murpy
Posts: 43
Joined: 4.Mar.2006
Status: offline
|
Helle again all,
A previous post has a bit of history of my problem:
http://forums.isaserver.org/m_2002001812/mpage_1/tm.htm
Included below are all the details of my situation. Now my questions:
1) My link works perfectly for 5 minutes (hmmm), and then suddenly fails from the servers point of view after exaxtly 5 minutes (Client keeps working just fine). Is this somehow related to the SAIdelTime issue?
2) Why am I getting a "ERR IPSec[05066] : No currently assigned Policy"
I am working on getting a Windows Small Business Server 2003 SP1 integrated media communicating with a SonicWall TZ150 using IPSEC Site to Site protocol through a WRT54G edge router.
Traffic is flowing from client to server but traffic is not flowing from server to client on a permanent basis. Traffic flowing from server to client stop flowing after about 5 minutes from when the server starts (Not from when the tunnel starts that is an important distinction).
Using netsh on the server I have determined that there is no policy configured. Se below for details.
My question is how can I debug the policy processing further.
Here is a quick summary of my setup:
WinXPSP2 <--------> LANA <--------> SonicWall <--------> INTERNET
10.0.1.17 10.0.1.1 216.232.119.93
WRT54G Windows Small Business Server 2003 SP1
INTERNET <--------> NAT-T Edge Router <--------> ISA Server 2004 <--------> LANB
0.71.193.175 192.168.104.1 192.168.104.2 10.0.0.2
The link as seen from the client WinXPSP2 will always stay connected with the occasional blip (tested with a continuous ping to the server).
The link as seen from the server remains up for approx 5 minutes from server login prompt.
Here is the timed sequence of events:
Put DMZ of server in sonicwall networks
Apply 3 Win 2003 sp1/ipsec related hotfixes
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec
Value name: SAIdleTime
Data Type: REG_DWORD
Value data: 300 - 3600 (default=300)
ISA patches
You cannot sustain a connection for longer than 3 to 10 minutes between a Windows Server 2003 Service Pack 1-based computer and a Linux-based computer
http://support.microsoft.com/kb/907259/en-us
Date Time Version Size File name
--------------------------------------------------------
01-Sep-2005 12:12 5.2.3790.2522 383,488 Oakley.dll
01-Sep-2005 12:12 5.2.3790.2522 271,872 Woakley.dll
01-Sep-2005 12:12 5.2.3790.2522 43,008 Arpidfix.exe
A hotfix that updates the IPSec Policy Agent is available for Windows Server 2003 and Windows XP
http://support.microsoft.com/kb/907865/en-us
Date Time Version Size File name
--------------------------------------------------------
15-Sep-2005 04:42 5.2.3790.2530 184,832 IPsecsvc.dll
VPN customers who use L2TP behind a NAT device cannot connect to a Windows Server 2003 SP1-based computer that is running Routing and Remote Access service
http://support.microsoft.com/kb/2912213/en-us
http://support.microsoft.com/kb/912213/en-us
File name File version File size Date Time Platform
--------------------------------------------------------
Ipsec.sys 5.2.3790.2619 82,432 17-Jan-2006 02:46 x86
Configure router for passthrough correctly
Apply SAIdleTime registry hack to work around small issue with SAIdleTime (set to 3600)
Reset Sonicwall log file 12:08:15
Reset Sonicwall using web interface 12:08:30
Power On ISA server 12:09
Start ping on Win XP Client 12:10:30
Creating Network 12:10:30
Applying computer settings 12:11:46
Login 12:13:30
Start ping on server 12:14:00 5 minutes since power on, 30 seconds since login
Put ipsec in debug mode
Capture netsh diagnostics
start vpn using web interface on sonicwall
link comes up (pings respond from both sides 12:14:50 6 Minutes from power on, 1.5 minutes since login
Ping fails from server side (server pinging sonicwall LAN) 12:18:40 almost 10 minutes from power on, 5 minutes from login
I have the following log files:
Serverpings Continuous ping log showing when the client responds to servers pings
netshAllGood A netsh of the ipsec relevant information when link is up as seen from the server
netshAllBad A netsh of the ipsec relevant information when link is down as seen from the server
notes.txt A log file of unexpected event log entries
Oakley.log An Ipsec debug file from the server
SonicWall.log
See these two events in the security event log.
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 541
Date: 8/13/2006
Time: 12:14:39 PM
User: NT AUTHORITY\NETWORK SERVICE
Computer: CWNTSRV1
Description:
IKE security association established.
Mode:
Data Protection Mode (Quick Mode)
Peer Identity:
Preshared key ID.
Peer IP Address: 216.232.119.93
Filter:
Source IP Address 192.168.104.2
Source IP Address Mask 255.255.255.255
Destination IP Address 10.0.1.0
Destination IP Address Mask 255.255.255.0
Protocol 0
Source Port 0
Destination Port 0
IKE Local Addr 192.168.104.2
IKE Peer Addr 216.232.119.93
IKE Source Port 500
IKE Destination Port 500
Peer Private Addr
Parameters:
ESP Algorithm Triple DES CBC
HMAC Algorithm SHA
AH Algorithm None
Encapsulation Tunnel Mode
InboundSpi 4286893423 (0xff84cd6f)
OutBoundSpi 4074166120 (0xf2d6d768)
Lifetime (sec) 28800
Lifetime (kb) 100000
QM delta time (sec) 0
Total delta time (sec) 32
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
============================================================================================
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 547
Date: 8/13/2006
Time: 12:18:32 PM
User: NT AUTHORITY\NETWORK SERVICE
Computer: CWNTSRV1
Description:
IKE security association negotiation failed.
