Static IPSec VPN Log

Posted on October 4, 2007. Filed under: IPsec, VPN |

VR-1#sh logging
Syslog logging: enabled (0 messages dropped, 3 messages rate-limited, 0 flushes, 0 overruns)
Console logging: disabled
Monitor logging: level debugging, 0 messages logged
Buffer logging: level debugging, 511 messages logged
Logging Exception size (8192 bytes)
Trap logging: level informational, 50 message lines logged

Log Buffer (8192 bytes):
nsform= ah-md5-hmac ,
lifedur= 3600s and 4608000kb,
spi= 0xDC8979B2(3699997106), conn_id= 0, keysize= 0, flags= 0x4004
21:52:21: IPSEC(sa_request): ,
(key eng. msg.) src= 202.53.253.6, dest= 202.53.253.3,
src_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
dest_proxy= 172.16.10.0/255.255.255.0/0/0 (type=4),
protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 3600s and 4608000kb,
spi= 0x294B91C6(692818374), conn_id= 0, keysize= 0, flags= 0x4004


 
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ISAKMP SA States for IKE Main Mode SA Negotiation
IKE SA State (MainMode) Description
MM_NO_STATE
The ISAKMP SA has been created, but nothing else has happened yet. It is “larval” at this stage—there is no state.
MM_SA_SETUP
The peers have agreed on parameters for the ISAKMP SA.
MM_KEY_EXCH
The peers have exchanged Diffie-Hellman public keys and have generated a shared secret. The ISAKMP SA remains unauthenticated.
MM_KEY_AUTH
The ISAKMP SA has been authenticated. If the router initiated this exchange, this state transitions immediately to QM_IDLE, and a Quick Mode exchange begins.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

21:52:21: ISAKMP: received ke message (1/2)
21:52:21: ISAKMP: local port 500, remote port 500
21:52:21: ISAKMP (0:1): beginning Main Mode exchange
21:52:21: ISAKMP (0:1): sending packet to 202.53.253.3 (I) MM_NO_STATE
21:52:21: ISAKMP (0:1): received packet from 202.53.253.3 (I) MM_NO_STATE
21:52:21: ISAKMP (0:1): processing SA payload. message ID = 0
21:52:21: ISAKMP (0:1): found peer pre-shared key matching 202.53.253.3
21:52:21: ISAKMP (0:1): Checking ISAKMP transform 1 against priority 1 policy
21:52:21: ISAKMP: encryption DES-CBC
21:52:21: ISAKMP: hash SHA
21:52:21: ISAKMP: default group 1
21:52:21: ISAKMP: auth pre-share
21:52:21: ISAKMP: life type in seconds
21:52:21: ISAKMP: life duration (basic) of 3600
21:52:21: ISAKMP (0:1): atts are acceptable. Next payload is 0
21:52:22: ISAKMP (0:1): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
21:52:22: ISAKMP (0:1): sending packet to 202.53.253.3 (I) MM_SA_SETUP
21:52:22: ISAKMP (0:1): received packet from 202.53.253.3 (I) MM_SA_SETUP
21:52:22: ISAKMP (0:1): processing KE payload. message ID = 0
21:52:22: ISAKMP (0:1): processing NONCE payload. message ID = 0
21:52:22: ISAKMP (0:1): found peer pre-shared key matching 202.53.253.3
21:52:22: ISAKMP (0:1): SKEYID state generated
21:52:22: ISAKMP (0:1): processing vendor id payload
21:52:22: ISAKMP (0:1): speaking to another IOS box!
21:52:22: ISAKMP (1): ID payload
next-payload : 8
type : 1
protocol : 17
port : 500
length : 8
21:52:22: ISAKMP (1): Total payload length: 12
21:52:22: ISAKMP (0:1): sending packet to 202.53.253.3 (I) MM_KEY_EXCH
21:52:22: ISAKMP (0:1): received packet from 202.53.253.3 (I) MM_KEY_EXCH
21:52:22: ISAKMP (0:1): processing ID payload. message ID = 0
21:52:22: ISAKMP (0:1): processing HASH payload. message ID = 0
21:52:22: ISAKMP (0:1): SA has been authenticated with 202.53.253.3
21:52:22: ISAKMP (0:1): beginning Quick Mode exchange, M-ID of -1716511074
21:52:22: ISAKMP (0:1): sending packet to 202.53.253.3 (I) QM_IDLE
21:52:22: ISAKMP (0:1): received packet from 202.53.253.3 (I) QM_IDLE
21:52:22: ISAKMP (0:1): processing HASH payload. message ID = -1716511074
21:52:22: ISAKMP (0:1): processing SA payload. message ID = -1716511074
21:52:22: ISAKMP (0:1): Checking IPSec proposal 1
21:52:22: ISAKMP: transform 1, AH_MD5
21:52:22: ISAKMP: attributes in transform:
21:52:22: ISAKMP: encaps is 1
21:52:22: ISAKMP: SA life type in seconds
21:52:22: ISAKMP: SA life duration (basic) of 3600
21:52:22: ISAKMP: SA life type in kilobytes
21:52:22: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0
21:52:22: ISAKMP: authenticator is HMAC-MD5
21:52:22: ISAKMP (0:1): atts are acceptable.
21:52:22: ISAKMP (0:1): Checking IPSec proposal 1
21:52:22: ISAKMP: transform 1, ESP_DES
21:52:22: ISAKMP: attributes in transform:
21:52:22: ISAKMP: encaps is 1
21:52:22: ISAKMP: SA life type in seconds
21:52:22: ISAKMP: SA life duration (basic) of 3600
21:52:22: ISAKMP: SA life type in kilobytes
21:52:22: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0
21:52:22: ISAKMP: authenticator is HMAC-MD5
21:52:22: ISAKMP (0:1): atts are acceptable.
21:52:22: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) dest= 202.53.253.3, src= 202.53.253.6,
dest_proxy= 172.16.10.0/255.255.255.0/0/0 (type=4),
src_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
protocol= AH, transform= ah-md5-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
21:52:22: IPSEC(validate_proposal_request): proposal part #2,
(key eng. msg.) dest= 202.53.253.3, src= 202.53.253.6,
dest_proxy= 172.16.10.0/255.255.255.0/0/0 (type=4),
src_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
21:52:22: ISAKMP (0:1): processing NONCE payload. message ID = -1716511074
21:52:22: ISAKMP (0:1): processing ID payload. message ID = -1716511074
21:52:22: ISAKMP (0:1): processing ID payload. message ID = -1716511074
21:52:22: ISAKMP (0:1): Creating IPSec SAs
21:52:22: inbound SA from 202.53.253.3 to 202.53.253.6
(proxy 172.16.10.0 to 192.168.1.0)
21:52:22: has spi 0xDC8979B2 and conn_id 2000 and flags 4
21:52:22: lifetime of 3600 seconds
21:52:22: lifetime of 4608000 kilobytes
21:52:22: outbound SA from 202.53.253.6 to 202.53.253.3 (proxy 192.168.1.0 to 172.16.10.0 )
21:52:22: has spi -751108025 and conn_id 2001 and flags 4
21:52:22: lifetime of 3600 seconds
21:52:22: lifetime of 4608000 kilobytes
21:52:22: ISAKMP (0:1): Creating IPSec SAs
21:52:22: inbound SA from 202.53.253.3 to 202.53.253.6
(proxy 172.16.10.0 to 192.168.1.0)
21:52:22: has spi 0x294B91C6 and conn_id 2002 and flags 4
21:52:22: lifetime of 3600 seconds
21:52:22: lifetime of 4608000 kilobytes
21:52:22: outbound SA from 202.53.253.6 to 202.53.253.3 (proxy 192.168.1.0 to 172.16.10.0 )
21:52:22: has spi 296895138 and conn_id 2003 and flags 4
21:52:22: lifetime of 3600 seconds
21:52:22: lifetime of 4608000 kilobytes
21:52:22: ISAKMP (0:1): sending packet to 202.53.253.3 (I) QM_IDLE
21:52:22: ISAKMP (0:1): deleting node -1716511074 error FALSE reason “”
21:52:22: IPSEC(key_engine): got a queue event…
21:52:22: IPSEC(initialize_sas): ,
(key eng. msg.) dest= 202.53.253.6, src= 202.53.253.3,
dest_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
src_proxy= 172.16.10.0/255.255.255.0/0/0 (type=4),
protocol= AH, transform= ah-md5-hmac ,
lifedur= 3600s and 4608000kb,
spi= 0xDC8979B2(3699997106), conn_id= 2000, keysize= 0, flags= 0x4
21:52:22: IPSEC(initialize_sas): ,
(key eng. msg.) src= 202.53.253.6, dest= 202.53.253.3,
src_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
dest_proxy= 172.16.10.0/255.255.255.0/0/0 (type=4),
protocol= AH, transform= ah-md5-hmac ,
lifedur= 3600s and 4608000kb,
spi= 0xD33B0047(3543859271), conn_id= 2001, keysize= 0, flags= 0x4
21:52:22: IPSEC(initialize_sas): ,
(key eng. msg.) dest= 202.53.253.6, src= 202.53.253.3,
dest_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
src_proxy= 172.16.10.0/255.255.255.0/0/0 (type=4),
protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 3600s and 4608000kb,
spi= 0x294B91C6(692818374), conn_id= 2002, keysize= 0, flags= 0x4
21:52:22: IPSEC(initialize_sas): ,
(key eng. msg.) src= 202.53.253.6, dest= 202.53.253.3,
src_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
dest_proxy= 172.16.10.0/255.255.255.0/0/0 (type=4),
protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 3600s and 4608000kb,
spi= 0x11B242A2(296895138), conn_id= 2003, keysize= 0, flags= 0x4
21:52:22: IPSEC(create_sa): sa created,
(sa) sa_dest= 202.53.253.6, sa_prot= 51,
sa_spi= 0xDC8979B2(3699997106),
sa_trans= ah-md5-hmac , sa_conn_id= 2000
21:52:22: IPSEC(create_sa): sa created,
(sa) sa_dest= 202.53.253.3, sa_prot= 51,
sa_spi= 0xD33B0047(3543859271),
sa_trans= ah-md5-hmac , sa_conn_id= 2001
21:52:22: IPSEC(create_sa): sa created,
(sa) sa_dest= 202.53.253.6, sa_prot= 50,
sa_spi= 0x294B91C6(692818374),
sa_trans= esp-des esp-md5-hmac , sa_conn_id= 2002
21:52:22: IPSEC(create_sa): sa created,
(sa) sa_dest= 202.53.253.3, sa_prot= 50,
sa_spi= 0x11B242A2(296895138),
sa_trans= esp-des esp-md5-hmac , sa_conn_id= 2003
21:53:12: ISAKMP (0:1): purging node -1716511074

VR-2#sh logging
Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 flushes, 0 overruns)
Console logging: disabled
Monitor logging: level debugging, 0 messages logged
Buffer logging: level debugging, 743 messages logged
Logging Exception size (8192 bytes)
Trap logging: level informational, 128 message lines logged

Log Buffer (8192 bytes):
OWN: Line protocol on Interface FastEthernet2/0, changed state to up
23:42:51: ISAKMP (0:1): received packet from 202.53.253.6 (R) QM_IDLE
23:42:51: ISAKMP (0:1): processing HASH payload. message ID = -1164765338
23:42:51: ISAKMP (0:1): processing SA payload. message ID = -1164765338
23:42:51: ISAKMP (0:1): Checking IPSec proposal 1
23:42:51: ISAKMP: transform 1, AH_MD5
23:42:51: ISAKMP: attributes in transform:
23:42:51: ISAKMP: encaps is 1
23:42:51: ISAKMP: SA life type in seconds
23:42:51: ISAKMP: SA life duration (basic) of 3600
23:42:51: ISAKMP: SA life type in kilobytes
23:42:51: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0
23:42:51: ISAKMP: authenticator is HMAC-MD5
23:42:51: ISAKMP (0:1): atts are acceptable.
23:42:51: ISAKMP (0:1): Checking IPSec proposal 1
23:42:51: ISAKMP: transform 1, ESP_DES
23:42:51: ISAKMP: attributes in transform:
23:42:51: ISAKMP: encaps is 1
23:42:51: ISAKMP: SA life type in seconds
23:42:51: ISAKMP: SA life duration (basic) of 3600
23:42:51: ISAKMP: SA life type in kilobytes
23:42:51: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0
23:42:51: ISAKMP: authenticator is HMAC-MD5
23:42:51: ISAKMP (0:1): atts are acceptable.
23:42:51: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) dest= 202.53.253.3, src= 202.53.253.6,
dest_proxy= 172.16.10.0/255.255.255.0/0/0 (type=4),
src_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
protocol= AH, transform= ah-md5-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
23:42:51: IPSEC(validate_proposal_request): proposal part #2,
(key eng. msg.) dest= 202.53.253.3, src= 202.53.253.6,
dest_proxy= 172.16.10.0/255.255.255.0/0/0 (type=4),
src_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
23:42:51: ISAKMP (0:1): processing NONCE payload. message ID = -1164765338
23:42:51: ISAKMP (0:1): processing ID payload. message ID = -1164765338
23:42:51: ISAKMP (1): ID_IPV4_ADDR_SUBNET src 192.168.1.0/255.255.255.0 prot 0 port 0
23:42:51: ISAKMP (0:1): processing ID payload. message ID = -1164765338
23:42:51: ISAKMP (1): ID_IPV4_ADDR_SUBNET dst 172.16.10.0/255.255.255.0 prot 0 port 0
23:42:51: ISAKMP (0:1): asking for 2 spis from ipsec
23:42:51: IPSEC(key_engine): got a queue event…
23:42:51: IPSEC(spi_response): getting spi 4039033531 for SA
from 202.53.253.6 to 202.53.253.3 for prot 2
23:42:51: IPSEC(spi_response): getting spi 3000880515 for SA
from 202.53.253.6 to 202.53.253.3 for prot 3
23:42:51: ISAKMP: received ke message (2/2)
23:42:51: ISAKMP (0:1): sending packet to 202.53.253.6 (R) QM_IDLE
23:42:51: ISAKMP (0:1): received packet from 202.53.253.6 (R) QM_IDLE
23:42:51: ISAKMP (0:1): Creating IPSec SAs
23:42:51: inbound SA from 202.53.253.6 to 202.53.253.3
(proxy 192.168.1.0 to 172.16.10.0)
23:42:51: has spi 0xF0BEC2BB and conn_id 2004 and flags 4
23:42:51: lifetime of 3600 seconds
23:42:51: lifetime of 4608000 kilobytes
23:42:51: outbound SA from 202.53.253.3 to 202.53.253.6 (proxy 172.16.10.0 to 192.168.1.0 )
23:42:51: has spi 934177588 and conn_id 2005 and flags 4
23:42:51: lifetime of 3600 seconds
23:42:51: lifetime of 4608000 kilobytes
23:42:51: ISAKMP (0:1): Creating IPSec SAs
23:42:51: inbound SA from 202.53.253.6 to 202.53.253.3
(proxy 192.168.1.0 to 172.16.10.0)
23:42:51: has spi 0xB2DDCD83 and conn_id 2006 and flags 4
23:42:51: lifetime of 3600 seconds
23:42:51: lifetime of 4608000 kilobytes
23:42:51: outbound SA from 202.53.253.3 to 202.53.253.6 (proxy 172.16.10.0 to 192.168.1.0 )
23:42:51: has spi 1069915923 and conn_id 2007 and flags 4
23:42:51: lifetime of 3600 seconds
23:42:51: lifetime of 4608000 kilobytes
23:42:51: ISAKMP (0:1): deleting node -1164765338 error FALSE reason “quick mode done (await()”
23:42:51: IPSEC(key_engine): got a queue event…
23:42:51: IPSEC(initialize_sas): ,
(key eng. msg.) dest= 202.53.253.3, src= 202.53.253.6,
dest_proxy= 172.16.10.0/255.255.255.0/0/0 (type=4),
src_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
protocol= AH, transform= ah-md5-hmac ,
lifedur= 3600s and 4608000kb,
spi= 0xF0BEC2BB(4039033531), conn_id= 2004, keysize= 0, flags= 0x4
23:42:51: IPSEC(initialize_sas): ,
(key eng. msg.) src= 202.53.253.3, dest= 202.53.253.6,
src_proxy= 172.16.10.0/255.255.255.0/0/0 (type=4),
dest_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
protocol= AH, transform= ah-md5-hmac ,
lifedur= 3600s and 4608000kb,
spi= 0x37AE6B34(934177588), conn_id= 2005, keysize= 0, flags= 0x4
23:42:51: IPSEC(initialize_sas): ,
(key eng. msg.) dest= 202.53.253.3, src= 202.53.253.6,
dest_proxy= 172.16.10.0/255.255.255.0/0/0 (type=4),
src_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 3600s and 4608000kb,
spi= 0xB2DDCD83(3000880515), conn_id= 2006, keysize= 0, flags= 0x4
23:42:51: IPSEC(initialize_sas): ,
(key eng. msg.) src= 202.53.253.3, dest= 202.53.253.6,
src_proxy= 172.16.10.0/255.255.255.0/0/0 (type=4),
dest_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 3600s and 4608000kb,
spi= 0x3FC59F13(1069915923), conn_id= 2007, keysize= 0, flags= 0x4
23:42:51: IPSEC(create_sa): sa created,
(sa) sa_dest= 202.53.253.3, sa_prot= 51,
sa_spi= 0xF0BEC2BB(4039033531),
sa_trans= ah-md5-hmac , sa_conn_id= 2004
23:42:51: IPSEC(create_sa): sa created,
(sa) sa_dest= 202.53.253.6, sa_prot= 51,
sa_spi= 0x37AE6B34(934177588),
sa_trans= ah-md5-hmac , sa_conn_id= 2005
23:42:51: IPSEC(create_sa): sa created,
(sa) sa_dest= 202.53.253.3, sa_prot= 50,
sa_spi= 0xB2DDCD83(3000880515),
sa_trans= esp-des esp-md5-hmac , sa_conn_id= 2006
23:42:51: IPSEC(create_sa): sa created,
(sa) sa_dest= 202.53.253.6, sa_prot= 50,
sa_spi= 0x3FC59F13(1069915923),
sa_trans= esp-des esp-md5-hmac , sa_conn_id= 2007
23:43:27: ISAKMP (0:1): received packet from 202.53.253.6 (R) QM_IDLE
23:43:27: ISAKMP (0:1): processing HASH payload. message ID = -2031888658
23:43:27: ISAKMP (0:1): processing DELETE payload. message ID = -2031888658
23:43:27: ISAKMP (0:1): deleting node -2031888658 error FALSE reason “delete IPSEC informational (in)”
23:43:27: IPSEC(key_engine): got a queue event…
23:43:27: IPSEC(key_engine_delete_sas): rec’d delete notify from ISAKMP
23:43:27: IPSEC(key_engine_delete_sas): delete SA with spi 3699997106/51 for 202.53.253.6
23:43:27: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= 202.53.253.3, sa_prot= 51,
sa_spi= 0xD33B0047(3543859271),
sa_trans= ah-md5-hmac , sa_conn_id= 2000
23:43:27: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= 202.53.253.6, sa_prot= 51,
sa_spi= 0xDC8979B2(3699997106),
sa_trans= ah-md5-hmac , sa_conn_id= 2001
23:43:27: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= 202.53.253.3, sa_prot= 50,
sa_spi= 0x11B242A2(296895138),
sa_trans= esp-des esp-md5-hmac , sa_conn_id= 2002
23:43:27: IPSEC(delete_sa): deleting SA,
(sa) sa_dest= 202.53.253.6, sa_prot= 50,
sa_spi= 0x294B91C6(692818374),
sa_trans= esp-des esp-md5-hmac , sa_conn_id= 2003
23:43:32: IPSEC(encapsulate): error in encapsulation fs_encap_decap_fail
23:43:41: ISAKMP (0:1): purging node -1164765338
23:44:00: ISAKMP (0:1): deleting SA reason “IKE SA Lifetime Exceeded” state (R) QM_IDLE (peer 202.53.253.6) input queue 0
23:44:00: ISAKMP (0:1): sending packet to 202.53.253.6 (R) MM_NO_STATE
23:44:00: ISAKMP (0:1): purging node 264212036
23:44:17: ISAKMP (0:1): purging node -2031888658
23:45:00: ISAKMP (0:1): purging SA., sa=634A57F4, delme=634A57F4
23:51:13: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2/0, changed state to down
23:53:40: %SYS-5-CONFIG_I: Configured from console by vpn on vty0 (202.53.253.6)
VR-2#

Wassalam

a. rahman isnaini rangkayo sutan

Make a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: