Debug Log Dynamic VPN IPSec [Cont’d]

Posted on November 7, 2007. Filed under: VPN |

VR-1#sh logging
Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 flushes, 0 overruns)
Console logging: disabled
Monitor logging: level debugging, 0 messages logged
Buffer logging: level debugging, 169 messages logged
Logging Exception size (8192 bytes)
Trap logging: level informational, 34 message lines logged

Log Buffer (8192 bytes):
38:20: ISAKMP: received ke message (1/2)
01:38:20: ISAKMP: local port 500, remote port 500
01:38:20: ISAKMP (0:1): beginning Main Mode exchange
01:38:20: ISAKMP (0:1): sending packet to 202.53.253.3 (I) MM_NO_STATE
01:38:20: ISAKMP (0:1): received packet from 202.53.253.3 (I) MM_NO_STATE
01:38:20: ISAKMP (0:1): processing SA payload. message ID = 0
01:38:20: ISAKMP (0:1): found peer pre-shared key matching 202.53.253.3
01:38:20: ISAKMP (0:1): Checking ISAKMP transform 1 against priority 1 policy
01:38:20: ISAKMP: encryption DES-CBC
01:38:20: ISAKMP: hash SHA
01:38:20: ISAKMP: default group 1
01:38:20: ISAKMP: auth pre-share
01:38:20: ISAKMP: life type in seconds
01:38:20: ISAKMP: life duration (basic) of 3600
01:38:20: ISAKMP (0:1): atts are acceptable. Next payload is 0
01:38:20: ISAKMP (0:1): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
01:38:20: ISAKMP (0:1): sending packet to 202.53.253.3 (I) MM_SA_SETUP
01:38:20: ISAKMP (0:1): received packet from 202.53.253.3 (I) MM_SA_SETUP
01:38:20: ISAKMP (0:1): processing KE payload. message ID = 0
01:38:20: ISAKMP (0:1): processing NONCE payload. message ID = 0
01:38:20: ISAKMP (0:1): found peer pre-shared key matching 202.53.253.3
01:38:20: ISAKMP (0:1): SKEYID state generated
01:38:20: ISAKMP (0:1): processing vendor id payload
01:38:20: ISAKMP (0:1): speaking to another IOS box!
01:38:20: ISAKMP (1): ID payload
next-payload : 8
type : 1
protocol : 17
port : 500
length : 8


01:38:20: ISAKMP (1): Total payload length: 12
01:38:20: ISAKMP (0:1): sending packet to 202.53.253.3 (I) MM_KEY_EXCH
01:38:20: ISAKMP (0:1): received packet from 202.53.253.3 (I) MM_KEY_EXCH
01:38:20: ISAKMP (0:1): processing ID payload. message ID = 0
01:38:20: ISAKMP (0:1): processing HASH payload. message ID = 0
01:38:20: ISAKMP (0:1): SA has been authenticated with 202.53.253.3
01:38:20: ISAKMP (0:1): beginning Quick Mode exchange, M-ID of 166460272
01:38:20: ISAKMP (0:1): sending packet to 202.53.253.3 (I) QM_IDLE
01:38:21: ISAKMP (0:1): received packet from 202.53.253.3 (I) QM_IDLE
01:38:21: ISAKMP (0:1): processing HASH payload. message ID = 166460272
01:38:21: ISAKMP (0:1): processing SA payload. message ID = 166460272
01:38:21: ISAKMP (0:1): Checking IPSec proposal 1
01:38:21: ISAKMP: transform 1, AH_MD5
01:38:21: ISAKMP: attributes in transform:
01:38:21: ISAKMP: encaps is 1
01:38:21: ISAKMP: SA life type in seconds
01:38:21: ISAKMP: SA life duration (basic) of 3600
01:38:21: ISAKMP: SA life type in kilobytes
01:38:21: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0
01:38:21: ISAKMP: authenticator is HMAC-MD5
01:38:21: ISAKMP (0:1): atts are acceptable.
01:38:21: ISAKMP (0:1): Checking IPSec proposal 1
01:38:21: ISAKMP: transform 1, ESP_DES
01:38:21: ISAKMP: attributes in transform:
01:38:21: ISAKMP: encaps is 1
01:38:21: ISAKMP: SA life type in seconds
01:38:21: ISAKMP: SA life duration (basic) of 3600
01:38:21: ISAKMP: SA life type in kilobytes
01:38:21: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0
01:38:21: ISAKMP: authenticator is HMAC-MD5
01:38:21: ISAKMP (0:1): atts are acceptable.
01:38:21: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) dest= 202.53.253.3, src= 202.53.253.2,
dest_proxy= 172.16.10.0/255.255.255.0/0/0 (type=4),
src_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
protocol= AH, transform= ah-md5-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
01:38:21: IPSEC(validate_proposal_request): proposal part #2,
(key eng. msg.) dest= 202.53.253.3, src= 202.53.253.2,
dest_proxy= 172.16.10.0/255.255.255.0/0/0 (type=4),
src_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
01:38:21: ISAKMP (0:1): processing NONCE payload. message ID = 166460272
01:38:21: ISAKMP (0:1): processing ID payload. message ID = 166460272
01:38:21: ISAKMP (0:1): processing ID payload. message ID = 166460272
01:38:21: ISAKMP (0:1): Creating IPSec SAs
01:38:21: inbound SA from 202.53.253.3 to 202.53.253.2
(proxy 172.16.10.0 to 192.168.1.0)
01:38:21: has spi 0x22AE9503 and conn_id 2000 and flags 4
01:38:21: lifetime of 3600 seconds
01:38:21: lifetime of 4608000 kilobytes
01:38:21: outbound SA from 202.53.253.2 to 202.53.253.3 (proxy 192.168.1.0 to 172.16.10.0 )
01:38:21: has spi -553548609 and conn_id 2001 and flags 4
01:38:21: lifetime of 3600 seconds
01:38:21: lifetime of 4608000 kilobytes
01:38:21: ISAKMP (0:1): Creating IPSec SAs
01:38:21: inbound SA from 202.53.253.3 to 202.53.253.2
(proxy 172.16.10.0 to 192.168.1.0)
01:38:21: has spi 0xAF901F58 and conn_id 2002 and flags 4
01:38:21: lifetime of 3600 seconds
01:38:21: lifetime of 4608000 kilobytes
01:38:21: outbound SA from 202.53.253.2 to 202.53.253.3 (proxy 192.168.1.0 to 172.16.10.0 )
01:38:21: has spi 457928684 and conn_id 2003 and flags 4
01:38:21: lifetime of 3600 seconds
01:38:21: lifetime of 4608000 kilobytes
01:38:21: ISAKMP (0:1): sending packet to 202.53.253.3 (I) QM_IDLE
01:38:21: ISAKMP (0:1): deleting node 166460272 error FALSE reason “”
01:38:21: IPSEC(key_engine): got a queue event…
01:38:21: IPSEC(initialize_sas): ,
(key eng. msg.) dest= 202.53.253.2, src= 202.53.253.3,
dest_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
src_proxy= 172.16.10.0/255.255.255.0/0/0 (type=4),
protocol= AH, transform= ah-md5-hmac ,
lifedur= 3600s and 4608000kb,
spi= 0x22AE9503(581866755), conn_id= 2000, keysize= 0, flags= 0x4
01:38:21: IPSEC(initialize_sas): ,
(key eng. msg.) src= 202.53.253.2, dest= 202.53.253.3,
src_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
dest_proxy= 172.16.10.0/255.255.255.0/0/0 (type=4),
protocol= AH, transform= ah-md5-hmac ,
lifedur= 3600s and 4608000kb,
spi= 0xDF0184BF(3741418687), conn_id= 2001, keysize= 0, flags= 0x4
01:38:21: IPSEC(initialize_sas): ,
(key eng. msg.) dest= 202.53.253.2, src= 202.53.253.3,
dest_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
src_proxy= 172.16.10.0/255.255.255.0/0/0 (type=4),
protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 3600s and 4608000kb,
spi= 0xAF901F58(2945458008), conn_id= 2002, keysize= 0, flags= 0x4
01:38:21: IPSEC(initialize_sas): ,
(key eng. msg.) src= 202.53.253.2, dest= 202.53.253.3,
src_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
dest_proxy= 172.16.10.0/255.255.255.0/0/0 (type=4),
protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 3600s and 4608000kb,
spi= 0x1B4B6FEC(457928684), conn_id= 2003, keysize= 0, flags= 0x4
01:38:21: IPSEC(create_sa): sa created,
(sa) sa_dest= 202.53.253.2, sa_prot= 51,
sa_spi= 0x22AE9503(581866755),
sa_trans= ah-md5-hmac , sa_conn_id= 2000
01:38:21: IPSEC(create_sa): sa created,
(sa) sa_dest= 202.53.253.3, sa_prot= 51,
sa_spi= 0xDF0184BF(3741418687),
sa_trans= ah-md5-hmac , sa_conn_id= 2001
01:38:21: IPSEC(create_sa): sa created,
(sa) sa_dest= 202.53.253.2, sa_prot= 50,
sa_spi= 0xAF901F58(2945458008),
sa_trans= esp-des esp-md5-hmac , sa_conn_id= 2002
01:38:21: IPSEC(create_sa): sa created,
(sa) sa_dest= 202.53.253.3, sa_prot= 50,
sa_spi= 0x1B4B6FEC(457928684),
sa_trans= esp-des esp-md5-hmac , sa_conn_id= 2003
01:39:11: ISAKMP (0:1): purging node 166460272
01:39:13: IPSEC(encapsulate): encaps area too small, moving to new buffer:
idbtype 0, encaps_size 84, header size 60, avail 84
01:40:13: IPSEC(encapsulate): encaps area too small, moving to new buffer:
idbtype 0, encaps_size 84, header size 60, avail 84
01:41:13: IPSEC(encapsulate): encaps area too small, moving to new buffer:
idbtype 0, encaps_size 84, header size 60, avail 84
01:42:13: IPSEC(encapsulate): encaps area too small, moving to new buffer:
idbtype 0, encaps_size 84, header size 60, avail 84
VR-1#
VR-1#sh de
VR-1#sh deb
VR-1#sh debugging