Mode:
Data Protection Mode (Quick Mode)
Filter:
Source IP Address 192.168.104.0
Source IP Address Mask 255.255.255.0
Destination IP Address 10.0.1.0
Destination IP Address Mask 255.255.255.0
Protocol 0
Source Port 0
Destination Port 0
IKE Local Addr 192.168.104.2
IKE Peer Addr 216.232.119.93
IKE Source Port 500
IKE Destination Port 500
Peer Private Addr
Peer Identity:
Preshared key ID.
Peer IP Address: 216.232.119.93
Failure Point:
Me
Failure Reason:
No policy configured
Extra Status:
Processed third (ID) payload
Responder. Delta Time 0
0x0 0x0
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Weird huh? The success one is when the link was up. The failure one is when the link is down.
Also see this excerpt from oakley.log? No poicy (after 5 minutes from completing cold boot process.
8-13: 12:14:39:111:368 Sending: SA = 0x0331FE88 to 216.232.119.93:Type 2.500
8-13: 12:14:39:111:368 ISAKMP Header: (V1.0), len = 156
8-13: 12:14:39:111:368 I-COOKIE 1a9bb318171957ec
8-13: 12:14:39:111:368 R-COOKIE d4930f7e4035f5d4
8-13: 12:14:39:111:368 exchange: Oakley Quick Mode
8-13: 12:14:39:111:368 flags: 1 ( encrypted )
8-13: 12:14:39:111:368 next payload: HASH
8-13: 12:14:39:111:368 message ID: 9e32080a
8-13: 12:14:39:111:368 Ports S:f401 D:f401
8-13: 12:14:39:142:368
8-13: 12:14:39:142:368 Receive: (get) SA = 0x0331fe88 from 216.232.119.93.500
8-13: 12:14:39:142:368 ISAKMP Header: (V1.0), len = 156
8-13: 12:14:39:142:368 I-COOKIE 1a9bb318171957ec
8-13: 12:14:39:142:368 R-COOKIE d4930f7e4035f5d4
8-13: 12:14:39:142:368 exchange: Oakley Quick Mode
8-13: 12:14:39:142:368 flags: 1 ( encrypted )
8-13: 12:14:39:142:368 next payload: HASH
8-13: 12:14:39:142:368 message ID: 9e32080a
8-13: 12:14:39:142:368 processing HASH (QM)
8-13: 12:14:39:142:368 ClearFragList
8-13: 12:14:39:142:368 processing payload NONCE
8-13: 12:14:39:142:368 processing payload ID
8-13: 12:14:39:142:368 processing payload ID
8-13: 12:14:39:142:368 processing payload SA
8-13: 12:14:39:142:368 Negotiated Proxy ID: Src 192.168.104.2.0 Dst 10.0.1.0.0
8-13: 12:14:39:142:368 Dst id for subnet. Mask 255.255.255.0
8-13: 12:14:39:142:368 Checking Proposal 1: Proto= ESP(3), num trans=1 Next=0
8-13: 12:14:39:142:368 Checking Transform # 1: ID=Triple DES CBC(3)
8-13: 12:14:39:142:368 SA life type in seconds
8-13: 12:14:39:142:368 SA life duration 28800
8-13: 12:14:39:142:368 tunnel mode is Tunnel Mode(1)
8-13: 12:14:39:142:368 HMAC algorithm is SHA(2)
8-13: 12:14:39:142:368 Phase 2 SA accepted: proposal=1 transform=1
8-13: 12:14:39:142:368 constructing ISAKMP Header
8-13: 12:14:39:142:368 constructing HASH (QM)
8-13: 12:14:39:142:368 Adding QMs: src = 192.168.104.2.0000, dst = 10.0.1.0.0000, proto = 00, context = 00000006, my tunnel = 192.168.104.2, peer tunnel = 216.232.119.93, SrcMask = 0.0.0.0, DestMask = 255.255.255.0 Lifetime = 28800 LifetimeKBytes 100000 dwFlags 101 Direction 2 EncapType 1
8-13: 12:14:39:142:368 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
8-13: 12:14:39:142:368 Algo[0] MySpi: 4286893423 PeerSpi: 4074166120
8-13: 12:14:39:142:368 Encap Ports Src 500 Dst 500
8-13: 12:14:39:142:368 Skipping Outbound SA add
8-13: 12:14:39:142:368 Adding QMs: src = 192.168.104.2.0000, dst = 10.0.1.0.0000, proto = 00, context = 00000006, my tunnel = 192.168.104.2, peer tunnel = 216.232.119.93, SrcMask = 0.0.0.0, DestMask = 255.255.255.0 Lifetime = 28800 LifetimeKBytes 100000 dwFlags 101 Direction 3 EncapType 1
8-13: 12:14:39:142:368 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
8-13: 12:14:39:142:368 Algo[0] MySpi: 4286893423 PeerSpi: 4074166120
8-13: 12:14:39:142:368 Encap Ports Src 500 Dst 500
8-13: 12:14:39:142:368 Skipping Inbound SA add
8-13: 12:14:39:142:368 isadb_set_status sa:0331FE88 centry:000EB720 status 0
8-13: 12:14:39:142:368
8-13: 12:14:39:142:368 Sending: SA = 0x0331FE88 to 216.232.119.93:Type 4.500
8-13: 12:14:39:142:368 ISAKMP Header: (V1.0), len = 52
8-13: 12:14:39:142:368 I-COOKIE 1a9bb318171957ec
8-13: 12:14:39:142:368 R-COOKIE d4930f7e4035f5d4
8-13: 12:14:39:142:368 exchange: Oakley Quick Mode
8-13: 12:14:39:142:368 flags: 1 ( encrypted )
8-13: 12:14:39:142:368 next payload: HASH
8-13: 12:14:39:142:368 message ID: 9e32080a
8-13: 12:14:39:142:368 Ports S:f401 D:f401
8-13: 12:15:28:306:368 CE Dead. sa:033201F0 ce:000EB5E8 status:35f0
8-13: 12:15:39:42:368 CE Dead. sa:0331FE88 ce:000EB720 status:35ef
8-13: 12:18:32:186:147c
8-13: 12:18:32:186:147c Receive: (get) SA = 0x0331fe88 from 216.232.119.93.500
8-13: 12:18:32:186:147c ISAKMP Header: (V1.0), len = 164
8-13: 12:18:32:186:147c I-COOKIE 1a9bb318171957ec
8-13: 12:18:32:186:147c R-COOKIE d4930f7e4035f5d4
8-13: 12:18:32:186:147c exchange: Oakley Quick Mode
8-13: 12:18:32:186:147c flags: 1 ( encrypted )
8-13: 12:18:32:186:147c next payload: HASH
8-13: 12:18:32:186:147c message ID: dd9bf7c5
8-13: 12:18:32:186:147c processing HASH (QM)
8-13: 12:18:32:186:147c ClearFragList
8-13: 12:18:32:186:147c processing payload NONCE
8-13: 12:18:32:186:147c processing payload ID
8-13: 12:18:32:186:147c processing payload ID
8-13: 12:18:32:186:147c processing payload SA
8-13: 12:18:32:186:147c Negotiated Proxy ID: Src 10.0.1.0.0 Dst 192.168.104.0.0
8-13: 12:18:32:186:147c Src id for subnet. Mask 255.255.255.0
8-13: 12:18:32:186:147c Dst id for subnet. Mask 255.255.255.0
8-13: 12:18:32:186:147c Checking Proposal 1: Proto= ESP(3), num trans=1 Next=0
8-13: 12:18:32:186:147c Checking Transform # 1: ID=Triple DES CBC(3)
8-13: 12:18:32:186:147c SA life type in seconds
8-13: 12:18:32:186:147c SA life duration 28800
8-13: 12:18:32:186:147c tunnel mode is Tunnel Mode(1)
8-13: 12:18:32:186:147c HMAC algorithm is SHA(2)
8-13: 12:18:32:186:147c Finding Responder Policy for SRC=10.0.1.0.0000 DST=192.168.104.0.0000, SRCMask=255.255.255.0, DSTMask=255.255.255.0, Prot=0 InTunnelEndpt 268a8c0 OutTunnelEndpt 5d77e8d8
8-13: 12:18:32:186:147c Failed to get TunnelPolicy 13015
8-13: 12:18:32:186:147c Responder failed to match filter(Phase II) 13015
8-13: 12:18:32:216:147c Data Protection Mode (Quick Mode)
8-13: 12:18:32:216:147c Source IP Address 192.168.104.0 Source IP Address Mask 255.255.255.0 Destination IP Address 10.0.1.0 Destination IP Address Mask 255.255.255.0 Protocol 0 Source Port 0 Destination Port 0 IKE Local Addr 192.168.104.2 IKE Peer Addr 216.232.119.93 IKE Source Port 500 IKE Destination Port 500 Peer Private Addr
8-13: 12:18:32:216:147c Preshared key ID. Peer IP Address: 216.232.119.93
8-13: 12:18:32:216:147c Me
8-13: 12:18:32:216:147c No policy configured
8-13: 12:18:32:216:147c Processed third (ID) payload Responder. Delta Time 0 0x0 0x0
8-13: 12:18:32:216:147c isadb_set_status sa:0331FE88 centry:000EB720 status 3601
8-13: 12:18:32:216:147c ProcessFailure: sa:0331FE88 centry:000EB720 status:3601
8-13: 12:18:32:216:147c constructing ISAKMP Header
8-13: 12:18:32:216:147c constructing HASH (null)
8-13: 12:18:32:216:147c constructing NOTIFY 18
8-13: 12:18:32:216:147c constructing HASH (Notify/Delete)
8-13: 12:18:32:216:147c
I am working on getting a Windows Small Business Server 2003 SP1 integrated media communicating with a SonicWall TZ150 using IPSEC Site to Site protocol through a WRT54G edge router.
Traffic is flowing from client to server but traffic is not flowing from server to client on a permanent basis. Traffic flowing from server to client stop flowing after about 5 minutes from when the server starts (Not from when the tunnel starts that is an important distinction).
Using netsh on the server I have determined that there is no policy configured. Se below for details.
My question is how can I debug the policy processing further.
Here is a quick summary of my setup:
WinXPSP2 <--------> LANA <--------> SonicWall <--------> INTERNET
10.0.1.17 10.0.1.1 216.232.119.93
WRT54G Windows Small Business Server 2003 SP1
INTERNET <--------> NAT-T Edge Router <--------> ISA Server 2004 <--------> LANB
0.71.193.175 192.168.104.1 192.168.104.2 10.0.0.2
The link as seen from the client WinXPSP2 will always stay connected with the occasional blip (tested with a continuous ping to the server).
The link as seen from the server remains up for approx 5 minutes from server login prompt.
Here is the timed sequence of events:
Put DMZ of server in sonicwall networks
Apply 3 Win 2003 sp1/ipsec related hotfixes
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec
Value name: SAIdleTime
Data Type: REG_DWORD
Value data: 300 - 3600 (default=300)
ISA patches
You cannot sustain a connection for longer than 3 to 10 minutes between a Windows Server 2003 Service Pack 1-based computer and a Linux-based computer
http://support.microsoft.com/kb/907259/en-us
Date Time Version Size File name
--------------------------------------------------------
01-Sep-2005 12:12 5.2.3790.2522 383,488 Oakley.dll
01-Sep-2005 12:12 5.2.3790.2522 271,872 Woakley.dll
01-Sep-2005 12:12 5.2.3790.2522 43,008 Arpidfix.exe
A hotfix that updates the IPSec Policy Agent is available for Windows Server 2003 and Windows XP
http://support.microsoft.com/kb/907865/en-us
Date Time Version Size File name
--------------------------------------------------------
15-Sep-2005 04:42 5.2.3790.2530 184,832 IPsecsvc.dll
VPN customers who use L2TP behind a NAT device cannot connect to a Windows Server 2003 SP1-based computer that is running Routing and Remote Access service
http://support.microsoft.com/kb/2912213/en-us
http://support.microsoft.com/kb/912213/en-us
File name File version File size Date Time Platform
--------------------------------------------------------
Ipsec.sys 5.2.3790.2619 82,432 17-Jan-2006 02:46 x86
Configure router for passthrough correctly
Apply SAIdleTime registry hack to work around small issue with SAIdleTime (set to 3600)
Reset Sonicwall log file 12:08:15
Reset Sonicwall using web interface 12:08:30
Power On ISA server 12:09
Start ping on Win XP Client 12:10:30
Creating Network 12:10:30
Applying computer settings 12:11:46
Login 12:13:30
Start ping on server 12:14:00 5 minutes since power on, 30 seconds since login
Put ipsec in debug mode
Capture netsh diagnostics
start vpn using web interface on sonicwall
link comes up (pings respond from both sides 12:14:50 6 Minutes from power on, 1.5 minutes since login
Ping fails from server side (server pinging sonicwall LAN) 12:18:40 almost 10 minutes from power on, 5 minutes from login
I have the following log files:
Serverpings Continuous ping log showing when the client responds to servers pings
netshAllGood A netsh of the ipsec relevant information when link is up as seen from the server
netshAllBad A netsh of the ipsec relevant information when link is down as seen from the server
notes.txt A log file of unexpected event log entries
Oakley.log An Ipsec debug file from the server
SonicWall.log
The server is complaining even when the link is up that it does not have a policy:
ERR IPSec[05066] : No currently assigned Policy
The SonicWall Logfile is indicating that it is communicating with an illegal host (presumably because the policy on the server is not defined):
08/13/2006 12:18:31.800 - RECEIVED<<< ISAKMP OAK INFO (InitCookie 0x1a9bb318171957ec, MsgID: 0x63232529) *(HASH, NOTIFY:INVALID_ID_INFO) - 70.71.193.175, 500 - 216.232.119.93, 500 -
08/13/2006 12:18:31.800 - Received notify: INVALID_ID_INFO - 216.232.119.93 - 70.71.193.175 -
08/13/2006 12:18:34.272 - IPSec packet from or to an illegal host - 192.168.104.2 - 10.0.1.17 - SPI:0xF2D6D768
The Oakley logfile indicates (along with the event log) there is no policy configured
8-13: 12:14:38:798:368
8-13: 12:14:38:798:368 Receive: (get) SA = 0x0331fe88 from 216.232.119.93.500
8-13: 12:14:38:798:368 ISAKMP Header: (V1.0), len = 80
8-13: 12:14:38:798:368 I-COOKIE 1a9bb318171957ec
8-13: 12:14:38:798:368 R-COOKIE d4930f7e4035f5d4
8-13: 12:14:38:798:368 exchange: Oakley Main Mode
8-13: 12:14:38:798:368 flags: 0
8-13: 12:14:38:798:368 next payload: SA
8-13: 12:14:38:798:368 message ID: 00000000
8-13: 12:14:38:798:368 processing payload SA
8-13: 12:14:38:798:368 Received Phase 1 Transform 1
8-13: 12:14:38:798:368 Encryption Alg Triple DES CBC(5)
8-13: 12:14:38:798:368 Hash Alg SHA(2)
8-13: 12:14:38:798:368 Oakley Group 2
8-13: 12:14:38:798:368 Auth Method Preshared Key(1)
8-13: 12:14:38:798:368 Life type in Seconds
8-13: 12:14:38:798:368 Life duration of 28800
8-13: 12:14:38:798:368 Phase 1 SA accepted: transform=1
8-13: 12:14:38:798:368 SA - Oakley proposal accepted
8-13: 12:14:38:798:368 ClearFragList
8-13: 12:14:38:798:368 constructing ISAKMP Header
8-13: 12:14:38:830:368 constructing KE
8-13: 12:14:38:830:368 constructing NONCE (ISAKMP)
8-13: 12:14:38:830:368
8-13: 12:14:38:830:368 Sending: SA = 0x0331FE88 to 216.232.119.93:Type 2.500
8-13: 12:14:38:830:368 ISAKMP Header: (V1.0), len = 184
8-13: 12:14:38:830:368 I-COOKIE 1a9bb318171957ec
8-13: 12:14:38:830:368 R-COOKIE d4930f7e4035f5d4
8-13: 12:14:38:830:368 exchange: Oakley Main Mode
8-13: 12:14:38:830:368 flags: 0
8-13: 12:14:38:830:368 next payload: KE
8-13: 12:14:38:830:368 message ID: 00000000
8-13: 12:14:38:830:368 Ports S:f401 D:f401
8-13: 12:14:39:64:368
8-13: 12:14:39:64:368 Receive: (get) SA = 0x0331fe88 from 216.232.119.93.500
8-13: 12:14:39:64:368 ISAKMP Header: (V1.0), len = 220
8-13: 12:14:39:64:368 I-COOKIE 1a9bb318171957ec
8-13: 12:14:39:64:368 R-COOKIE d4930f7e4035f5d4
8-13: 12:14:39:64:368 exchange: Oakley Main Mode
8-13: 12:14:39:64:368 flags: 0
8-13: 12:14:39:64:368 next payload: KE
8-13: 12:14:39:64:368 message ID: 00000000
8-13: 12:14:39:64:368 processing payload KE
8-13: 12:14:39:80:368 processing payload NONCE
8-13: 12:14:39:80:368 processing payload VENDOR ID
8-13: 12:14:39:80:368 processing payload VENDOR ID
8-13: 12:14:39:80:368 processing payload VENDOR ID
8-13: 12:14:39:80:368 ClearFragList
8-13: 12:14:39:80:368 constructing ISAKMP Header
8-13: 12:14:39:80:368 constructing ID
8-13: 12:14:39:80:368 MM ID Type 1
8-13: 12:14:39:80:368 MM ID c0a86802
8-13: 12:14:39:80:368 constructing HASH
8-13: 12:14:39:80:368
8-13: 12:14:39:80:368 Sending: SA = 0x0331FE88 to 216.232.119.93:Type 2.500
8-13: 12:14:39:80:368 ISAKMP Header: (V1.0), len = 68
8-13: 12:14:39:80:368 I-COOKIE 1a9bb318171957ec
8-13: 12:14:39:80:368 R-COOKIE d4930f7e4035f5d4
8-13: 12:14:39:80:368 exchange: Oakley Main Mode
8-13: 12:14:39:80:368 flags: 1 ( encrypted )
8-13: 12:14:39:80:368 next payload: ID
8-13: 12:14:39:80:368 message ID: 00000000
8-13: 12:14:39:80:368 Ports S:f401 D:f401
8-13: 12:14:39:111:368
8-13: 12:14:39:111:368 Receive: (get) SA = 0x0331fe88 from 216.232.119.93.500
8-13: 12:14:39:111:368 ISAKMP Header: (V1.0), len = 68
8-13: 12:14:39:111:368 I-COOKIE 1a9bb318171957ec
8-13: 12:14:39:111:368 R-COOKIE d4930f7e4035f5d4
8-13: 12:14:39:111:368 exchange: Oakley Main Mode
8-13: 12:14:39:111:368 flags: 1 ( encrypted )
8-13: 12:14:39:111:368 next payload: ID
8-13: 12:14:39:111:368 message ID: 00000000
8-13: 12:14:39:111:368 processing payload ID
8-13: 12:14:39:111:368 processing payload HASH
8-13: 12:14:39:111:368 AUTH: Phase I authentication accepted
8-13: 12:14:39:111:368 ClearFragList
8-13: 12:14:39:111:368 MM established. SA: 0331FE88
8-13: 12:14:39:111:368 QM PolicyName: ISA Server bent QM Policy dwFlags 0
8-13: 12:14:39:111:368 QMOffer[0] LifetimeKBytes 0 LifetimeSec 28800
8-13: 12:14:39:111:368 QMOffer[0] dwFlags 0 dwPFSGroup 0
8-13: 12:14:39:111:368 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
8-13: 12:14:39:111:368 GetSpi: src = 10.0.1.0.0000, dst = 192.168.104.2.0000, proto = 00, context = 00000006, srcMask = 255.255.255.0, destMask = 255.255.255.255, TunnelFilter 1
8-13: 12:14:39:111:368 Setting SPI 4286893423
8-13: 12:14:39:111:368 constructing ISAKMP Header
8-13: 12:14:39:111:368 constructing HASH (null)
8-13: 12:14:39:111:368 constructing SA (IPSEC)
8-13: 12:14:39:111:368 constructing NONCE (IPSEC)
8-13: 12:14:39:111:368 constructing ID (proxy)
8-13: 12:14:39:111:368 constructing ID (proxy)
8-13: 12:14:39:111:368 constructing HASH (QM)
8-13: 12:14:39:111:368
8-13: 12:14:39:111:368 Sending: SA = 0x0331FE88 to 216.232.119.93:Type 2.500
8-13: 12:14:39:111:368 ISAKMP Header: (V1.0), len = 156
8-13: 12:14:39:111:368 I-COOKIE 1a9bb318171957ec
8-13: 12:14:39:111:368 R-COOKIE d4930f7e4035f5d4
8-13: 12:14:39:111:368 exchange: Oakley Quick Mode
8-13: 12:14:39:111:368 flags: 1 ( encrypted )
8-13: 12:14:39:111:368 next payload: HASH
8-13: 12:14:39:111:368 message ID: 9e32080a
8-13: 12:14:39:111:368 Ports S:f401 D:f401
8-13: 12:14:39:142:368
8-13: 12:14:39:142:368 Receive: (get) SA = 0x0331fe88 from 216.232.119.93.500
8-13: 12:14:39:142:368 ISAKMP Header: (V1.0), len = 156
8-13: 12:14:39:142:368 I-COOKIE 1a9bb318171957ec
8-13: 12:14:39:142:368 R-COOKIE d4930f7e4035f5d4
8-13: 12:14:39:142:368 exchange: Oakley Quick Mode
8-13: 12:14:39:142:368 flags: 1 ( encrypted )
8-13: 12:14:39:142:368 next payload: HASH
8-13: 12:14:39:142:368 message ID: 9e32080a
8-13: 12:14:39:142:368 processing HASH (QM)
8-13: 12:14:39:142:368 ClearFragList
8-13: 12:14:39:142:368 processing payload NONCE
8-13: 12:14:39:142:368 processing payload ID
8-13: 12:14:39:142:368 processing payload ID
8-13: 12:14:39:142:368 processing payload SA
8-13: 12:14:39:142:368 Negotiated Proxy ID: Src 192.168.104.2.0 Dst 10.0.1.0.0
8-13: 12:14:39:142:368 Dst id for subnet. Mask 255.255.255.0
8-13: 12:14:39:142:368 Checking Proposal 1: Proto= ESP(3), num trans=1 Next=0
8-13: 12:14:39:142:368 Checking Transform # 1: ID=Triple DES CBC(3)
8-13: 12:14:39:142:368 SA life type in seconds
8-13: 12:14:39:142:368 SA life duration 28800
8-13: 12:14:39:142:368 tunnel mode is Tunnel Mode(1)
8-13: 12:14:39:142:368 HMAC algorithm is SHA(2)
8-13: 12:14:39:142:368 Phase 2 SA accepted: proposal=1 transform=1
8-13: 12:14:39:142:368 constructing ISAKMP Header
8-13: 12:14:39:142:368 constructing HASH (QM)
8-13: 12:14:39:142:368 Adding QMs: src = 192.168.104.2.0000, dst = 10.0.1.0.0000, proto = 00, context = 00000006, my tunnel = 192.168.104.2, peer tunnel = 216.232.119.93, SrcMask = 0.0.0.0, DestMask = 255.255.255.0 Lifetime = 28800 LifetimeKBytes 100000 dwFlags 101 Direction 2 EncapType 1
8-13: 12:14:39:142:368 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
8-13: 12:14:39:142:368 Algo[0] MySpi: 4286893423 PeerSpi: 4074166120
8-13: 12:14:39:142:368 Encap Ports Src 500 Dst 500
8-13: 12:14:39:142:368 Skipping Outbound SA add
8-13: 12:14:39:142:368 Adding QMs: src = 192.168.104.2.0000, dst = 10.0.1.0.0000, proto = 00, context = 00000006, my tunnel = 192.168.104.2, peer tunnel = 216.232.119.93, SrcMask = 0.0.0.0, DestMask = 255.255.255.0 Lifetime = 28800 LifetimeKBytes 100000 dwFlags 101 Direction 3 EncapType 1
8-13: 12:14:39:142:368 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
8-13: 12:14:39:142:368 Algo[0] MySpi: 4286893423 PeerSpi: 4074166120
8-13: 12:14:39:142:368 Encap Ports Src 500 Dst 500
8-13: 12:14:39:142:368 Skipping Inbound SA add
8-13: 12:14:39:142:368 isadb_set_status sa:0331FE88 centry:000EB720 status 0
8-13: 12:14:39:142:368
8-13: 12:14:39:142:368 Sending: SA = 0x0331FE88 to 216.232.119.93:Type 4.500
8-13: 12:14:39:142:368 ISAKMP Header: (V1.0), len = 52
8-13: 12:14:39:142:368 I-COOKIE 1a9bb318171957ec
8-13: 12:14:39:142:368 R-COOKIE d4930f7e4035f5d4
8-13: 12:14:39:142:368 exchange: Oakley Quick Mode
8-13: 12:14:39:142:368 flags: 1 ( encrypted )
8-13: 12:14:39:142:368 next payload: HASH
8-13: 12:14:39:142:368 message ID: 9e32080a
8-13: 12:14:39:142:368 Ports S:f401 D:f401
8-13: 12:15:28:306:368 CE Dead. sa:033201F0 ce:000EB5E8 status:35f0
8-13: 12:15:39:42:368 CE Dead. sa:0331FE88 ce:000EB720 status:35ef
8-13: 12:18:32:186:147c
8-13: 12:18:32:186:147c Receive: (get) SA = 0x0331fe88 from 216.232.119.93.500
8-13: 12:18:32:186:147c ISAKMP Header: (V1.0), len = 164
8-13: 12:18:32:186:147c I-COOKIE 1a9bb318171957ec
8-13: 12:18:32:186:147c R-COOKIE d4930f7e4035f5d4
8-13: 12:18:32:186:147c exchange: Oakley Quick Mode
8-13: 12:18:32:186:147c flags: 1 ( encrypted )
8-13: 12:18:32:186:147c next payload: HASH
8-13: 12:18:32:186:147c message ID: dd9bf7c5
8-13: 12:18:32:186:147c processing HASH (QM)
8-13: 12:18:32:186:147c ClearFragList
8-13: 12:18:32:186:147c processing payload NONCE
8-13: 12:18:32:186:147c processing payload ID
8-13: 12:18:32:186:147c processing payload ID
8-13: 12:18:32:186:147c processing payload SA
8-13: 12:18:32:186:147c Negotiated Proxy ID: Src 10.0.1.0.0 Dst 192.168.104.0.0
8-13: 12:18:32:186:147c Src id for subnet. Mask 255.255.255.0
8-13: 12:18:32:186:147c Dst id for subnet. Mask 255.255.255.0
8-13: 12:18:32:186:147c Checking Proposal 1: Proto= ESP(3), num trans=1 Next=0
8-13: 12:18:32:186:147c Checking Transform # 1: ID=Triple DES CBC(3)
8-13: 12:18:32:186:147c SA life type in seconds
8-13: 12:18:32:186:147c SA life duration 28800
8-13: 12:18:32:186:147c tunnel mode is Tunnel Mode(1)
8-13: 12:18:32:186:147c HMAC algorithm is SHA(2)
8-13: 12:18:32:186:147c Finding Responder Policy for SRC=10.0.1.0.0000 DST=192.168.104.0.0000, SRCMask=255.255.255.0, DSTMask=255.255.255.0, Prot=0 InTunnelEndpt 268a8c0 OutTunnelEndpt 5d77e8d8
8-13: 12:18:32:186:147c Failed to get TunnelPolicy 13015
8-13: 12:18:32:186:147c Responder failed to match filter(Phase II) 13015
8-13: 12:18:32:216:147c Data Protection Mode (Quick Mode)
ERR IPSec[05066] : No currently assigned Policy
IKE MM Policy Name : ISA Server bent MM Policy
IKE Soft SA Lifetime : 28800 secs
Encryption Integrity DH Lifetime (Kb:secs) QM Limit Per MM
---------- --------- ---- ------------------ ---------------
3DES SHA1 2 0:28800 0
QM Negotiation Policy Name : ISA Server bent QM Policy
Security Methods Lifetime (Kb:secs) PFS DH Group
------------------------- --------------------- ------------
ESP[3DES,SHA1] 0:28800 <Unassigned>
Main Mode Filters: Generic
-------------------------------------------------------------------------------
Filter name : IPSec{D59138D4-F493-4633-9D81-6E8C00525F81}
Connection Type : ALL
Source Address : <My IP Address> (255.255.255.255)
Destination Address : 192.168.104.2 (255.255.255.255)
Authentication Methods :
Preshared key
Security Methods : 1
3DES/SHA1/DH2/28800/QMlimit=0
-------------------------------------------------------------------------------
Filter name : IPSec{F86DEC64-0516-4E7B-B129-D95D4B240274}
Connection Type : ALL
Source Address : <My IP Address> (255.255.255.255)
Destination Address : 216.232.119.93 (255.255.255.255)
Authentication Methods :
Preshared key
Security Methods : 1
3DES/SHA1/DH2/28800/QMlimit=0
2 Generic Filter(s)
Main Mode Filters: Specific Outbound
-------------------------------------------------------------------------------
Filter name : IPSec{F86DEC64-0516-4E7B-B129-D95D4B240274}
Weight : 69206017
Connection Type : ALL
Source Address : 10.0.0.2 (255.255.255.255)
Destination Address : 216.232.119.93 (255.255.255.255)
Authentication Methods :
Preshared key
Security Methods : 1
3DES/SHA1/DH2/28800/QMlimit=0
-------------------------------------------------------------------------------
Filter name : IPSec{F86DEC64-0516-4E7B-B129-D95D4B240274}
Weight : 69206017
Connection Type : ALL
Source Address : 192.168.104.2 (255.255.255.255)
Destination Address : 216.232.119.93 (255.255.255.255)
Authentication Methods :
Preshared key
Security Methods : 1
3DES/SHA1/DH2/28800/QMlimit=0
2 Specific Outbound Filter(s)
Main Mode Filters: Specific Inbound
-------------------------------------------------------------------------------
Filter name : IPSec{F86DEC64-0516-4E7B-B129-D95D4B240274}
Weight : 69206017
Connection Type : ALL
Source Address : 216.232.119.93 (255.255.255.255)
Destination Address : 10.0.0.2 (255.255.255.255)
Authentication Methods :
Preshared key
Security Methods : 1
3DES/SHA1/DH2/28800/QMlimit=0
-------------------------------------------------------------------------------
Filter name : IPSec{F86DEC64-0516-4E7B-B129-D95D4B240274}
Weight : 69206017
Connection Type : ALL
Source Address : 216.232.119.93 (255.255.255.255)
Destination Address : 192.168.104.2 (255.255.255.255)
Authentication Methods :
Preshared key
Security Methods : 1
3DES/SHA1/DH2/28800/QMlimit=0
2 Specific Inbound Filter(s)
Quick Mode Filters(Tunnel): Generic
-------------------------------------------------------------------------------
Filter name : IPSec{295813D2-50E2-4EF5-9C1D-8F2FE2207DB3}
Connection Type : ALL
Source Address : 10.0.0.0 (255.255.255.0 )
Destination Address : 10.0.1.0 (255.255.255.0 )
Tunnel Source : <Any IP Address>
Tunnel Destination : 216.232.119.93
Protocol : ANY Src Port: 0 Dest Port: 0
Mirrored : no
Quick Mode Policy : ISA Server bent QM Policy
Inbound Action : Negotiate
Outbound Action : Negotiate
-------------------------------------------------------------------------------
Filter name : IPSec{E5792A5C-9FCA-4902-9957-39E4969838C3}
Connection Type : ALL
Source Address : 10.0.1.0 (255.255.255.0 )
Destination Address : 10.0.0.0 (255.255.255.0 )
Tunnel Source : <Any IP Address>
Tunnel Destination : 192.168.104.2
Protocol : ANY Src Port: 0 Dest Port: 0
Mirrored : no
Quick Mode Policy : ISA Server bent QM Policy
Inbound Action : Negotiate
Outbound Action : Negotiate
-------------------------------------------------------------------------------
Filter name : IPSec{453CB6EF-312F-4392-B966-CA4CA96DCA7C}
Connection Type : ALL
Source Address : 192.168.104.2 (255.255.255.255)
Destination Address : 10.0.1.0 (255.255.255.0 )
Tunnel Source : <Any IP Address>
Tunnel Destination : 216.232.119.93
Protocol : ANY Src Port: 0 Dest Port: 0
Mirrored : no
Quick Mode Policy : ISA Server bent QM Policy
Inbound Action : Negotiate
Outbound Action : Negotiate
-------------------------------------------------------------------------------
Filter name : IPSec{55018F9C-43AE-4880-A964-D6CD20669910}
Connection Type : ALL
Source Address : 10.0.1.0 (255.255.255.0 )
Destination Address : 192.168.104.2 (255.255.255.255)
Tunnel Source : <Any IP Address>
Tunnel Destination : 192.168.104.2
Protocol : ANY Src Port: 0 Dest Port: 0
Mirrored : no
Quick Mode Policy : ISA Server bent QM Policy
Inbound Action : Negotiate
Outbound Action : Negotiate
4 Generic Filter(s)
Quick Mode Filters(Tunnel): Specific Outbound
-------------------------------------------------------------------------------
Filter name : IPSec{453CB6EF-312F-4392-B966-CA4CA96DCA7C}
Connection Type : ALL
Weight : 66859008
Source Address : 192.168.104.2 (255.255.255.255)
Destination Address : 10.0.1.0 (255.255.255.0 )
Tunnel Source : <Any IP Address>
Tunnel Destination : 216.232.119.93
Protocol : ANY Src Port: 0 Dest Port: 0
Mirrored : no
Quick Mode Policy : ISA Server bent QM Policy
Outbound Action : Negotiate
-------------------------------------------------------------------------------
Filter name : IPSec{295813D2-50E2-4EF5-9C1D-8F2FE2207DB3}
Connection Type : ALL
Weight : 64499713
Source Address : 10.0.0.0 (255.255.255.0 )
Destination Address : 10.0.1.0 (255.255.255.0 )
Tunnel Source : <Any IP Address>
Tunnel Destination : 216.232.119.93
Protocol : ANY Src Port: 0 Dest Port: 0
Mirrored : no
Quick Mode Policy : ISA Server bent QM Policy
Outbound Action : Negotiate
2 Specific Outbound Filter(s)
Quick Mode Filters(Tunnel): Specific Inbound
-------------------------------------------------------------------------------
Filter name : IPSec{55018F9C-43AE-4880-A964-D6CD20669910}
Connection Type : ALL
Weight : 66859009
Source Address : 10.0.1.0 (255.255.255.0 )
Destination Address : 192.168.104.2 (255.255.255.255)
Tunnel Source : <Any IP Address>
Tunnel Destination : 192.168.104.2
Protocol : ANY Src Port: 0 Dest Port: 0
Mirrored : no
Quick Mode Policy : ISA Server bent QM Policy
Inbound Action : Negotiate
-------------------------------------------------------------------------------
Filter name : IPSec{E5792A5C-9FCA-4902-9957-39E4969838C3}
Connection Type : ALL
Weight : 64499713
Source Address : 10.0.1.0 (255.255.255.0 )
Destination Address : 10.0.0.0 (255.255.255.0 )
Tunnel Source : <Any IP Address>
Tunnel Destination : 192.168.104.2
Protocol : ANY Src Port: 0 Dest Port: 0
Mirrored : no
Quick Mode Policy : ISA Server bent QM Policy
Inbound Action : Negotiate
2 Specific Inbound Filter(s)
IKE Main Mode SAs at 8/13/2006 12:22:06 PM
-------------------------------------------------------------------------------
Cookie Pair : 8e9acca2231e83ee:b5e300a38ce3cd27
Sec Methods : 3DES/SHA1/2/28800
Auth Mode : Preshared Key
Source : 192.168.104.2 , port 500
ID : 192.168.104.2
Destination : 216.232.119.93 , port 500
ID : 216.232.119.93
IKE Main Mode SAs at 8/13/2006 12:22:06 PM
-------------------------------------------------------------------------------
Cookie Pair : 1a9bb318171957ec:d4930f7e4035f5d4
Sec Methods : 3DES/SHA1/2/28800
Auth Mode : Preshared Key
Source : 192.168.104.2 , port 500
ID : 192.168.104.2
Destination : 216.232.119.93 , port 500
ID : 216.232.119.93
Quick Mode SAs
--------------
Tunnel Filter
Policy Name : ISA Server bent QM Policy
Tunnel Source : 192.168.104.2
Tunnel Destination : 216.232.119.93
Source Address : 192.168.104.2
Destination Address : 10.0.1.0
Protocol : ANY
Source Port : 0
Destination Port : 0
Direction : Outbound
Offer Used
AH(b/r) ESP Con(b/r) ESP Int PFS DH Group
---------- ------------- ------- ------------
None 3DES(24/0 ) SHA1 <Unassigned>
Tunnel Filter
Policy Name : ISA Server bent QM Policy
Tunnel Source : 192.168.104.2
Tunnel Destination : 216.232.119.93
Source Address : 10.0.0.0
Destination Address : 10.0.1.0
Protocol : ANY
Source Port : 0
Destination Port : 0
Direction : Outbound
Offer Used
AH(b/r) ESP Con(b/r) ESP Int PFS DH Group
---------- ------------- ------- ------------
None 3DES(24/0 ) SHA1 <Unassigned>
IPSec Configuration Parameters
------------------------------
IPSecDiagnostics : 7
IKElogging : 0
StrongCRLCheck : 1
IPSecloginterval : 3600
IPSecexempt : 3
Boot Mode : Permit
Boot Mode Exemptions :
Protocol Src Port Dst Port Direction
--------- --------- --------- ---------
UDP 0 68 Inbound
IKE Statistics
--------------
Main Modes : 2
Quick Modes : 2
Soft SAs : 0
Authentication Failures : 0
Active Acquire : 1
Active Receive : 0
Acquire fail : 0
Receive fail : 0
Send fail : 0
Acquire Heap size : 2
Receive Heap size : 1
Negotiation Failures : 1
Invalid Cookies Rcvd : 0
Total Acquire : 1
TotalGetSpi : 2
TotalKeyAdd : 2
TotalKeyUpdate : 2
GetSpiFail : 0
KeyAddFail : 0
KeyUpdateFail : 0
IsadbListSize : 2
ConnListSize : 1
Invalid Packets Rcvd : 0
IPSec Statistics
----------------
Active Assoc : 2
Offload SAs : 0
Pending Key : 0
Key Adds : 2
Key Deletes : 0
ReKeys : 0
Active Tunnels : 2
Bad SPI Pkts : 0
Pkts not Decrypted : 0
Pkts not Authenticated : 0
Pkts with Replay Detection : 0
Confidential Bytes Sent : 12,300
Confidential Bytes Received : 12,036
Authenticated Bytes Sent : 16,352
Authenticated Bytes Received: 16,000
Transport Bytes Sent : 0
Transport Bytes Received : 0
Bytes Sent In Tunnels : 12,300
Bytes Received In Tunnels : 22,304
Offloaded Bytes Sent : 0
Offloaded Bytes Received : 0
|
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
SonicWall <-> SBS Server 2003 SP1 integrated IPSE... - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread