 0x0
TS type: TS_IPV4_ADDR_RANGE, proto id: 1, length: 16
start port: 0, end port: 65535
start addr: 192.168.2.2, end addr: 192.168.2.2
TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
start port: 0, end port: 65535
start addr: 192.168.2.0, end addr: 192.168.2.255
NOTIFY(INITIAL_CONTACT) Next payload: NOTIFY, reserved: 0x0, length: 8
Security protocol id: Unknown - 0, spi size: 0, type: INITIAL_CONTACT
vpn1# NOTIFY(SET_WINDOW_SIZE) Next payload: NOTIFY, reserved: 0x0, length: 12
Security protocol id: Unknown - 0, spi size: 0, type: SET_WINDOW_SIZE
NOTIFY(ESP_TFC_NO_SUPPORT) Next payload: NOTIFY, reserved: 0x0, length: 8
Security protocol id: Unknown - 0, spi size: 0, type: ESP_TFC_NO_SUPPORT
NOTIFY(NON_FIRST_FRAGS) Next payload: NONE, reserved: 0x0, length: 8
Security protocol id: Unknown - 0, spi size: 0, type: NON_FIRST_FRAGS
*Sep 24 12:13:45.806: IKEv2-PAK:(SESSION ID = 1,SA ID = 1):Next payload: ENCR, vers
vpn1#ion: 2.0 Exchange type: IKE_AUTH, flags: INITIATOR Message id: 1, length: 304
Payload contents:
ENCR Next payload: VID, reserved: 0x0, length: 276
*Sep 24 12:13:45.849: IKEv2-PAK:(SESSION ID = 1,SA ID = 1):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE Message id: 1, length: 272
Payload contents:
VID Next payload: IDr, reserved: 0x0, length: 20
IDr Next payload: AUTH, reserved: 0x0, length: 12
Id type: IPv4 address, Reserved: 0x0 0x0
AUTH Next payloa
vpn1#d: SA, reserved: 0x0, length: 40
Auth method PSK, reserved: 0x0, reserved 0x0
SA Next payload: TSi, reserved: 0x0, length: 44
last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 3 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
last transform: 0x0, reserved: 0x0: length: 8
type: 5, reserved: 0x0, id: Don't use ESN
TSi Next paylo
vpn1#ad: TSr, reserved: 0x0, length: 24
Num of TSs: 1, reserved 0x0, reserved 0x0
TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
start port: 0, end port: 65535
start addr: 192.168.1.0, end addr: 192.168.1.255
TSr Next payload: NOTIFY, reserved: 0x0, length: 24
Num of TSs: 1, reserved 0x0, reserved 0x0
TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
start port: 0, end port: 65535
start addr: 192.168.2.0, end addr: 192.168.2.255
NOTIFY(SET_WINDOW_SIZE) Next payload:
vpn1#NOTIFY, reserved: 0x0, length: 12
Security protocol id: Unknown - 0, spi size: 0, type: SET_WINDOW_SIZE
NOTIFY(ESP_TFC_NO_SUPPORT) Next payload: NOTIFY, reserved: 0x0, length: 8
Security protocol id: Unknown - 0, spi size: 0, type: ESP_TFC_NO_SUPPORT
NOTIFY(NON_FIRST_FRAGS) Next payload: NONE, reserved: 0x0, length: 8
Security protocol id: Unknown - 0, spi size: 0, type: NON_FIRST_FRAGS
*Sep 24 12:13:45.917: [] -> [SADB cmap:172.16.10.1]: message SADB root KMI message processing
*Sep 24 12:13:45.917: [SADB
vpn1# cmap:172.16.10.1]: message = SADB root KMI message processing
*Sep 24 12:13:45.918: [SADB cmap:172.16.10.1] -> [ACL cryptoacl]: message ACL KMI create SA
*Sep 24 12:13:45.918: [ACL cryptoacl]: message = ACL KMI create SA
*Sep 24 12:13:45.919: [ACL cryptoacl] -> [KMI Forward]: message Forward KMI message
*Sep 24 12:13:45.920: [KMI Forward]: message = Forward KMI message
*Sep 24 12:13:45.921: [KMI Forward] -> [Ident 80000002]: message Ping
*Sep 24 12:13:45.921: [Ident 80000002]: message = Ping
*Sep 24 12:13:45.921: [KM
vpn1#I Forward] -> [Ident 80000002]: message Message - Create SA
*Sep 24 12:13:45.922: [Ident 80000002]: message = Message - Create SA
*Sep 24 12:13:45.922: [Ident 80000002] -> [Session]: message Session Inserting Peer
*Sep 24 12:13:45.923: [Session]: message = Session Inserting Peer
*Sep 24 12:13:45.928: [Ident 80000002] -> [Sibling]: message Message - Create Inbound SA
*Sep 24 12:13:45.928: [Sibling]: message = Message - Create Inbound SA
*Sep 24 12:13:45.928: [Sibling] -> [Session]: message Message - In Use
*Sep 24 12:13:45.929: [Sessi
vpn1#on]: message = Message - In Use
*Sep 24 12:13:45.934: IPSEC(MESSAGE): SADB_ROOT_SM (print_message_to_acl_state_machine) Sent MSG_ACL_CREATE_PTOP_SA message to ACL cryptoacl, static seqno 10 dynamic seqno 0
vpn1#
vpn1#
vpn1#show logging
Syslog logging: enabled (0 messages dropped, 3 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: level debugging, 225 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 225 messages logged, xml disabled,
filtering disabled
Exception Logging: size (8192 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled
No active filter modules.
Trap logging: level informational, 31 message lines logged
Logging Source-Interface: VRF Name:
Log Buffer (32768 bytes):
*Mar 1 00:00:02.540: %ATA-6-DEV_FOUND: device 0x1F0
*Mar 1 00:00:09.279: %ATA-6-DEV_FOUND: device 0x1F1
*Mar 1 00:00:15.714: %NVRAM-5-CONFIG_NVRAM_READ_OK: NVRAM configuration 'flash:/nvram' was read from disk.
*Sep 24 11:57:07.007: %C3600-3-NOMAC: Can't allocate MAC address for interface 0/0
*Sep 24 11:57:07.238: %C3600-3-NOMAC: Can't allocate MAC address for interface 0/0
*Sep 24 11:57:10.331: %C3600-3-NOMAC: Can't allocate MAC address for interface 0/0
*Sep 24 11:57:23.719: %PA-3-PA_INIT_FAILED: Performance Agent failed to initialize (Missing Data License)
*Sep 24 11:57:35.984: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
*Sep 24 11:57:35.998: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
*Sep 24 11:57:36.005: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to down
*Sep 24 11:57:36.012: %LINK-3-UPDOWN: Interface GigabitEthernet0/3, changed state to down
*Sep 24 11:57:40.342: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
*Sep 24 11:57:40.343: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
*Sep 24 11:57:40.344: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to down
*Sep 24 11:57:40.346: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/3, changed state to down
*Sep 24 11:57:40.552: %SYS-5-LOG_CONFIG_CHANGE: Buffer logging: level debugging, xml disabled, filtering disabled, size (32768)
*Sep 24 11:57:41.767: %SYS-5-CONFIG_I: Configured from memory by console
*Sep 24 11:57:43.370: %SYS-5-RESTART: System restarted --
Cisco IOS Software, IOSv Software (VIOS-ADVENTERPRISEK9-M), Version 15.7(3)M3, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Wed 01-Aug-18 16:45 by prod_rel_team
*Sep 24 11:57:43.677: %LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to administratively down
*Sep 24 11:57:43.681: %LINK-5-CHANGED: Interface GigabitEthernet0/3, changed state to administratively down
*Sep 24 11:57:43.861: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Sep 24 11:57:43.862: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
*Sep 24 11:57:43.870: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is ON
*Sep 24 11:57:48.500: %SYS-3-CPUHOG: Task is running for (2000)msecs, more than (2000)msecs (0/0),process = Crypto CA.
*Sep 24 11:57:50.500: %SYS-3-CPUHOG: Task is running for (4000)msecs, more than (2000)msecs (0/0),process = Crypto CA.
*Sep 24 11:57:52.969: %PNP-6-PNP_DISCOVERY_STOPPED: PnP Discovery stopped (Startup Config Present)
*Sep 24 11:59:42.228: %PLATFORM-5-SIGNATURE_VERIFIED: Image 'flash0:/vios-adventerprisek9-m' passed code signing verification
Payload contents:
DELETE Next payload: NOTIFY, reserved: 0x0, length: 8
Security protocol id: IKE, spi size: 0, num of spi: 0
NOTIFY(DELETE_REASON) Next payload: NONE, reserved: 0x0, length: 14
Security protocol id: Unknown - 0, spi size: 0, type: DELETE_REASON
*Sep 24 12:13:34.725: IKEv2-PAK:(SESSION ID = 1,SA ID = 1):Next payload: ENCR, version: 2.0 Exchange type: INFORMATIONAL, flags: INITIATOR Message id: 2, length: 96
Payload contents:
ENCR Next payload: DELETE, reserved: 0x0, length: 68
*Sep 24 12:13:34.744: [Delete SA] -> [Sibling 2F4DBF90]: message Message - Delete Sibling
*Sep 24 12:13:34.744: [Sibling 2F4DBF90]: message = Message - Delete Sibling
*Sep 24 12:13:34.745: [Sibling 2F4DBF90] -> [Ident 80000002]: message Message - Delete SA
*Sep 24 12:13:34.746: [Ident 80000002]: message = Message - Delete SA
*Sep 24 12:13:34.754: [Sibling 2F4DBF90] -> [Session]: message Message - Not In Use
*Sep 24 12:13:34.754: [Session]: message = Message - Not In Use
*Sep 24 12:13:34.761: IKEv2-PAK:(SESSION ID = 1,SA ID = 1):Next payload: ENCR, version: 2.0 Exchange type: INFORMATIONAL, flags: RESPONDER MSG-RESPONSE Message id: 2, length: 80
Payload contents:
*Sep 24 12:13:45.600: [] -> [ACL cryptoacl]: message ACL notify RP
*Sep 24 12:13:45.601: [ACL cryptoacl]: message = ACL notify RP
*Sep 24 12:13:45.654: IKEv2-PAK:(SESSION ID = 1,SA ID = 1):Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: INITIATOR Message id: 0, length: 518
Payload contents:
SA Next payload: KE, reserved: 0x0, length: 48
last proposal: 0x0, reserved: 0x0, length: 44
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
KE Next payload: N, reserved: 0x0, length: 264
DH group: 14, Reserved: 0x0
N Next payload: VID, reserved: 0x0, length: 36
VID Next payload: VID, reserved: 0x0, length: 23
VID Next payload: VID, reserved: 0x0, length: 19
VID Next payload: VID, reserved: 0x0, length: 23
VID Next payload: NOTIFY, reserved: 0x0, length: 21
NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_SOURCE_IP
NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: NONE, reserved: 0x0, length: 28
Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
*Sep 24 12:13:45.729: IKEv2-PAK:(SESSION ID = 1,SA ID = 1):Next payload: SA, version: 2.0 Exchange type: IKE_SA_INIT, flags: RESPONDER MSG-RESPONSE Message id: 0, length: 518
Payload contents:
SA Next payload: KE, reserved: 0x0, length: 48
last proposal: 0x0, reserved: 0x0, length: 44
Proposal: 1, Protocol id: IKE, SPI size: 0, #trans: 4 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 2, reserved: 0x0, id: SHA256
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
last transform: 0x0, reserved: 0x0: length: 8
type: 4, reserved: 0x0, id: DH_GROUP_2048_MODP/Group 14
KE Next payload: N, reserved: 0x0, length: 264
DH group: 14, Reserved: 0x0
N Next payload: VID, reserved: 0x0, length: 36
VID Next payload: VID, reserved: 0x0, length: 23
VID Next payload: VID, reserved: 0x0, length: 19
VID Next payload: VID, reserved: 0x0, length: 23
VID Next payload: NOTIFY, reserved: 0x0, length: 21
NOTIFY(NAT_DETECTION_SOURCE_IP) Next payload: NOTIFY, reserved: 0x0, length: 28
Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_SOURCE_IP
NOTIFY(NAT_DETECTION_DESTINATION_IP) Next payload: NONE, reserved: 0x0, length: 28
Security protocol id: Unknown - 0, spi size: 0, type: NAT_DETECTION_DESTINATION_IP
Payload contents:
VID Next payload: IDi, reserved: 0x0, length: 20
IDi Next payload: AUTH, reserved: 0x0, length: 12
Id type: IPv4 address, Reserved: 0x0 0x0
AUTH Next payload: SA, reserved: 0x0, length: 40
Auth method PSK, reserved: 0x0, reserved 0x0
SA Next payload: TSi, reserved: 0x0, length: 44
last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 3 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
last transform: 0x0, reserved: 0x0: length: 8
type: 5, reserved: 0x0, id: Don't use ESN
TSi Next payload: TSr, reserved: 0x0, length: 40
Num of TSs: 2, reserved 0x0, reserved 0x0
TS type: TS_IPV4_ADDR_RANGE, proto id: 1, length: 16
start port: 0, end port: 65535
start addr: 192.168.1.2, end addr: 192.168.1.2
TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
start port: 0, end port: 65535
start addr: 192.168.1.0, end addr: 192.168.1.255
TSr Next payload: NOTIFY, reserved: 0x0, length: 40
Num of TSs: 2, reserved 0x0, reserved 0x0
TS type: TS_IPV4_ADDR_RANGE, proto id: 1, length: 16
start port: 0, end port: 65535
start addr: 192.168.2.2, end addr: 192.168.2.2
TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
start port: 0, end port: 65535
start addr: 192.168.2.0, end addr: 192.168.2.255
NOTIFY(INITIAL_CONTACT) Next payload: NOTIFY, reserved: 0x0, length: 8
Security protocol id: Unknown - 0, spi size: 0, type: INITIAL_CONTACT
NOTIFY(SET_WINDOW_SIZE) Next payload: NOTIFY, reserved: 0x0, length: 12
Security protocol id: Unknown - 0, spi size: 0, type: SET_WINDOW_SIZE
NOTIFY(ESP_TFC_NO_SUPPORT) Next payload: NOTIFY, reserved: 0x0, length: 8
Security protocol id: Unknown - 0, spi size: 0, type: ESP_TFC_NO_SUPPORT
NOTIFY(NON_FIRST_FRAGS) Next payload: NONE, reserved: 0x0, length: 8
Security protocol id: Unknown - 0, spi size: 0, type: NON_FIRST_FRAGS
*Sep 24 12:13:45.806: IKEv2-PAK:(SESSION ID = 1,SA ID = 1):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: INITIATOR Message id: 1, length: 304
Payload contents:
ENCR Next payload: VID, reserved: 0x0, length: 276
*Sep 24 12:13:45.849: IKEv2-PAK:(SESSION ID = 1,SA ID = 1):Next payload: ENCR, version: 2.0 Exchange type: IKE_AUTH, flags: RESPONDER MSG-RESPONSE Message id: 1, length: 272
Payload contents:
VID Next payload: IDr, reserved: 0x0, length: 20
IDr Next payload: AUTH, reserved: 0x0, length: 12
Id type: IPv4 address, Reserved: 0x0 0x0
AUTH Next payload: SA, reserved: 0x0, length: 40
Auth method PSK, reserved: 0x0, reserved 0x0
SA Next payload: TSi, reserved: 0x0, length: 44
last proposal: 0x0, reserved: 0x0, length: 40
Proposal: 1, Protocol id: ESP, SPI size: 4, #trans: 3 last transform: 0x3, reserved: 0x0: length: 12
type: 1, reserved: 0x0, id: AES-CBC
last transform: 0x3, reserved: 0x0: length: 8
type: 3, reserved: 0x0, id: SHA256
last transform: 0x0, reserved: 0x0: length: 8
type: 5, reserved: 0x0, id: Don't use ESN
TSi Next payload: TSr, reserved: 0x0, length: 24
Num of TSs: 1, reserved 0x0, reserved 0x0
TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
start port: 0, end port: 65535
start addr: 192.168.1.0, end addr: 192.168.1.255
TSr Next payload: NOTIFY, reserved: 0x0, length: 24
Num of TSs: 1, reserved 0x0, reserved 0x0
TS type: TS_IPV4_ADDR_RANGE, proto id: 0, length: 16
start port: 0, end port: 65535
start addr: 192.168.2.0, end addr: 192.168.2.255
NOTIFY(SET_WINDOW_SIZE) Next payload: NOTIFY, reserved: 0x0, length: 12
Security protocol id: Unknown - 0, spi size: 0, type: SET_WINDOW_SIZE
NOTIFY(ESP_TFC_NO_SUPPORT) Next payload: NOTIFY, reserved: 0x0, length: 8
Security protocol id: Unknown - 0, spi size: 0, type: ESP_TFC_NO_SUPPORT
NOTIFY(NON_FIRST_FRAGS) Next payload: NONE, reserved: 0x0, length: 8
Security protocol id: Unknown - 0, spi size: 0, type: NON_FIRST_FRAGS
*Sep 24 12:13:45.917: [] -> [SADB cmap:172.16.10.1]: message SADB root KMI message processing
*Sep 24 12:13:45.917: [SADB cmap:172.16.10.1]: message = SADB root KMI message processing
*Sep 24 12:13:45.918: [SADB cmap:172.16.10.1] -> [ACL cryptoacl]: message ACL KMI create SA
*Sep 24 12:13:45.918: [ACL cryptoacl]: message = ACL KMI create SA
*Sep 24 12:13:45.919: [ACL cryptoacl] -> [KMI Forward]: message Forward KMI message
*Sep 24 12:13:45.920: [KMI Forward]: message = Forward KMI message
*Sep 24 12:13:45.921: [KMI Forward] -> [Ident 80000002]: message Ping
*Sep 24 12:13:45.921: [Ident 80000002]: message = Ping
*Sep 24 12:13:45.921: [KMI Forward] -> [Ident 80000002]: message Message - Create SA
*Sep 24 12:13:45.922: [Ident 80000002]: message = Message - Create SA
*Sep 24 12:13:45.922: [Ident 80000002] -> [Session]: message Session Inserting Peer
*Sep 24 12:13:45.923: [Session]: message = Session Inserting Peer
*Sep 24 12:13:45.928: [Ident 80000002] -> [Sibling]: message Message - Create Inbound SA
*Sep 24 12:13:45.928: [Sibling]: message = Message - Create Inbound SA
*Sep 24 12:13:45.928: [Sibling] -> [Session]: message Message - In Use
*Sep 24 12:13:45.929: [Session]: message = Message - In Use
*Sep 24 12:13:45.934: IPSEC(MESSAGE): SADB_ROOT_SM (print_message_to_acl_state_machine) Sent MSG_ACL_CREATE_PTOP_SA message to ACL cryptoacl, static seqno 10 dynamic seqno 0
vpn1#