Cryptographic Subsystem:
Crypto ISAKMP debugging is on
Crypto IPSEC debugging is on
VR-1#

+++++++++++++++++++++++++++++++++++++++++++

VR-2#sh logging
Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 flushes, 0 overruns)
Console logging: disabled
Monitor logging: level debugging, 0 messages logged
Buffer logging: level debugging, 1069 messages logged
Logging Exception size (8192 bytes)
Trap logging: level informational, 147 message lines logged

Log Buffer (8192 bytes):
.53.253.2
1d22h: ISAKMP (0:1): Checking ISAKMP transform 1 against priority 1 policy
1d22h: ISAKMP: encryption DES-CBC
1d22h: ISAKMP: hash SHA
1d22h: ISAKMP: default group 1
1d22h: ISAKMP: auth pre-share
1d22h: ISAKMP: life type in seconds
1d22h: ISAKMP: life duration (basic) of 3600
1d22h: ISAKMP (0:1): atts are acceptable. Next payload is 0
1d22h: ISAKMP (0:1): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
1d22h: ISAKMP (0:1): sending packet to 202.53.253.2 (R) MM_SA_SETUP
1d22h: ISAKMP (0:1): received packet from 202.53.253.2 (R) MM_SA_SETUP
1d22h: ISAKMP (0:1): processing KE payload. message ID = 0
1d22h: ISAKMP (0:1): processing NONCE payload. message ID = 0
1d22h: ISAKMP (0:1): found peer pre-shared key matching 202.53.253.2
1d22h: ISAKMP (0:1): SKEYID state generated
1d22h: ISAKMP (0:1): processing vendor id payload
1d22h: ISAKMP (0:1): speaking to another IOS box!
1d22h: ISAKMP (0:1): sending packet to 202.53.253.2 (R) MM_KEY_EXCH
1d22h: ISAKMP (0:1): received packet from 202.53.253.2 (R) MM_KEY_EXCH
1d22h: ISAKMP (0:1): processing ID payload. message ID = 0
1d22h: ISAKMP (0:1): processing HASH payload. message ID = 0
1d22h: ISAKMP (0:1): SA has been authenticated with 202.53.253.2
1d22h: ISAKMP (1): ID payload
next-payload : 8
type : 1
protocol : 17
port : 500
length : 8
1d22h: ISAKMP (1): Total payload length: 12
1d22h: ISAKMP (0:1): sending packet to 202.53.253.2 (R) QM_IDLE
1d22h: ISAKMP (0:1): received packet from 202.53.253.2 (R) QM_IDLE
1d22h: ISAKMP (0:1): processing HASH payload. message ID = 166460272
1d22h: ISAKMP (0:1): processing SA payload. message ID = 166460272
1d22h: ISAKMP (0:1): Checking IPSec proposal 1
1d22h: ISAKMP: transform 1, AH_MD5
1d22h: ISAKMP: attributes in transform:
1d22h: ISAKMP: encaps is 1
1d22h: ISAKMP: SA life type in seconds
1d22h: ISAKMP: SA life duration (basic) of 3600
1d22h: ISAKMP: SA life type in kilobytes
1d22h: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0
1d22h: ISAKMP: authenticator is HMAC-MD5
1d22h: ISAKMP (0:1): atts are acceptable.
1d22h: ISAKMP (0:1): Checking IPSec proposal 1
1d22h: ISAKMP: transform 1, ESP_DES
1d22h: ISAKMP: attributes in transform:
1d22h: ISAKMP: encaps is 1
1d22h: ISAKMP: SA life type in seconds
1d22h: ISAKMP: SA life duration (basic) of 3600
1d22h: ISAKMP: SA life type in kilobytes
1d22h: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0
1d22h: ISAKMP: authenticator is HMAC-MD5
1d22h: ISAKMP (0:1): atts are acceptable.
1d22h: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) dest= 202.53.253.3, src= 202.53.253.2,
dest_proxy= 172.16.10.0/255.255.255.0/0/0 (type=4),
src_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
protocol= AH, transform= ah-md5-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
1d22h: IPSEC(validate_proposal_request): proposal part #2,
(key eng. msg.) dest= 202.53.253.3, src= 202.53.253.2,
dest_proxy= 172.16.10.0/255.255.255.0/0/0 (type=4),
src_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4
1d22h: ISAKMP (0:1): processing NONCE payload. message ID = 166460272
1d22h: ISAKMP (0:1): processing ID payload. message ID = 166460272
1d22h: ISAKMP (1): ID_IPV4_ADDR_SUBNET src 192.168.1.0/255.255.255.0 prot 0 port 0
1d22h: ISAKMP (0:1): processing ID payload. message ID = 166460272
1d22h: ISAKMP (1): ID_IPV4_ADDR_SUBNET dst 172.16.10.0/255.255.255.0 prot 0 port 0
1d22h: ISAKMP (0:1): asking for 2 spis from ipsec
1d22h: IPSEC(key_engine): got a queue event…
1d22h: IPSEC(spi_response): getting spi 3741418687 for SA
from 202.53.253.2 to 202.53.253.3 for prot 2
1d22h: IPSEC(spi_response): getting spi 457928684 for SA
from 202.53.253.2 to 202.53.253.3 for prot 3
1d22h: ISAKMP: received ke message (2/2)
1d22h: ISAKMP (0:1): sending packet to 202.53.253.2 (R) QM_IDLE
1d22h: ISAKMP (0:1): received packet from 202.53.253.2 (R) QM_IDLE
1d22h: ISAKMP (0:1): Creating IPSec SAs
1d22h: inbound SA from 202.53.253.2 to 202.53.253.3
(proxy 192.168.1.0 to 172.16.10.0)
1d22h: has spi 0xDF0184BF and conn_id 2000 and flags 4
1d22h: lifetime of 3600 seconds
1d22h: lifetime of 4608000 kilobytes
1d22h: outbound SA from 202.53.253.3 to 202.53.253.2 (proxy 172.16.10.0 to 192.168.1.0 )
1d22h: has spi 581866755 and conn_id 2001 and flags 4
1d22h: lifetime of 3600 seconds
1d22h: lifetime of 4608000 kilobytes
1d22h: ISAKMP (0:1): Creating IPSec SAs
1d22h: inbound SA from 202.53.253.2 to 202.53.253.3
(proxy 192.168.1.0 to 172.16.10.0)
1d22h: has spi 0x1B4B6FEC and conn_id 2002 and flags 4
1d22h: lifetime of 3600 seconds
1d22h: lifetime of 4608000 kilobytes
1d22h: outbound SA from 202.53.253.3 to 202.53.253.2 (proxy 172.16.10.0 to 192.168.1.0 )
1d22h: has spi -1349509288 and conn_id 2003 and flags 4
1d22h: lifetime of 3600 seconds
1d22h: lifetime of 4608000 kilobytes
1d22h: ISAKMP (0:1): deleting node 166460272 error FALSE reason “quick mode done (await()”
1d22h: IPSEC(key_engine): got a queue event…
1d22h: IPSEC(initialize_sas): ,
(key eng. msg.) dest= 202.53.253.3, src= 202.53.253.2,
dest_proxy= 172.16.10.0/255.255.255.0/0/0 (type=4),
src_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
protocol= AH, transform= ah-md5-hmac ,
lifedur= 3600s and 4608000kb,
spi= 0xDF0184BF(3741418687), conn_id= 2000, keysize= 0, flags= 0x4
1d22h: IPSEC(initialize_sas): ,
(key eng. msg.) src= 202.53.253.3, dest= 202.53.253.2,
src_proxy= 172.16.10.0/255.255.255.0/0/0 (type=4),
dest_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
protocol= AH, transform= ah-md5-hmac ,
lifedur= 3600s and 4608000kb,
spi= 0x22AE9503(581866755), conn_id= 2001, keysize= 0, flags= 0x4
1d22h: IPSEC(initialize_sas): ,
(key eng. msg.) dest= 202.53.253.3, src= 202.53.253.2,
dest_proxy= 172.16.10.0/255.255.255.0/0/0 (type=4),
src_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 3600s and 4608000kb,
spi= 0x1B4B6FEC(457928684), conn_id= 2002, keysize= 0, flags= 0x4
1d22h: IPSEC(initialize_sas): ,
(key eng. msg.) src= 202.53.253.3, dest= 202.53.253.2,
src_proxy= 172.16.10.0/255.255.255.0/0/0 (type=4),
dest_proxy= 192.168.1.0/255.255.255.0/0/0 (type=4),
protocol= ESP, transform= esp-des esp-md5-hmac ,
lifedur= 3600s and 4608000kb,
spi= 0xAF901F58(2945458008), conn_id= 2003, keysize= 0, flags= 0x4
1d22h: IPSEC(create_sa): sa created,
(sa) sa_dest= 202.53.253.3, sa_prot= 51,
sa_spi= 0xDF0184BF(3741418687),
sa_trans= ah-md5-hmac , sa_conn_id= 2000
1d22h: IPSEC(create_sa): sa created,
(sa) sa_dest= 202.53.253.2, sa_prot= 51,
sa_spi= 0x22AE9503(581866755),
sa_trans= ah-md5-hmac , sa_conn_id= 2001
1d22h: IPSEC(create_sa): sa created,
(sa) sa_dest= 202.53.253.3, sa_prot= 50,
sa_spi= 0x1B4B6FEC(457928684),
sa_trans= esp-des esp-md5-hmac , sa_conn_id= 2002
1d22h: IPSEC(create_sa): sa created,
(sa) sa_dest= 202.53.253.2, sa_prot= 50,
sa_spi= 0xAF901F58(2945458008),
sa_trans= esp-des esp-md5-hmac , sa_conn_id= 2003
1d22h: IPSEC(encapsulate): encaps area too small, moving to new buffer:
idbtype 0, encaps_size 84, header size 60, avail 84
1d22h: ISAKMP (0:1): purging node 166460272
1d22h: IPSEC(encapsulate): encaps area too small, moving to new buffer:
idbtype 0, encaps_size 84, header size 60, avail 84
1d22h: IPSEC(encapsulate): encaps area too small, moving to new buffer:
idbtype 0, encaps_size 84, header size 60, avail 84
1d22h: IPSEC(encapsulate): encaps area too small, moving to new buffer:
idbtype 0, encaps_size 84, header size 60, avail 84
1d23h: IPSEC(encapsulate): encaps area too small, moving to new buffer:
idbtype 0, encaps_size 84, header size 60, avail 84

Wassalam

a. rahman isnaini r. sutan

Make a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: