• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

VPN IPSEC (Sonicwall to ISA server) with edge router does IS NOT Stable

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> VPN IPSEC (Sonicwall to ISA server) with edge router does IS NOT Stable Page: [1]
Login
Message << Older Topic   Newer Topic >>
VPN IPSEC (Sonicwall to ISA server) with edge router do... - 5.May2006 3:55:23 PM   
murpy

 

Posts: 43
Joined: 4.Mar.2006
Status: offline
OK thanks to Clint I got through my IPSEC connection issues. 

My issues were
1) include the dmz subnet addresses in the "networks" sonicwall configuration
2) Turn offthe Enable NAT Traversal in the sonicwall VPN advanced screen
3) Use Perfect Forward Secracy

None of the above is documented in Sonicwalls documentation


Now I am having problems with the connection staying up.  It looks like that when things are working correctly the sonicwall reports an active connection to both the 192.168.104.x subnet and the 10.0.0.x subnet.  Things will stop working over time say 5 minutes. 

6:25 Power Cycle Sonicwall
6:30 Ping from Sonicwall worked
6:32 First ping (request time out) from sonicwall, 3 other completed correctly
6:33 All 4 ping attempts from ISASERVER (request time out) Negotiating IPSEC Security message
6:35 Link came back pings ok?


Included below is my configuration, oakley log file and sonicwall log files

SonicWallTZ150 -- INTERNET -- LinkSys54GLEdgeRouter -- ISA Server2004

Post #: 1
RE: VPN IPSEC (Sonicwall to ISA server) with edge route... - 5.May2006 3:55:46 PM   
murpy

 

Posts: 43
Joined: 4.Mar.2006
Status: offline
oakley log file

5-05: 06:25:55:63:898 QM Deleted. Notify from driver: Src 192.168.104.2 Dest 10.0.1.0 InSPI 2076991803 OutSpi 3591776783  Tunnel 25f94746 TunnelFilter 0
5-05: 06:25:55:63:898 srcEncapPort=62465, dstEncapPort=62465
5-05: 06:25:55:63:898 Could not find the peer list entry
5-05: 06:25:55:63:898 constructing ISAKMP Header
5-05: 06:25:55:63:898 constructing HASH (null)
5-05: 06:25:55:63:898 Construct QM Delete Spi 2076991803
5-05: 06:25:55:63:898 constructing HASH (Notify/Delete)
5-05: 06:25:55:63:898 Not setting retransmit to downlevel client. SA 0304F5B0 Centry 00000000
5-05: 06:25:55:63:898
5-05: 06:25:55:63:898 Sending: SA = 0x0304F5B0 to 70.71.249.37:Type 1.500
5-05: 06:25:55:63:898 ISAKMP Header: (V1.0), len = 68
5-05: 06:25:55:63:898   I-COOKIE 50b0def5cc8ec754
5-05: 06:25:55:63:898   R-COOKIE 3eeb718bcc48242c
5-05: 06:25:55:63:898   exchange: ISAKMP Informational Exchange
5-05: 06:25:55:63:898   flags: 1 ( encrypted )
5-05: 06:25:55:63:898   next payload: HASH
5-05: 06:25:55:63:898   message ID: 6c612e63
5-05: 06:25:55:63:898 Ports S:f401 D:f401
5-05: 06:25:55:63:898 PrivatePeerAddr 0
5-05: 06:26:14:203:898
5-05: 06:26:14:203:898 Receive: (get) SA = 0x00000000 from 70.71.249.37.500
5-05: 06:26:14:203:898 ISAKMP Header: (V1.0), len = 80
5-05: 06:26:14:203:898   I-COOKIE e89d9a2e991242e8
5-05: 06:26:14:203:898   R-COOKIE 0000000000000000
5-05: 06:26:14:203:898   exchange: Oakley Main Mode
5-05: 06:26:14:203:898   flags: 0
5-05: 06:26:14:203:898   next payload: SA
5-05: 06:26:14:203:898   message ID: 00000000
5-05: 06:26:14:203:898 Filter to match: Src 70.71.249.37 Dst 192.168.104.2
5-05: 06:26:14:203:898 MM PolicyName: ISA Server bent MM Policy
5-05: 06:26:14:203:898 MMPolicy dwFlags 0 SoftSAExpireTime 28800
5-05: 06:26:14:203:898 MMOffer[0] LifetimeSec 28800 QMLimit 0 DHGroup 2
5-05: 06:26:14:203:898 MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
5-05: 06:26:14:203:898 Auth[0]:PresharedKey KeyLen 30
5-05: 06:26:14:203:898 Responding with new SA 304fc80
5-05: 06:26:14:203:898 processing payload SA
5-05: 06:26:14:203:898 Received Phase 1 Transform 1
5-05: 06:26:14:203:898      Encryption Alg Triple DES CBC(5)
5-05: 06:26:14:203:898      Hash Alg SHA(2)
5-05: 06:26:14:203:898      Oakley Group 2
5-05: 06:26:14:203:898      Auth Method Preshared Key(1)
5-05: 06:26:14:203:898      Life type in Seconds
5-05: 06:26:14:203:898      Life duration of 28800
5-05: 06:26:14:203:898 Phase 1 SA accepted: transform=1
5-05: 06:26:14:203:898 SA - Oakley proposal accepted
5-05: 06:26:14:203:898 ClearFragList
5-05: 06:26:14:203:898 constructing ISAKMP Header
5-05: 06:26:14:203:898 constructing SA (ISAKMP)
5-05: 06:26:14:203:898 Constructing Vendor MS NT5 ISAKMPOAKLEY
5-05: 06:26:14:203:898 Constructing Vendor FRAGMENTATION
5-05: 06:26:14:203:898 Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
5-05: 06:26:14:203:898
5-05: 06:26:14:203:898 Sending: SA = 0x0304FC80 to 70.71.249.37:Type 2.500
5-05: 06:26:14:203:898 ISAKMP Header: (V1.0), len = 148
5-05: 06:26:14:203:898   I-COOKIE e89d9a2e991242e8
5-05: 06:26:14:203:898   R-COOKIE 3dbd483c0ce84bb6
5-05: 06:26:14:203:898   exchange: Oakley Main Mode
5-05: 06:26:14:203:898   flags: 0
5-05: 06:26:14:203:898   next payload: SA
5-05: 06:26:14:203:898   message ID: 00000000
5-05: 06:26:14:203:898 Ports S:f401 D:f401
5-05: 06:26:14:328:898
5-05: 06:26:14:328:898 Receive: (get) SA = 0x0304fc80 from 70.71.249.37.500
5-05: 06:26:14:328:898 ISAKMP Header: (V1.0), len = 220
5-05: 06:26:14:328:898   I-COOKIE e89d9a2e991242e8
5-05: 06:26:14:328:898   R-COOKIE 3dbd483c0ce84bb6
5-05: 06:26:14:328:898   exchange: Oakley Main Mode
5-05: 06:26:14:328:898   flags: 0
5-05: 06:26:14:328:898   next payload: KE
5-05: 06:26:14:328:898   message ID: 00000000
5-05: 06:26:14:328:898 processing payload KE
5-05: 06:26:14:360:898 processing payload NONCE
5-05: 06:26:14:360:898 processing payload VENDOR ID
5-05: 06:26:14:360:898 processing payload VENDOR ID
5-05: 06:26:14:360:898 processing payload VENDOR ID
5-05: 06:26:14:360:898 ClearFragList
5-05: 06:26:14:360:898 constructing ISAKMP Header
5-05: 06:26:14:360:898 constructing KE
5-05: 06:26:14:360:898 constructing NONCE (ISAKMP)
5-05: 06:26:14:360:898
5-05: 06:26:14:360:898 Sending: SA = 0x0304FC80 to 70.71.249.37:Type 2.500
5-05: 06:26:14:360:898 ISAKMP Header: (V1.0), len = 184
5-05: 06:26:14:360:898   I-COOKIE e89d9a2e991242e8
5-05: 06:26:14:360:898   R-COOKIE 3dbd483c0ce84bb6
5-05: 06:26:14:360:898   exchange: Oakley Main Mode
5-05: 06:26:14:360:898   flags: 0
5-05: 06:26:14:360:898   next payload: KE
5-05: 06:26:14:360:898   message ID: 00000000
5-05: 06:26:14:360:898 Ports S:f401 D:f401
5-05: 06:26:14:469:898
5-05: 06:26:14:469:898 Receive: (get) SA = 0x0304fc80 from 70.71.249.37.500
5-05: 06:26:14:469:898 ISAKMP Header: (V1.0), len = 100
5-05: 06:26:14:469:898   I-COOKIE e89d9a2e991242e8
5-05: 06:26:14:469:898   R-COOKIE 3dbd483c0ce84bb6
5-05: 06:26:14:469:898   exchange: Oakley Main Mode
5-05: 06:26:14:469:898   flags: 1 ( encrypted )
5-05: 06:26:14:469:898   next payload: ID
5-05: 06:26:14:469:898   message ID: 00000000
5-05: 06:26:14:469:898 processing payload ID
5-05: 06:26:14:469:898 processing payload HASH
5-05: 06:26:14:469:898 AUTH: Phase I authentication accepted
5-05: 06:26:14:469:898 processing payload NOTIFY
5-05: 06:26:14:469:898 Unknown Notify Message 24578
5-05: 06:26:14:469:898 ClearFragList
5-05: 06:26:14:469:898 constructing ISAKMP Header
5-05: 06:26:14:469:898 constructing ID
5-05: 06:26:14:469:898 MM ID Type 1
5-05: 06:26:14:469:898 MM ID c0a86802
5-05: 06:26:14:469:898 constructing HASH
5-05: 06:26:14:469:898 MM established.  SA: 0304FC80
5-05: 06:26:14:485:898
5-05: 06:26:14:485:898 Sending: SA = 0x0304FC80 to 70.71.249.37:Type 2.500
5-05: 06:26:14:485:898 ISAKMP Header: (V1.0), len = 68
5-05: 06:26:14:485:898   I-COOKIE e89d9a2e991242e8
5-05: 06:26:14:485:898   R-COOKIE 3dbd483c0ce84bb6
5-05: 06:26:14:485:898   exchange: Oakley Main Mode
5-05: 06:26:14:485:898   flags: 1 ( encrypted )
5-05: 06:26:14:485:898   next payload: ID
5-05: 06:26:14:485:898   message ID: 00000000
5-05: 06:26:14:485:898 Ports S:f401 D:f401
5-05: 06:26:14:594:898
5-05: 06:26:14:594:898 Receive: (get) SA = 0x0304fc80 from 70.71.249.37.500
5-05: 06:26:14:594:898 ISAKMP Header: (V1.0), len = 300
5-05: 06:26:14:594:898   I-COOKIE e89d9a2e991242e8
5-05: 06:26:14:594:898   R-COOKIE 3dbd483c0ce84bb6
5-05: 06:26:14:594:898   exchange: Oakley Quick Mode
5-05: 06:26:14:594:898   flags: 1 ( encrypted )
5-05: 06:26:14:594:898   next payload: HASH
5-05: 06:26:14:594:898   message ID: c28a0249
5-05: 06:26:14:594:898 processing HASH (QM)
5-05: 06:26:14:594:898 ClearFragList
5-05: 06:26:14:594:898 processing payload NONCE
5-05: 06:26:14:594:898 processing payload KE
5-05: 06:26:14:594:898 Quick Mode KE processed; Saved KE data
5-05: 06:26:14:594:898 processing payload ID
5-05: 06:26:14:594:898 processing payload ID
5-05: 06:26:14:594:898 processing payload SA
5-05: 06:26:14:594:898 Negotiated Proxy ID: Src 10.0.1.0.0 Dst 10.0.0.0.0
5-05: 06:26:14:594:898 Src id for subnet.  Mask 255.255.255.0
5-05: 06:26:14:594:898 Dst id for subnet.  Mask 255.255.255.0
5-05: 06:26:14:594:898 Checking Proposal 1: Proto= ESP(3), num trans=1 Next=0
5-05: 06:26:14:594:898 Checking Transform # 1: ID=Triple DES CBC(3)
5-05: 06:26:14:594:898  SA life type in seconds
5-05: 06:26:14:594:898  SA life duration 28800
5-05: 06:26:14:594:898  group description for PFS is 2
5-05: 06:26:14:594:898  tunnel mode is Tunnel Mode(1)
5-05: 06:26:14:594:898  HMAC algorithm is SHA(2)
5-05: 06:26:14:594:898 Finding Responder Policy for SRC=10.0.1.0.0000 DST=10.0.0.0.0000, SRCMask=255.255.255.0, DSTMask=255.255.255.0, Prot=0 InTunnelEndpt 268a8c0 OutTunnelEndpt 25f94746
5-05: 06:26:14:594:898 QM PolicyName: ISA Server bent QM Policy dwFlags 0
5-05: 06:26:14:594:898 QMOffer[0] LifetimeKBytes 0 LifetimeSec 28800
5-05: 06:26:14:594:898 QMOffer[0] dwFlags 0 dwPFSGroup 2
5-05: 06:26:14:594:898  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
5-05: 06:26:14:594:898 Phase 2 SA accepted: proposal=1 transform=1
5-05: 06:26:14:594:898 GetSpi: src = 10.0.1.0.0000, dst = 10.0.0.0.0000, proto = 00, context = 00000000, srcMask = 255.255.255.0, destMask = 255.255.255.0, TunnelFilter 1
5-05: 06:26:14:594:898 Setting SPI  531187294
5-05: 06:26:14:641:898 constructing ISAKMP Header
5-05: 06:26:14:641:898 constructing HASH (null)
5-05: 06:26:14:641:898 constructing SA (IPSEC)
5-05: 06:26:14:641:898 constructing QM KE
5-05: 06:26:14:641:898 constructing NONCE (IPSEC)
5-05: 06:26:14:641:898 constructing ID (proxy)
5-05: 06:26:14:641:898 constructing ID (proxy)
5-05: 06:26:14:641:898 constructing HASH (QM)
5-05: 06:26:14:641:898
5-05: 06:26:14:641:898 Sending: SA = 0x0304FC80 to 70.71.249.37:Type 2.500
5-05: 06:26:14:641:898 ISAKMP Header: (V1.0), len = 300
5-05: 06:26:14:641:898   I-COOKIE e89d9a2e991242e8
5-05: 06:26:14:641:898   R-COOKIE 3dbd483c0ce84bb6
5-05: 06:26:14:641:898   exchange: Oakley Quick Mode
5-05: 06:26:14:641:898   flags: 3 ( encrypted commit )
5-05: 06:26:14:641:898   next payload: HASH
5-05: 06:26:14:641:898   message ID: c28a0249
5-05: 06:26:14:641:898 Ports S:f401 D:f401
5-05: 06:26:14:750:898
5-05: 06:26:14:750:898 Receive: (get) SA = 0x0304fc80 from 70.71.249.37.500
5-05: 06:26:14:750:898 ISAKMP Header: (V1.0), len = 60
5-05: 06:26:14:750:898   I-COOKIE e89d9a2e991242e8
5-05: 06:26:14:750:898   R-COOKIE 3dbd483c0ce84bb6
5-05: 06:26:14:750:898   exchange: Oakley Quick Mode
5-05: 06:26:14:750:898   flags: 1 ( encrypted )
5-05: 06:26:14:750:898   next payload: HASH
5-05: 06:26:14:750:898   message ID: c28a0249
5-05: 06:26:14:750:898 processing HASH (QM)
5-05: 06:26:14:750:898 ClearFragList
5-05: 06:26:14:750:898 Adding QMs: src = 10.0.0.0.0000, dst = 10.0.1.0.0000, proto = 00, context = 0000000C, my tunnel = 192.168.104.2, peer tunnel = 70.71.249.37, SrcMask = 255.255.255.0, DestMask = 255.255.255.0 Lifetime = 28800 LifetimeKBytes 100000 dwFlags 1 Direction 1 EncapType 1
5-05: 06:26:14:750:898  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
5-05: 06:26:14:750:898  Algo[0] MySpi: 531187294 PeerSpi: 1733239262
5-05: 06:26:14:750:898 Encap Ports Src 500 Dst 500
5-05: 06:26:14:750:898 isadb_set_status sa:0304FC80 centry:000EC558 status 0
5-05: 06:26:14:750:898 Constructing Commit Notify
5-05: 06:26:14:750:898 constructing ISAKMP Header
5-05: 06:26:14:750:898 constructing HASH (null)
5-05: 06:26:14:750:898 constructing NOTIFY 16384
5-05: 06:26:14:750:898 constructing HASH (QM)
5-05: 06:26:14:750:898
5-05: 06:26:14:750:898 Sending: SA = 0x0304FC80 to 70.71.249.37:Type 4.500
5-05: 06:26:14:750:898 ISAKMP Header: (V1.0), len = 76
5-05: 06:26:14:750:898   I-COOKIE e89d9a2e991242e8
5-05: 06:26:14:750:898   R-COOKIE 3dbd483c0ce84bb6
5-05: 06:26:14:750:898   exchange: Oakley Quick Mode
5-05: 06:26:14:750:898   flags: 3 ( encrypted commit )
5-05: 06:26:14:750:898   next payload: HASH
5-05: 06:26:14:750:898   message ID: c28a0249
5-05: 06:26:14:750:898 Ports S:f401 D:f401
5-05: 06:26:14:750:898 QM Deleted. Notify from driver: Src 10.0.0.0 Dest 10.0.1.0 InSPI 2246185000 OutSpi 889332642  Tunnel 25f94746 TunnelFilter 0
5-05: 06:26:14:750:898 srcEncapPort=62465, dstEncapPort=62465
5-05: 06:26:14:750:898 Could not find the peer list entry
5-05: 06:26:14:750:898 constructing ISAKMP Header
5-05: 06:26:14:750:898 constructing HASH (null)
5-05: 06:26:14:750:898 Construct QM Delete Spi 2246185000
5-05: 06:26:14:750:898 constructing HASH (Notify/Delete)
5-05: 06:26:14:750:898 Not setting retransmit to downlevel client. SA 0304F918 Centry 00000000
5-05: 06:26:14:750:898
5-05: 06:26:14:750:898 Sending: SA = 0x0304F918 to 70.71.249.37:Type 1.500
5-05: 06:26:14:750:898 ISAKMP Header: (V1.0), len = 68
5-05: 06:26:14:750:898   I-COOKIE ec9ae0e59b7bd105
5-05: 06:26:14:750:898   R-COOKIE 3784864df834ac9c
5-05: 06:26:14:750:898   exchange: ISAKMP Informational Exchange
5-05: 06:26:14:750:898   flags: 1 ( encrypted )
5-05: 06:26:14:750:898   next payload: HASH
5-05: 06:26:14:750:898   message ID: 319880e1
5-05: 06:26:14:750:898 Ports S:f401 D:f401
5-05: 06:26:14:750:898 PrivatePeerAddr 0
5-05: 06:26:14:782:171c
5-05: 06:26:14:782:171c Receive: (get) SA = 0x0304f918 from 70.71.249.37.500
5-05: 06:26:14:782:171c ISAKMP Header: (V1.0), len = 152
5-05: 06:26:14:782:171c   I-COOKIE ec9ae0e59b7bd105
5-05: 06:26:14:782:171c   R-COOKIE 3784864df834ac9c
5-05: 06:26:14:782:171c   exchange: ISAKMP Informational Exchange
5-05: 06:26:14:782:171c   flags: 0
5-05: 06:26:14:782:171c   next payload: NOTIFY
5-05: 06:26:14:782:171c   message ID: 5282856d
5-05: 06:26:14:782:171c received an unencrypted packet when crypto active
5-05: 06:26:14:782:171c GetPacket failed 35ec
5-05: 06:26:33:235:171c
5-05: 06:26:33:235:171c Receive: (get) SA = 0x00000000 from 70.71.249.37.500
5-05: 06:26:33:235:171c ISAKMP Header: (V1.0), len = 80
5-05: 06:26:33:235:171c   I-COOKIE 931af113c07ff9af
5-05: 06:26:33:235:171c   R-COOKIE 0000000000000000
5-05: 06:26:33:235:171c   exchange: Oakley Main Mode
5-05: 06:26:33:235:171c   flags: 0
5-05: 06:26:33:235:171c   next payload: SA
5-05: 06:26:33:235:171c   message ID: 00000000
5-05: 06:26:33:235:171c Filter to match: Src 70.71.249.37 Dst 192.168.104.2
5-05: 06:26:33:250:171c MM PolicyName: ISA Server bent MM Policy
5-05: 06:26:33:250:171c MMPolicy dwFlags 0 SoftSAExpireTime 28800
5-05: 06:26:33:250:171c MMOffer[0] LifetimeSec 28800 QMLimit 0 DHGroup 2
5-05: 06:26:33:250:171c MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
5-05: 06:26:33:250:171c Auth[0]:PresharedKey KeyLen 30
5-05: 06:26:33:250:171c Responding with new SA 40c46b0
5-05: 06:26:33:250:171c processing payload SA
5-05: 06:26:33:250:171c Received Phase 1 Transform 1
5-05: 06:26:33:250:171c      Encryption Alg Triple DES CBC(5)
5-05: 06:26:33:250:171c      Hash Alg SHA(2)
5-05: 06:26:33:250:171c      Oakley Group 2
5-05: 06:26:33:250:171c      Auth Method Preshared Key(1)
5-05: 06:26:33:250:171c      Life type in Seconds
5-05: 06:26:33:250:171c      Life duration of 28800
5-05: 06:26:33:250:171c Phase 1 SA accepted: transform=1
5-05: 06:26:33:250:171c SA - Oakley proposal accepted
5-05: 06:26:33:250:171c ClearFragList
5-05: 06:26:33:250:171c constructing ISAKMP Header
5-05: 06:26:33:250:171c constructing SA (ISAKMP)
5-05: 06:26:33:250:171c Constructing Vendor MS NT5 ISAKMPOAKLEY
5-05: 06:26:33:250:171c Constructing Vendor FRAGMENTATION
5-05: 06:26:33:250:171c Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
5-05: 06:26:33:250:171c
5-05: 06:26:33:250:171c Sending: SA = 0x040C46B0 to 70.71.249.37:Type 2.500
5-05: 06:26:33:250:171c ISAKMP Header: (V1.0), len = 148
5-05: 06:26:33:250:171c   I-COOKIE 931af113c07ff9af
5-05: 06:26:33:250:171c   R-COOKIE 8fa2b6d232084db3
5-05: 06:26:33:250:171c   exchange: Oakley Main Mode
5-05: 06:26:33:250:171c   flags: 0
5-05: 06:26:33:250:171c   next payload: SA
5-05: 06:26:33:250:171c   message ID: 00000000
5-05: 06:26:33:250:171c Ports S:f401 D:f401
5-05: 06:26:33:360:171c
5-05: 06:26:33:360:171c Receive: (get) SA = 0x040c46b0 from 70.71.249.37.500
5-05: 06:26:33:360:171c ISAKMP Header: (V1.0), len = 220
5-05: 06:26:33:360:171c   I-COOKIE 931af113c07ff9af
5-05: 06:26:33:360:171c   R-COOKIE 8fa2b6d232084db3
5-05: 06:26:33:360:171c   exchange: Oakley Main Mode
5-05: 06:26:33:360:171c   flags: 0
5-05: 06:26:33:360:171c   next payload: KE
5-05: 06:26:33:360:171c   message ID: 00000000
5-05: 06:26:33:360:171c processing payload KE
5-05: 06:26:33:391:171c processing payload NONCE
5-05: 06:26:33:391:171c processing payload VENDOR ID
5-05: 06:26:33:391:171c processing payload VENDOR ID
5-05: 06:26:33:391:171c processing payload VENDOR ID
5-05: 06:26:33:391:171c ClearFragList
5-05: 06:26:33:391:171c constructing ISAKMP Header
5-05: 06:26:33:391:171c constructing KE
5-05: 06:26:33:391:171c constructing NONCE (ISAKMP)
5-05: 06:26:33:391:171c
5-05: 06:26:33:391:171c Sending: SA = 0x040C46B0 to 70.71.249.37:Type 2.500
5-05: 06:26:33:391:171c ISAKMP Header: (V1.0), len = 184
5-05: 06:26:33:391:171c   I-COOKIE 931af113c07ff9af
5-05: 06:26:33:391:171c   R-COOKIE 8fa2b6d232084db3
5-05: 06:26:33:391:171c   exchange: Oakley Main Mode
5-05: 06:26:33:391:171c   flags: 0
5-05: 06:26:33:391:171c   next payload: KE
5-05: 06:26:33:391:171c   message ID: 00000000
5-05: 06:26:33:391:171c Ports S:f401 D:f401
5-05: 06:26:33:500:171c
5-05: 06:26:33:500:171c Receive: (get) SA = 0x040c46b0 from 70.71.249.37.500
5-05: 06:26:33:500:171c ISAKMP Header: (V1.0), len = 68
5-05: 06:26:33:500:171c   I-COOKIE 931af113c07ff9af
5-05: 06:26:33:500:171c   R-COOKIE 8fa2b6d232084db3
5-05: 06:26:33:500:171c   exchange: Oakley Main Mode
5-05: 06:26:33:500:171c   flags: 1 ( encrypted )
5-05: 06:26:33:500:171c   next payload: ID
5-05: 06:26:33:500:171c   message ID: 00000000
5-05: 06:26:33:516:171c processing payload ID
5-05: 06:26:33:516:171c processing payload HASH
5-05: 06:26:33:516:171c AUTH: Phase I authentication accepted
5-05: 06:26:33:516:171c ClearFragList
5-05: 06:26:33:516:171c constructing ISAKMP Header
5-05: 06:26:33:516:171c constructing ID
5-05: 06:26:33:516:171c MM ID Type 1
5-05: 06:26:33:516:171c MM ID c0a86802
5-05: 06:26:33:516:171c constructing HASH
5-05: 06:26:33:516:171c MM established.  SA: 040C46B0
5-05: 06:26:33:516:171c
5-05: 06:26:33:516:171c Sending: SA = 0x040C46B0 to 70.71.249.37:Type 2.500
5-05: 06:26:33:516:171c ISAKMP Header: (V1.0), len = 68
5-05: 06:26:33:516:171c   I-COOKIE 931af113c07ff9af
5-05: 06:26:33:516:171c   R-COOKIE 8fa2b6d232084db3
5-05: 06:26:33:516:171c   exchange: Oakley Main Mode
5-05: 06:26:33:516:171c   flags: 1 ( encrypted )
5-05: 06:26:33:516:171c   next payload: ID
5-05: 06:26:33:516:171c   message ID: 00000000
5-05: 06:26:33:516:171c Ports S:f401 D:f401
5-05: 06:26:34:391:27c retransmit: sa = 040C46B0 centry 00000000 , count = 1
5-05: 06:26:34:391:27c
5-05: 06:26:34:391:27c Sending: SA = 0x040C46B0 to 70.71.249.37:Type 2.500
5-05: 06:26:34:391:27c ISAKMP Header: (V1.0), len = 68
5-05: 06:26:34:391:27c   I-COOKIE 931af113c07ff9af
5-05: 06:26:34:391:27c   R-COOKIE 8fa2b6d232084db3
5-05: 06:26:34:391:27c   exchange: Oakley Main Mode
5-05: 06:26:34:391:27c   flags: 1 ( encrypted )
5-05: 06:26:34:391:27c   next payload: ID
5-05: 06:26:34:391:27c   message ID: 00000000
5-05: 06:26:34:391:27c Ports S:f401 D:f401
5-05: 06:26:36:391:27c retransmit: sa = 040C46B0 centry 00000000 , count = 2
5-05: 06:26:36:391:27c
5-05: 06:26:36:391:27c Sending: SA = 0x040C46B0 to 70.71.249.37:Type 2.500
5-05: 06:26:36:391:27c ISAKMP Header: (V1.0), len = 68
5-05: 06:26:36:391:27c   I-COOKIE 931af113c07ff9af
5-05: 06:26:36:391:27c   R-COOKIE 8fa2b6d232084db3
5-05: 06:26:36:391:27c   exchange: Oakley Main Mode
5-05: 06:26:36:391:27c   flags: 1 ( encrypted )
5-05: 06:26:36:391:27c   next payload: ID
5-05: 06:26:36:391:27c   message ID: 00000000
5-05: 06:26:36:391:27c Ports S:f401 D:f401
5-05: 06:26:40:391:27c retransmit: sa = 040C46B0 centry 00000000 , count = 3
5-05: 06:26:40:391:27c
5-05: 06:26:40:391:27c Sending: SA = 0x040C46B0 to 70.71.249.37:Type 2.500
5-05: 06:26:40:391:27c ISAKMP Header: (V1.0), len = 68
5-05: 06:26:40:391:27c   I-COOKIE 931af113c07ff9af
5-05: 06:26:40:391:27c   R-COOKIE 8fa2b6d232084db3
5-05: 06:26:40:391:27c   exchange: Oakley Main Mode
5-05: 06:26:40:391:27c   flags: 1 ( encrypted )
5-05: 06:26:40:391:27c   next payload: ID
5-05: 06:26:40:391:27c   message ID: 00000000
5-05: 06:26:40:391:27c Ports S:f401 D:f401
5-05: 06:26:48:391:27c retransmit: sa = 040C46B0 centry 00000000 , count = 4
5-05: 06:26:48:391:27c
5-05: 06:26:48:391:27c Sending: SA = 0x040C46B0 to 70.71.249.37:Type 2.500
5-05: 06:26:48:391:27c ISAKMP Header: (V1.0), len = 68
5-05: 06:26:48:391:27c   I-COOKIE 931af113c07ff9af
5-05: 06:26:48:391:27c   R-COOKIE 8fa2b6d232084db3
5-05: 06:26:48:391:27c   exchange: Oakley Main Mode
5-05: 06:26:48:391:27c   flags: 1 ( encrypted )
5-05: 06:26:48:391:27c   next payload: ID
5-05: 06:26:48:391:27c   message ID: 00000000
5-05: 06:26:48:391:27c Ports S:f401 D:f401
5-05: 06:27:04:391:27c retransmit: sa = 040C46B0 centry 00000000 , count = 5
5-05: 06:27:04:391:27c
5-05: 06:27:04:391:27c Sending: SA = 0x040C46B0 to 70.71.249.37:Type 2.500
5-05: 06:27:04:391:27c ISAKMP Header: (V1.0), len = 68
5-05: 06:27:04:391:27c   I-COOKIE 931af113c07ff9af
5-05: 06:27:04:391:27c   R-COOKIE 8fa2b6d232084db3
5-05: 06:27:04:391:27c   exchange: Oakley Main Mode
5-05: 06:27:04:391:27c   flags: 1 ( encrypted )
5-05: 06:27:04:391:27c   next payload: ID
5-05: 06:27:04:391:27c   message ID: 00000000
5-05: 06:27:04:391:27c Ports S:f401 D:f401
5-05: 06:27:18:438:1434 CE Dead. sa:0304FC80 ce:000EC558 status:35f0
5-05: 06:27:36:391:27c retransmit exhausted: sa = 040C46B0 centry 00000000, count = 6
5-05: 06:27:36:391:27c SA Dead. sa:040C46B0 status:35ed
5-05: 06:27:36:391:27c isadb_set_status sa:040C46B0 centry:00000000 status 35ed
5-05: 06:27:36:391:27c constructing ISAKMP Header
5-05: 06:27:36:391:27c constructing HASH (null)
5-05: 06:27:36:391:27c constructing DELETE. MM 040C46B0
5-05: 06:27:36:391:27c constructing HASH (Notify/Delete)
5-05: 06:27:36:391:27c Not setting retransmit to downlevel client. SA 040C46B0 Centry 00000000
5-05: 06:27:36:391:27c
5-05: 06:27:36:391:27c Sending: SA = 0x040C46B0 to 70.71.249.37:Type 1.500
5-05: 06:27:36:391:27c ISAKMP Header: (V1.0), len = 84
5-05: 06:27:36:391:27c   I-COOKIE 931af113c07ff9af
5-05: 06:27:36:391:27c   R-COOKIE 8fa2b6d232084db3
5-05: 06:27:36:391:27c   exchange: ISAKMP Informational Exchange
5-05: 06:27:36:391:27c   flags: 1 ( encrypted )
5-05: 06:27:36:391:27c   next payload: HASH
5-05: 06:27:36:391:27c   message ID: f49ff1b7
5-05: 06:27:36:391:27c Ports S:f401 D:f401
5-05: 06:28:03:438:10bc ClearFragList
5-05: 06:29:53:47:b8c
5-05: 06:29:53:47:b8c Receive: (get) SA = 0x00000000 from 70.71.249.37.500
5-05: 06:29:53:47:b8c ISAKMP Header: (V1.0), len = 80
5-05: 06:29:53:47:b8c   I-COOKIE d2ec2ac31a813d53
5-05: 06:29:53:47:b8c   R-COOKIE 0000000000000000
5-05: 06:29:53:47:b8c   exchange: Oakley Main Mode
5-05: 06:29:53:47:b8c   flags: 0
5-05: 06:29:53:47:b8c   next payload: SA
5-05: 06:29:53:47:b8c   message ID: 00000000
5-05: 06:29:53:47:b8c Filter to match: Src 70.71.249.37 Dst 192.168.104.2
5-05: 06:29:53:47:b8c MM PolicyName: ISA Server bent MM Policy
5-05: 06:29:53:47:b8c MMPolicy dwFlags 0 SoftSAExpireTime 28800
5-05: 06:29:53:47:b8c MMOffer[0] LifetimeSec 28800 QMLimit 0 DHGroup 2
5-05: 06:29:53:47:b8c MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
5-05: 06:29:53:47:b8c Auth[0]:PresharedKey KeyLen 30
5-05: 06:29:53:47:b8c Responding with new SA 40c46b0
5-05: 06:29:53:47:b8c processing payload SA
5-05: 06:29:53:47:b8c Received Phase 1 Transform 1
5-05: 06:29:53:47:b8c      Encryption Alg Triple DES CBC(5)
5-05: 06:29:53:47:b8c      Hash Alg SHA(2)
5-05: 06:29:53:47:b8c      Oakley Group 2
5-05: 06:29:53:47:b8c      Auth Method Preshared Key(1)
5-05: 06:29:53:47:b8c      Life type in Seconds
5-05: 06:29:53:47:b8c      Life duration of 28800
5-05: 06:29:53:47:b8c Phase 1 SA accepted: transform=1
5-05: 06:29:53:47:b8c SA - Oakley proposal accepted
5-05: 06:29:53:47:b8c ClearFragList
5-05: 06:29:53:47:b8c constructing ISAKMP Header
5-05: 06:29:53:47:b8c constructing SA (ISAKMP)
5-05: 06:29:53:47:b8c Constructing Vendor MS NT5 ISAKMPOAKLEY
5-05: 06:29:53:47:b8c Constructing Vendor FRAGMENTATION
5-05: 06:29:53:47:b8c Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
5-05: 06:29:53:47:b8c
5-05: 06:29:53:47:b8c Sending: SA = 0x040C46B0 to 70.71.249.37:Type 2.500
5-05: 06:29:53:47:b8c ISAKMP Header: (V1.0), len = 148
5-05: 06:29:53:47:b8c   I-COOKIE d2ec2ac31a813d53
5-05: 06:29:53:47:b8c   R-COOKIE 31429d86248841a7
5-05: 06:29:53:47:b8c   exchange: Oakley Main Mode
5-05: 06:29:53:47:b8c   flags: 0
5-05: 06:29:53:47:b8c   next payload: SA
5-05: 06:29:53:47:b8c   message ID: 00000000
5-05: 06:29:53:47:b8c Ports S:f401 D:f401
5-05: 06:29:53:172:b8c
5-05: 06:29:53:172:b8c Receive: (get) SA = 0x040c46b0 from 70.71.249.37.500
5-05: 06:29:53:172:b8c ISAKMP Header: (V1.0), len = 220
5-05: 06:29:53:172:b8c   I-COOKIE d2ec2ac31a813d53
5-05: 06:29:53:172:b8c   R-COOKIE 31429d86248841a7
5-05: 06:29:53:172:b8c   exchange: Oakley Main Mode
5-05: 06:29:53:172:b8c   flags: 0
5-05: 06:29:53:172:b8c   next payload: KE
5-05: 06:29:53:172:b8c   message ID: 00000000
5-05: 06:29:53:172:b8c processing payload KE
5-05: 06:29:53:203:b8c processing payload NONCE
5-05: 06:29:53:203:b8c processing payload VENDOR ID
5-05: 06:29:53:203:b8c processing payload VENDOR ID
5-05: 06:29:53:203:b8c processing payload VENDOR ID
5-05: 06:29:53:203:b8c ClearFragList
5-05: 06:29:53:203:b8c constructing ISAKMP Header
5-05: 06:29:53:203:b8c constructing KE
5-05: 06:29:53:203:b8c constructing NONCE (ISAKMP)
5-05: 06:29:53:203:b8c
5-05: 06:29:53:203:b8c Sending: SA = 0x040C46B0 to 70.71.249.37:Type 2.500
5-05: 06:29:53:203:b8c ISAKMP Header: (V1.0), len = 184
5-05: 06:29:53:203:b8c   I-COOKIE d2ec2ac31a813d53
5-05: 06:29:53:203:b8c   R-COOKIE 31429d86248841a7
5-05: 06:29:53:203:b8c   exchange: Oakley Main Mode
5-05: 06:29:53:203:b8c   flags: 0
5-05: 06:29:53:203:b8c   next payload: KE
5-05: 06:29:53:203:b8c   message ID: 00000000
5-05: 06:29:53:203:b8c Ports S:f401 D:f401
5-05: 06:29:53:313:b8c
5-05: 06:29:53:313:b8c Receive: (get) SA = 0x040c46b0 from 70.71.249.37.500
5-05: 06:29:53:313:b8c ISAKMP Header: (V1.0), len = 68
5-05: 06:29:53:313:b8c   I-COOKIE d2ec2ac31a813d53
5-05: 06:29:53:313:b8c   R-COOKIE 31429d86248841a7
5-05: 06:29:53:313:b8c   exchange: Oakley Main Mode
5-05: 06:29:53:313:b8c   flags: 1 ( encrypted )
5-05: 06:29:53:313:b8c   next payload: ID
5-05: 06:29:53:313:b8c   message ID: 00000000
5-05: 06:29:53:313:b8c processing payload ID
5-05: 06:29:53:313:b8c processing payload HASH
5-05: 06:29:53:313:b8c AUTH: Phase I authentication accepted
5-05: 06:29:53:313:b8c ClearFragList
5-05: 06:29:53:313:b8c constructing ISAKMP Header
5-05: 06:29:53:313:b8c constructing ID
5-05: 06:29:53:313:b8c MM ID Type 1
5-05: 06:29:53:313:b8c MM ID c0a86802
5-05: 06:29:53:313:b8c constructing HASH
5-05: 06:29:53:313:b8c MM established.  SA: 040C46B0
5-05: 06:29:53:313:b8c
5-05: 06:29:53:313:b8c Sending: SA = 0x040C46B0 to 70.71.249.37:Type 2.500
5-05: 06:29:53:313:b8c ISAKMP Header: (V1.0), len = 68
5-05: 06:29:53:313:b8c   I-COOKIE d2ec2ac31a813d53
5-05: 06:29:53:313:b8c   R-COOKIE 31429d86248841a7
5-05: 06:29:53:313:b8c   exchange: Oakley Main Mode
5-05: 06:29:53:313:b8c   flags: 1 ( encrypted )
5-05: 06:29:53:313:b8c   next payload: ID
5-05: 06:29:53:313:b8c   message ID: 00000000
5-05: 06:29:53:313:b8c Ports S:f401 D:f401
5-05: 06:29:53:453:b8c
5-05: 06:29:53:453:b8c Receive: (get) SA = 0x040c46b0 from 70.71.249.37.500
5-05: 06:29:53:453:b8c ISAKMP Header: (V1.0), len = 300
5-05: 06:29:53:453:b8c   I-COOKIE d2ec2ac31a813d53
5-05: 06:29:53:453:b8c   R-COOKIE 31429d86248841a7
5-05: 06:29:53:453:b8c   exchange: Oakley Quick Mode
5-05: 06:29:53:453:b8c   flags: 1 ( encrypted )
5-05: 06:29:53:453:b8c   next payload: HASH
5-05: 06:29:53:453:b8c   message ID: 68b2bf6e
5-05: 06:29:53:453:b8c processing HASH (QM)
5-05: 06:29:53:453:b8c ClearFragList
5-05: 06:29:53:453:b8c processing payload NONCE
5-05: 06:29:53:453:b8c processing payload KE
5-05: 06:29:53:453:b8c Quick Mode KE processed; Saved KE data
5-05: 06:29:53:453:b8c processing payload ID
5-05: 06:29:53:453:b8c processing payload ID
5-05: 06:29:53:453:b8c processing payload SA
5-05: 06:29:53:453:b8c Negotiated Proxy ID: Src 10.0.1.0.0 Dst 192.168.104.0.0
5-05: 06:29:53:453:b8c Src id for subnet.  Mask 255.255.255.0
5-05: 06:29:53:453:b8c Dst id for subnet.  Mask 255.255.255.0
5-05: 06:29:53:453:b8c Checking Proposal 1: Proto= ESP(3), num trans=1 Next=0
5-05: 06:29:53:453:b8c Checking Transform # 1: ID=Triple DES CBC(3)
5-05: 06:29:53:453:b8c  SA life type in seconds
5-05: 06:29:53:453:b8c  SA life duration 28800
5-05: 06:29:53:453:b8c  group description for PFS is 2
5-05: 06:29:53:453:b8c  tunnel mode is Tunnel Mode(1)
5-05: 06:29:53:453:b8c  HMAC algorithm is SHA(2)
5-05: 06:29:53:453:b8c Finding Responder Policy for SRC=10.0.1.0.0000 DST=192.168.104.0.0000, SRCMask=255.255.255.0, DSTMask=255.255.255.0, Prot=0 InTunnelEndpt 268a8c0 OutTunnelEndpt 25f94746
5-05: 06:29:53:453:b8c Failed to get TunnelPolicy 13015
5-05: 06:29:53:453:b8c Responder failed to match filter(Phase II) 13015
5-05: 06:29:53:453:b8c Data Protection Mode (Quick Mode)
5-05: 06:29:53:453:b8c Source IP Address 192.168.104.0  Source IP Address Mask 255.255.255.0  Destination IP Address 10.0.1.0  Destination IP Address Mask 255.255.255.0  Protocol 0  Source Port 0  Destination Port 0  IKE Local Addr 192.168.104.2  IKE Peer Addr 70.71.249.37  IKE Source Port 500  IKE Destination Port 500  Peer Private Addr
5-05: 06:29:53:453:b8c Preshared key ID.  Peer IP Address: 70.71.249.37
5-05: 06:29:53:453:b8c Me
5-05: 06:29:53:453:b8c No policy configured
5-05: 06:29:53:453:b8c Processed third (ID) payload  Responder.  Delta Time 0   0x0 0x0
5-05: 06:29:53:453:b8c isadb_set_status sa:040C46B0 centry:000EC558 status 3601
5-05: 06:29:53:453:b8c ProcessFailure: sa:040C46B0 centry:000EC558 status:3601
5-05: 06:29:53:453:b8c constructing ISAKMP Header
5-05: 06:29:53:453:b8c constructing HASH (null)
5-05: 06:29:53:453:b8c constructing NOTIFY 18
5-05: 06:29:53:453:b8c constructing HASH (Notify/Delete)
5-05: 06:29:53:453:b8c
5-05: 06:29:53:453:b8c Sending: SA = 0x040C46B0 to 70.71.249.37:Type 1.500
5-05: 06:29:53:453:b8c ISAKMP Header: (V1.0), len = 68
5-05: 06:29:53:453:b8c   I-COOKIE d2ec2ac31a813d53
5-05: 06:29:53:453:b8c   R-COOKIE 31429d86248841a7
5-05: 06:29:53:453:b8c   exchange: ISAKMP Informational Exchange
5-05: 06:29:53:453:b8c   flags: 1 ( encrypted )
5-05: 06:29:53:453:b8c   next payload: HASH
5-05: 06:29:53:453:b8c   message ID: 7775b781
5-05: 06:29:53:453:b8c Ports S:f401 D:f401
5-05: 06:29:58:47:b8c
5-05: 06:29:58:47:b8c Receive: (get) SA = 0x040c46b0 from 70.71.249.37.500
5-05: 06:29:58:63:b8c ISAKMP Header: (V1.0), len = 300
5-05: 06:29:58:63:b8c   I-COOKIE d2ec2ac31a813d53
5-05: 06:29:58:63:b8c   R-COOKIE 31429d86248841a7
5-05: 06:29:58:63:b8c   exchange: Oakley Quick Mode
5-05: 06:29:58:63:b8c   flags: 1 ( encrypted )
5-05: 06:29:58:63:b8c   next payload: HASH
5-05: 06:29:58:63:b8c   message ID: 68b2bf6e
5-05: 06:29:58:63:b8c Dropping Centry processing because SA status set.  SA 040C46B0 Centry 000EC558 Status 3601
5-05: 06:30:07:94:b8c
5-05: 06:30:07:94:b8c Receive: (get) SA = 0x040c46b0 from 70.71.249.37.500
5-05: 06:30:07:94:b8c ISAKMP Header: (V1.0), len = 300
5-05: 06:30:07:94:b8c   I-COOKIE d2ec2ac31a813d53
5-05: 06:30:07:94:b8c   R-COOKIE 31429d86248841a7
5-05: 06:30:07:94:b8c   exchange: Oakley Quick Mode
5-05: 06:30:07:94:b8c   flags: 1 ( encrypted )
5-05: 06:30:07:94:b8c   next payload: HASH
5-05: 06:30:07:94:b8c   message ID: 68b2bf6e
5-05: 06:30:07:94:b8c Dropping Centry processing because SA status set.  SA 040C46B0 Centry 000EC558 Status 3601
5-05: 06:30:24:94:b8c
5-05: 06:30:24:94:b8c Receive: (get) SA = 0x040c46b0 from 70.71.249.37.500
5-05: 06:30:24:94:b8c ISAKMP Header: (V1.0), len = 300
5-05: 06:30:24:94:b8c   I-COOKIE d2ec2ac31a813d53
5-05: 06:30:24:94:b8c   R-COOKIE 31429d86248841a7
5-05: 06:30:24:94:b8c   exchange: Oakley Quick Mode
5-05: 06:30:24:94:b8c   flags: 1 ( encrypted )
5-05: 06:30:24:94:b8c   next payload: HASH
5-05: 06:30:24:94:b8c   message ID: 68b2bf6e
5-05: 06:30:24:94:b8c Dropping Centry processing because SA status set.  SA 040C46B0 Centry 000EC558 Status 3601
5-05: 06:31:55:63:b8c QM Deleted. Notify from driver: Src 10.0.0.0 Dest 10.0.1.0 InSPI 531187294 OutSpi 1733239262  Tunnel 25f94746 TunnelFilter 0
5-05: 06:31:55:63:b8c srcEncapPort=62465, dstEncapPort=62465
5-05: 06:31:55:63:b8c Could not find the peer list entry
5-05: 06:31:55:63:b8c constructing ISAKMP Header
5-05: 06:31:55:63:b8c constructing HASH (null)
5-05: 06:31:55:63:b8c Construct QM Delete Spi 531187294
5-05: 06:31:55:63:b8c constructing HASH (Notify/Delete)
5-05: 06:31:55:63:b8c Not setting retransmit to downlevel client. SA 0304FC80 Centry 00000000
5-05: 06:31:55:63:b8c
5-05: 06:31:55:63:b8c Sending: SA = 0x0304FC80 to 70.71.249.37:Type 1.500
5-05: 06:31:55:63:b8c ISAKMP Header: (V1.0), len = 68
5-05: 06:31:55:63:b8c   I-COOKIE e89d9a2e991242e8
5-05: 06:31:55:63:b8c   R-COOKIE 3dbd483c0ce84bb6
5-05: 06:31:55:63:b8c   exchange: ISAKMP Informational Exchange
5-05: 06:31:55:63:b8c   flags: 1 ( encrypted )
5-05: 06:31:55:63:b8c   next payload: HASH
5-05: 06:31:55:63:b8c   message ID: 2663a4c8
5-05: 06:31:55:63:b8c Ports S:f401 D:f401
5-05: 06:31:55:63:b8c PrivatePeerAddr 0
5-05: 06:31:55:78:b8c
5-05: 06:31:55:78:b8c Receive: (get) SA = 0x0304fc80 from 70.71.249.37.500
5-05: 06:31:55:78:b8c ISAKMP Header: (V1.0), len = 152
5-05: 06:31:55:78:b8c   I-COOKIE e89d9a2e991242e8
5-05: 06:31:55:78:b8c   R-COOKIE 3dbd483c0ce84bb6
5-05: 06:31:55:78:b8c   exchange: ISAKMP Informational Exchange
5-05: 06:31:55:78:b8c   flags: 0
5-05: 06:31:55:78:b8c   next payload: NOTIFY
5-05: 06:31:55:78:b8c   message ID: 4ec5d74e
5-05: 06:31:55:78:b8c received an unencrypted packet when crypto active
5-05: 06:31:55:78:b8c GetPacket failed 35ec
5-05: 06:32:09:719:274 Acquire from driver: op=0000000D src=10.0.0.2.0 dst=10.0.1.17.0 proto = 0, SrcMask=255.255.255.0, DstMask=255.255.255.0, Tunnel 1, TunnelEndpt=70.71.249.37 Inbound TunnelEndpt=192.168.104.2
5-05: 06:32:09:719:b8c Starting Negotiation: src = 70.71.249.37.0500, dst = 192.168.104.2.0500, proto = 00, context = 0000000D, ProxySrc = 10.0.0.0.0000, ProxyDst = 10.0.1.0.0000 SrcMask = 255.255.255.0 DstMask = 255.255.255.0
5-05: 06:32:09:719:b8c QM PolicyName: ISA Server bent QM Policy dwFlags 0
5-05: 06:32:09:719:b8c QMOffer[0] LifetimeKBytes 0 LifetimeSec 28800
5-05: 06:32:09:719:b8c QMOffer[0] dwFlags 0 dwPFSGroup 2
5-05: 06:32:09:719:b8c  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
5-05: 06:32:09:719:b8c GetSpi: src = 10.0.1.0.0000, dst = 10.0.0.0.0000, proto = 00, context = 0000000D, srcMask = 255.255.255.0, destMask = 255.255.255.0, TunnelFilter 1
5-05: 06:32:09:719:b8c Setting SPI  863052363
5-05: 06:32:09:719:b8c constructing ISAKMP Header
5-05: 06:32:09:719:b8c constructing HASH (null)
5-05: 06:32:09:719:b8c constructing SA (IPSEC)
5-05: 06:32:09:719:b8c constructing QM KE
5-05: 06:32:09:750:b8c constructing NONCE (IPSEC)
5-05: 06:32:09:750:b8c constructing ID (proxy)
5-05: 06:32:09:750:b8c constructing ID (proxy)
5-05: 06:32:09:750:b8c constructing HASH (QM)
5-05: 06:32:09:750:b8c
5-05: 06:32:09:750:b8c Sending: SA = 0x040C46B0 to 70.71.249.37:Type 2.500
5-05: 06:32:09:750:b8c ISAKMP Header: (V1.0), len = 300
5-05: 06:32:09:750:b8c   I-COOKIE d2ec2ac31a813d53
5-05: 06:32:09:750:b8c   R-COOKIE 31429d86248841a7
5-05: 06:32:09:750:b8c   exchange: Oakley Quick Mode
5-05: 06:32:09:750:b8c   flags: 1 ( encrypted )
5-05: 06:32:09:750:b8c   next payload: HASH
5-05: 06:32:09:750:b8c   message ID: 6bb35cc1
5-05: 06:32:09:750:b8c Ports S:f401 D:f401
5-05: 06:32:09:969:b8c
5-05: 06:32:09:969:b8c Receive: (get) SA = 0x040c46b0 from 70.71.249.37.500
5-05: 06:32:09:969:b8c ISAKMP Header: (V1.0), len = 300
5-05: 06:32:09:969:b8c   I-COOKIE d2ec2ac31a813d53
5-05: 06:32:09:969:b8c   R-COOKIE 31429d86248841a7
5-05: 06:32:09:969:b8c   exchange: Oakley Quick Mode
5-05: 06:32:09:969:b8c   flags: 1 ( encrypted )
5-05: 06:32:09:969:b8c   next payload: HASH
5-05: 06:32:09:969:b8c   message ID: 6bb35cc1
5-05: 06:32:09:969:b8c processing HASH (QM)
5-05: 06:32:09:969:b8c ClearFragList
5-05: 06:32:09:969:b8c processing payload NONCE
5-05: 06:32:09:969:b8c processing payload KE
5-05: 06:32:09:969:b8c Quick Mode KE processed; Saved KE data
5-05: 06:32:09:969:b8c processing payload ID
5-05: 06:32:09:969:b8c processing payload ID
5-05: 06:32:09:969:b8c processing payload SA
5-05: 06:32:09:969:b8c Negotiated Proxy ID: Src 10.0.0.0.0 Dst 10.0.1.0.0
5-05: 06:32:09:969:b8c Src id for subnet.  Mask 255.255.255.0
5-05: 06:32:09:969:b8c Dst id for subnet.  Mask 255.255.255.0
5-05: 06:32:09:969:b8c Checking Proposal 1: Proto= ESP(3), num trans=1 Next=0
5-05: 06:32:09:969:b8c Checking Transform # 1: ID=Triple DES CBC(3)
5-05: 06:32:09:969:b8c  SA life type in seconds
5-05: 06:32:09:985:b8c  SA life duration 28800
5-05: 06:32:09:985:b8c  group description for PFS is 2
5-05: 06:32:09:985:b8c  tunnel mode is Tunnel Mode(1)
5-05: 06:32:09:985:b8c  HMAC algorithm is SHA(2)
5-05: 06:32:09:985:b8c Phase 2 SA accepted: proposal=1 transform=1
5-05: 06:32:09:985:b8c constructing ISAKMP Header
5-05: 06:32:09:985:b8c constructing HASH (QM)
5-05: 06:32:09:985:b8c Adding QMs: src = 10.0.0.0.0000, dst = 10.0.1.0.0000, proto = 00, context = 0000000D, my tunnel = 192.168.104.2, peer tunnel = 70.71.249.37, SrcMask = 255.255.255.0, DestMask = 255.255.255.0 Lifetime = 28800 LifetimeKBytes 100000 dwFlags 1 Direction 2 EncapType 1
5-05: 06:32:09:985:b8c  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
5-05: 06:32:09:985:b8c  Algo[0] MySpi: 863052363 PeerSpi: 1982993647
5-05: 06:32:09:985:b8c Encap Ports Src 500 Dst 500
5-05: 06:32:09:985:b8c Skipping Outbound SA add
5-05: 06:32:09:985:b8c Adding QMs: src = 10.0.0.0.0000, dst = 10.0.1.0.0000, proto = 00, context = 0000000D, my tunnel = 192.168.104.2, peer tunnel = 70.71.249.37, SrcMask = 255.255.255.0, DestMask = 255.255.255.0 Lifetime = 28800 LifetimeKBytes 100000 dwFlags 1 Direction 3 EncapType 1
5-05: 06:32:09:985:b8c  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
5-05: 06:32:09:985:b8c  Algo[0] MySpi: 863052363 PeerSpi: 1982993647
5-05: 06:32:09:985:b8c Encap Ports Src 500 Dst 500
5-05: 06:32:09:985:b8c Skipping Inbound SA add
5-05: 06:32:09:985:b8c isadb_set_status sa:040C46B0 centry:000EC7C8 status 0
5-05: 06:32:09:985:b8c
5-05: 06:32:09:985:b8c Sending: SA = 0x040C46B0 to 70.71.249.37:Type 4.500
5-05: 06:32:09:985:b8c ISAKMP Header: (V1.0), len = 52
5-05: 06:32:09:985:b8c   I-COOKIE d2ec2ac31a813d53
5-05: 06:32:09:985:b8c   R-COOKIE 31429d86248841a7
5-05: 06:32:09:985:b8c   exchange: Oakley Quick Mode
5-05: 06:32:09:985:b8c   flags: 1 ( encrypted )
5-05: 06:32:09:985:b8c   next payload: HASH
5-05: 06:32:09:985:b8c   message ID: 6bb35cc1
5-05: 06:32:09:985:b8c Ports S:f401 D:f401
5-05: 06:33:10:0:b8c CE Dead. sa:040C46B0 ce:000EC7C8 status:35ef
5-05: 06:33:18:500:b8c CE Dead. sa:040C46B0 ce:000EC558 status:35f0
5-05: 06:33:34:532:274 Acquire from driver: op=0000000E src=192.168.104.2.0 dst=10.0.1.1.0 proto = 0, SrcMask=255.255.255.255, DstMask=255.255.255.0, Tunnel 1, TunnelEndpt=70.71.249.37 Inbound TunnelEndpt=192.168.104.2
5-05: 06:33:34:532:b8c Starting Negotiation: src = 70.71.249.37.0500, dst = 192.168.104.2.0500, proto = 00, context = 0000000E, ProxySrc = 192.168.104.2.0000, ProxyDst = 10.0.1.0.0000 SrcMask = 255.255.255.255 DstMask = 255.255.255.0
5-05: 06:33:34:532:b8c QM PolicyName: ISA Server bent QM Policy dwFlags 0
5-05: 06:33:34:532:b8c QMOffer[0] LifetimeKBytes 0 LifetimeSec 28800
5-05: 06:33:34:532:b8c QMOffer[0] dwFlags 0 dwPFSGroup 2
5-05: 06:33:34:532:b8c  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
5-05: 06:33:34:532:b8c GetSpi: src = 10.0.1.0.0000, dst = 192.168.104.2.0000, proto = 00, context = 0000000E, srcMask = 255.255.255.0, destMask = 255.255.255.255, TunnelFilter 1
5-05: 06:33:34:532:b8c Setting SPI  476581175
5-05: 06:33:34:532:b8c constructing ISAKMP Header
5-05: 06:33:34:532:b8c constructing HASH (null)
5-05: 06:33:34:532:b8c constructing SA (IPSEC)
5-05: 06:33:34:532:b8c constructing QM KE
5-05: 06:33:34:563:b8c constructing NONCE (IPSEC)
5-05: 06:33:34:563:b8c constructing ID (proxy)
5-05: 06:33:34:563:b8c constructing ID (proxy)
5-05: 06:33:34:563:b8c constructing HASH (QM)
5-05: 06:33:34:563:b8c
5-05: 06:33:34:563:b8c Sending: SA = 0x040C46B0 to 70.71.249.37:Type 2.500
5-05: 06:33:34:563:b8c ISAKMP Header: (V1.0), len = 292
5-05: 06:33:34:563:b8c   I-COOKIE d2ec2ac31a813d53
5-05: 06:33:34:563:b8c   R-COOKIE 31429d86248841a7
5-05: 06:33:34:563:b8c   exchange: Oakley Quick Mode
5-05: 06:33:34:563:b8c   flags: 1 ( encrypted )
5-05: 06:33:34:563:b8c   next payload: HASH
5-05: 06:33:34:563:b8c   message ID: 6c88a847
5-05: 06:33:34:563:b8c Ports S:f401 D:f401
5-05: 06:33:34:782:b8c
5-05: 06:33:34:782:b8c Receive: (get) SA = 0x040c46b0 from 70.71.249.37.500
5-05: 06:33:34:782:b8c ISAKMP Header: (V1.0), len = 108
5-05: 06:33:34:782:b8c   I-COOKIE d2ec2ac31a813d53
5-05: 06:33:34:782:b8c   R-COOKIE 31429d86248841a7
5-05: 06:33:34:782:b8c   exchange: ISAKMP Informational Exchange
5-05: 06:33:34:782:b8c   flags: 1 ( encrypted )
5-05: 06:33:34:782:b8c   next payload: HASH
5-05: 06:33:34:782:b8c   message ID: 47e21700
5-05: 06:33:34:782:b8c processing HASH (Notify/Delete)
5-05: 06:33:34:782:b8c processing payload NOTIFY
5-05: 06:33:34:782:b8c notify: NO-PROPOSAL-CHOSEN
5-05: 06:33:34:782:b8c isadb_set_status sa:040C46B0 centry:00000000 status 35ea
5-05: 06:33:35:407:27c retransmit: sa = 040C46B0 centry 000ECA38 , count = 1
5-05: 06:33:35:407:27c
5-05: 06:33:35:407:27c Sending: SA = 0x040C46B0 to 70.71.249.37:Type 2.500
5-05: 06:33:35:407:27c ISAKMP Header: (V1.0), len = 292
5-05: 06:33:35:407:27c   I-COOKIE d2ec2ac31a813d53
5-05: 06:33:35:407:27c   R-COOKIE 31429d86248841a7
5-05: 06:33:35:407:27c   exchange: Oakley Quick Mode
5-05: 06:33:35:407:27c   flags: 1 ( encrypted )
5-05: 06:33:35:407:27c   next payload: HASH
5-05: 06:33:35:407:27c   message ID: 6c88a847
5-05: 06:33:35:407:27c Ports S:f401 D:f401
5-05: 06:33:35:610:b8c
5-05: 06:33:35:610:b8c Receive: (get) SA = 0x040c46b0 from 70.71.249.37.500
5-05: 06:33:35:610:b8c ISAKMP Header: (V1.0), len = 108
5-05: 06:33:35:610:b8c   I-COOKIE d2ec2ac31a813d53
5-05: 06:33:35:610:b8c   R-COOKIE 31429d86248841a7
5-05: 06:33:35:610:b8c   exchange: ISAKMP Informational Exchange
5-05: 06:33:35:610:b8c   flags: 1 ( encrypted )
5-05: 06:33:35:610:b8c   next payload: HASH
5-05: 06:33:35:610:b8c   message ID: 518e06b6
5-05: 06:33:35:610:b8c processing HASH (Notify/Delete)
5-05: 06:33:35:610:b8c processing payload NOTIFY
5-05: 06:33:35:610:b8c notify: NO-PROPOSAL-CHOSEN
5-05: 06:33:37:407:27c retransmit: sa = 040C46B0 centry 000ECA38 , count = 2
5-05: 06:33:37:407:27c
5-05: 06:33:37:407:27c Sending: SA = 0x040C46B0 to 70.71.249.37:Type 2.500
5-05: 06:33:37:407:27c ISAKMP Header: (V1.0), len = 292
5-05: 06:33:37:407:27c   I-COOKIE d2ec2ac31a813d53
5-05: 06:33:37:407:27c   R-COOKIE 31429d86248841a7
5-05: 06:33:37:407:27c   exchange: Oakley Quick Mode
5-05: 06:33:37:407:27c   flags: 1 ( encrypted )
5-05: 06:33:37:407:27c   next payload: HASH
5-05: 06:33:37:407:27c   message ID: 6c88a847
5-05: 06:33:37:407:27c Ports S:f401 D:f401
5-05: 06:33:41:407:27c retransmit: sa = 040C46B0 centry 000ECA38 , count = 3
5-05: 06:33:41:407:27c
5-05: 06:33:41:407:27c Sending: SA = 0x040C46B0 to 70.71.249.37:Type 2.500
5-05: 06:33:41:407:27c ISAKMP Header: (V1.0), len = 292
5-05: 06:33:41:407:27c   I-COOKIE d2ec2ac31a813d53
5-05: 06:33:41:407:27c   R-COOKIE 31429d86248841a7
5-05: 06:33:41:407:27c   exchange: Oakley Quick Mode
5-05: 06:33:41:407:27c   flags: 1 ( encrypted )
5-05: 06:33:41:407:27c   next payload: HASH
5-05: 06:33:41:407:27c   message ID: 6c88a847
5-05: 06:33:41:407:27c Ports S:f401 D:f401
5-05: 06:33:49:407:27c retransmit: sa = 040C46B0 centry 000ECA38 , count = 4
5-05: 06:33:49:407:27c
5-05: 06:33:49:407:27c Sending: SA = 0x040C46B0 to 70.71.249.37:Type 2.500
5-05: 06:33:49:407:27c ISAKMP Header: (V1.0), len = 292
5-05: 06:33:49:407:27c   I-COOKIE d2ec2ac31a813d53
5-05: 06:33:49:407:27c   R-COOKIE 31429d86248841a7
5-05: 06:33:49:407:27c   exchange: Oakley Quick Mode
5-05: 06:33:49:407:27c   flags: 1 ( encrypted )
5-05: 06:33:49:407:27c   next payload: HASH
5-05: 06:33:49:407:27c   message ID: 6c88a847
5-05: 06:33:49:407:27c Ports S:f401 D:f401
5-05: 06:33:54:157:b8c
5-05: 06:33:54:157:b8c Receive: (get) SA = 0x040c46b0 from 70.71.249.37.500
5-05: 06:33:54:157:b8c ISAKMP Header: (V1.0), len = 300
5-05: 06:33:54:157:b8c   I-COOKIE d2ec2ac31a813d53
5-05: 06:33:54:157:b8c   R-COOKIE 31429d86248841a7
5-05: 06:33:54:157:b8c   exchange: Oakley Quick Mode
5-05: 06:33:54:157:b8c   flags: 1 ( encrypted )
5-05: 06:33:54:157:b8c   next payload: HASH
5-05: 06:33:54:157:b8c   message ID: b9f637fc
5-05: 06:33:54:157:b8c processing HASH (QM)
5-05: 06:33:54:157:b8c ClearFragList
5-05: 06:33:54:157:b8c processing payload NONCE
5-05: 06:33:54:157:b8c processing payload KE
5-05: 06:33:54:157:b8c Quick Mode KE processed; Saved KE data
5-05: 06:33:54:157:b8c processing payload ID
5-05: 06:33:54:157:b8c processing payload ID
5-05: 06:33:54:157:b8c processing payload SA
5-05: 06:33:54:157:b8c Negotiated Proxy ID: Src 10.0.1.0.0 Dst 192.168.104.0.0
5-05: 06:33:54:157:b8c Src id for subnet.  Mask 255.255.255.0
5-05: 06:33:54:157:b8c Dst id for subnet.  Mask 255.255.255.0
5-05: 06:33:54:157:b8c Checking Proposal 1: Proto= ESP(3), num trans=1 Next=0
5-05: 06:33:54:157:b8c Checking Transform # 1: ID=Triple DES CBC(3)
5-05: 06:33:54:157:b8c  SA life type in seconds
5-05: 06:33:54:157:b8c  SA life duration 28800
5-05: 06:33:54:157:b8c  group description for PFS is 2
5-05: 06:33:54:157:b8c  tunnel mode is Tunnel Mode(1)
5-05: 06:33:54:157:b8c  HMAC algorithm is SHA(2)
5-05: 06:33:54:157:b8c Finding Responder Policy for SRC=10.0.1.0.0000 DST=192.168.104.0.0000, SRCMask=255.255.255.0, DSTMask=255.255.255.0, Prot=0 InTunnelEndpt 268a8c0 OutTunnelEndpt 25f94746
5-05: 06:33:54:157:b8c Failed to get TunnelPolicy 13015
5-05: 06:33:54:157:b8c Responder failed to match filter(Phase II) 13015
5-05: 06:33:54:157:b8c Data Protection Mode (Quick Mode)
5-05: 06:33:54:157:b8c Source IP Address 192.168.104.0  Source IP Address Mask 255.255.255.0  Destination IP Address 10.0.1.0  Destination IP Address Mask 255.255.255.0  Protocol 0  Source Port 0  Destination Port 0  IKE Local Addr 192.168.104.2  IKE Peer Addr 70.71.249.37  IKE Source Port 500  IKE Destination Port 500  Peer Private Addr
5-05: 06:33:54:157:b8c Preshared key ID.  Peer IP Address: 70.71.249.37
5-05: 06:33:54:157:b8c Me
5-05: 06:33:54:157:b8c No policy configured
5-05: 06:33:54:157:b8c Processed third (ID) payload  Responder.  Delta Time 0   0x0 0x0
5-05: 06:33:54:157:b8c isadb_set_status sa:040C46B0 centry:000EC7C8 status 3601
5-05: 06:33:54:157:b8c ProcessFailure: sa:040C46B0 centry:000EC7C8 status:3601
5-05: 06:33:54:157:b8c constructing ISAKMP Header
5-05: 06:33:54:157:b8c constructing HASH (null)
5-05: 06:33:54:157:b8c constructing NOTIFY 18
5-05: 06:33:54:157:b8c constructing HASH (Notify/Delete)
5-05: 06:33:54:157:b8c
5-05: 06:33:54:157:b8c Sending: SA = 0x040C46B0 to 70.71.249.37:Type 1.500
5-05: 06:33:54:157:b8c ISAKMP Header: (V1.0), len = 68
5-05: 06:33:54:157:b8c   I-COOKIE d2ec2ac31a813d53
5-05: 06:33:54:157:b8c   R-COOKIE 31429d86248841a7
5-05: 06:33:54:157:b8c   exchange: ISAKMP Informational Exchange
5-05: 06:33:54:157:b8c   flags: 1 ( encrypted )
5-05: 06:33:54:157:b8c   next payload: HASH
5-05: 06:33:54:157:b8c   message ID: 67f7d20a
5-05: 06:33:54:157:b8c Ports S:f401 D:f401
5-05: 06:33:59:47:b8c
5-05: 06:33:59:47:b8c Receive: (get) SA = 0x040c46b0 from 70.71.249.37.500
5-05: 06:33:59:47:b8c ISAKMP Header: (V1.0), len = 300
5-05: 06:33:59:47:b8c   I-COOKIE d2ec2ac31a813d53
5-05: 06:33:59:47:b8c   R-COOKIE 31429d86248841a7
5-05: 06:33:59:47:b8c   exchange: Oakley Quick Mode
5-05: 06:33:59:47:b8c   flags: 1 ( encrypted )
5-05: 06:33:59:47:b8c   next payload: HASH
5-05: 06:33:59:47:b8c   message ID: b9f637fc
5-05: 06:33:59:47:b8c Dropping Centry processing because SA status set.  SA 040C46B0 Centry 000EC7C8 Status 3601
5-05: 06:34:03:532:b8c CE Dead. sa:040C46B0 ce:000EC7C8 status:35f0
5-05: 06:34:05:422:27c retransmit: sa = 040C46B0 centry 000ECA38 , count = 5
5-05: 06:34:05:422:27c
5-05: 06:34:05:422:27c Sending: SA = 0x040C46B0 to 70.71.249.37:Type 2.500
5-05: 06:34:05:422:27c ISAKMP Header: (V1.0), len = 292
5-05: 06:34:05:422:27c   I-COOKIE d2ec2ac31a813d53
5-05: 06:34:05:422:27c   R-COOKIE 31429d86248841a7
5-05: 06:34:05:422:27c   exchange: Oakley Quick Mode
5-05: 06:34:05:422:27c   flags: 1 ( encrypted )
5-05: 06:34:05:422:27c   next payload: HASH
5-05: 06:34:05:422:27c   message ID: 6c88a847
5-05: 06:34:05:422:27c Ports S:f401 D:f401
5-05: 06:34:08:94:b8c
5-05: 06:34:08:94:b8c Receive: (get) SA = 0x040c46b0 from 70.71.249.37.500
5-05: 06:34:08:94:b8c ISAKMP Header: (V1.0), len = 300
5-05: 06:34:08:94:b8c   I-COOKIE d2ec2ac31a813d53
5-05: 06:34:08:94:b8c   R-COOKIE 31429d86248841a7
5-05: 06:34:08:94:b8c   exchange: Oakley Quick Mode
5-05: 06:34:08:94:b8c   flags: 1 ( encrypted )
5-05: 06:34:08:94:b8c   next payload: HASH
5-05: 06:34:08:94:b8c   message ID: b9f637fc
5-05: 06:34:08:94:b8c unable to create connection entry 35ec
5-05: 06:34:08:94:b8c GetCentry failed 35ec
5-05: 06:34:08:94:b8c ProcessFailure: sa:040C46B0 centry:0124FCA0 status:35ec
5-05: 06:34:08:94:b8c Not creating notify.
5-05: 06:34:25:141:b8c
5-05: 06:34:25:141:b8c Receive: (get) SA = 0x040c46b0 from 70.71.249.37.500
5-05: 06:34:25:141:b8c ISAKMP Header: (V1.0), len = 300
5-05: 06:34:25:141:b8c   I-COOKIE d2ec2ac31a813d53
5-05: 06:34:25:141:b8c   R-COOKIE 31429d86248841a7
5-05: 06:34:25:141:b8c   exchange: Oakley Quick Mode
5-05: 06:34:25:141:b8c   flags: 1 ( encrypted )
5-05: 06:34:25:141:b8c   next payload: HASH
5-05: 06:34:25:141:b8c   message ID: b9f637fc
5-05: 06:34:25:141:b8c unable to create connection entry 35ec
5-05: 06:34:25:141:b8c GetCentry failed 35ec
5-05: 06:34:25:141:b8c ProcessFailure: sa:040C46B0 centry:0124FCA0 status:35ec
5-05: 06:34:25:141:b8c Not creating notify.
5-05: 06:34:37:422:27c retransmit exhausted: sa = 040C46B0 centry 000ECA38, count = 6
5-05: 06:34:37:422:27c SA Dead. sa:040C46B0 status:35f0
5-05: 06:34:37:422:27c CE Dead. sa:040C46B0 ce:000ECA38 status:35f0
5-05: 06:34:37:422:27c Data Protection Mode (Quick Mode)
5-05: 06:34:37:422:27c Source IP Address 192.168.104.2  Source IP Address Mask 255.255.255.255  Destination IP Address 10.0.1.0  Destination IP Address Mask 255.255.255.0  Protocol 0  Source Port 0  Destination Port 0  IKE Local Addr 192.168.104.2  IKE Peer Addr 70.71.249.37  IKE Source Port 500  IKE Destination Port 500  Peer Private Addr
5-05: 06:34:37:422:27c Preshared key ID.  Peer IP Address: 70.71.249.37
5-05: 06:34:37:422:27c Me
5-05: 06:34:37:422:27c IKE SA deleted before establishment completed
5-05: 06:34:37:422:27c Processed third (ID) payload  Initiator.  Delta Time 63   0x0 0x0
5-05: 06:34:37:422:27c isadb_set_status sa:040C46B0 centry:000ECA38 status 35f0
5-05: 06:34:37:422:27c Re-initiating SA SRC=268a8c0 DST=1000a
5-05: 06:34:37:422:27c Internal Acquire: op=0000000E src=192.168.104.2.0 dst=10.0.1.0.0 proto = 0, SrcMask=255.255.255.255, DstMask=255.255.255.0, Tunnel 1, TunnelEndpt=70.71.249.37 Inbound TunnelEndpt=192.168.104.2, InitiateEvent=00000000, IKE SrcPort=500 IKE DstPort=500
5-05: 06:34:37:422:27c constructing ISAKMP Header
5-05: 06:34:37:422:27c constructing HASH (null)
5-05: 06:34:37:422:27c constructing DELETE. MM 040C46B0
5-05: 06:34:37:422:27c constructing HASH (Notify/Delete)
5-05: 06:34:37:422:27c Not setting retransmit to downlevel client. SA 040C46B0 Centry 00000000
5-05: 06:34:37:422:27c
5-05: 06:34:37:422:27c Sending: SA = 0x040C46B0 to 70.71.249.37:Type 1.500
5-05: 06:34:37:422:27c ISAKMP Header: (V1.0), len = 84
5-05: 06:34:37:422:27c   I-COOKIE d2ec2ac31a813d53
5-05: 06:34:37:422:27c   R-COOKIE 31429d86248841a7
5-05: 06:34:37:422:27c   exchange: ISAKMP Informational Exchange
5-05: 06:34:37:422:27c   flags: 1 ( encrypted )
5-05: 06:34:37:422:27c   next payload: HASH
5-05: 06:34:37:422:27c   message ID: 7ad0eddf
5-05: 06:34:37:422:27c Ports S:f401 D:f401
5-05: 06:34:37:422:27c SA Dead. sa:0304FC80 status:35f0
5-05: 06:34:37:422:27c isadb_set_status sa:0304FC80 centry:00000000 status 35f0
5-05: 06:34:37:422:27c constructing ISAKMP Header
5-05: 06:34:37:422:27c constructing HASH (null)
5-05: 06:34:37:422:27c constructing DELETE. MM 0304FC80
5-05: 06:34:37:422:27c constructing HASH (Notify/Delete)
5-05: 06:34:37:422:27c Not setting retransmit to downlevel client. SA 0304FC80 Centry 00000000
5-05: 06:34:37:422:27c
5-05: 06:34:37:422:27c Sending: SA = 0x0304FC80 to 70.71.249.37:Type 1.500
5-05: 06:34:37:422:27c ISAKMP Header: (V1.0), len = 84
5-05: 06:34:37:422:27c   I-COOKIE e89d9a2e991242e8
5-05: 06:34:37:422:27c   R-COOKIE 3dbd483c0ce84bb6
5-05: 06:34:37:422:27c   exchange: ISAKMP Informational Exchange
5-05: 06:34:37:422:27c   flags: 1 ( encrypted )
5-05: 06:34:37:422:27c   next payload: HASH
5-05: 06:34:37:422:27c   message ID: 4bae27ca
5-05: 06:34:37:422:27c Ports S:f401 D:f401
5-05: 06:34:37:422:27c SA Dead. sa:0304F918 status:35f0
5-05: 06:34:37:422:27c isadb_set_status sa:0304F918 centry:00000000 status 35f0
5-05: 06:34:37:422:27c constructing ISAKMP Header
5-05: 06:34:37:422:27c constructing HASH (null)
5-05: 06:34:37:422:27c constructing DELETE. MM 0304F918
5-05: 06:34:37:422:27c constructing HASH (Notify/Delete)
5-05: 06:34:37:422:27c Not setting retransmit to downlevel client. SA 0304F918 Centry 00000000
5-05: 06:34:37:422:27c
5-05: 06:34:37:422:27c Sending: SA = 0x0304F918 to 70.71.249.37:Type 1.500
5-05: 06:34:37:422:27c ISAKMP Header: (V1.0), len = 84
5-05: 06:34:37:422:27c   I-COOKIE ec9ae0e59b7bd105
5-05: 06:34:37:422:27c   R-COOKIE 3784864df834ac9c
5-05: 06:34:37:422:27c   exchange: ISAKMP Informational Exchange
5-05: 06:34:37:422:27c   flags: 1 ( encrypted )
5-05: 06:34:37:422:27c   next payload: HASH
5-05: 06:34:37:422:27c   message ID: 3a81db0b
5-05: 06:34:37:422:27c Ports S:f401 D:f401
5-05: 06:34:37:422:27c SA Dead. sa:0304F248 status:35f0
5-05: 06:34:37:422:27c isadb_set_status sa:0304F248 centry:00000000 status 35f0
5-05: 06:34:37:422:27c constructing ISAKMP Header
5-05: 06:34:37:422:27c constructing HASH (null)
5-05: 06:34:37:422:27c constructing DELETE. MM 0304F248
5-05: 06:34:37:422:27c constructing HASH (Notify/Delete)
5-05: 06:34:37:422:27c Not setting retransmit to downlevel client. SA 0304F248 Centry 00000000
5-05: 06:34:37:422:27c
5-05: 06:34:37:422:27c Sending: SA = 0x0304F248 to 70.71.249.37:Type 1.500
5-05: 06:34:37:422:27c ISAKMP Header: (V1.0), len = 84
5-05: 06:34:37:422:27c   I-COOKIE 81520543693d912a
5-05: 06:34:37:422:27c   R-COOKIE c710b4606340d1aa
5-05: 06:34:37:422:27c   exchange: ISAKMP Informational Exchange
5-05: 06:34:37:422:27c   flags: 1 ( encrypted )
5-05: 06:34:37:422:27c   next payload: HASH
5-05: 06:34:37:422:27c   message ID: eb8c5add
5-05: 06:34:37:422:27c Ports S:f401 D:f401
5-05: 06:34:37:422:27c SA Dead. sa:0304F5B0 status:35f0
5-05: 06:34:37:422:27c isadb_set_status sa:0304F5B0 centry:00000000 status 35f0
5-05: 06:34:37:422:27c constructing ISAKMP Header
5-05: 06:34:37:422:27c constructing HASH (null)
5-05: 06:34:37:422:27c constructing DELETE. MM 0304F5B0
5-05: 06:34:37:422:27c constructing HASH (Notify/Delete)
5-05: 06:34:37:422:27c Not setting retransmit to downlevel client. SA 0304F5B0 Centry 00000000
5-05: 06:34:37:422:27c
5-05: 06:34:37:422:27c Sending: SA = 0x0304F5B0 to 70.71.249.37:Type 1.500
5-05: 06:34:37:422:27c ISAKMP Header: (V1.0), len = 84
5-05: 06:34:37:422:27c   I-COOKIE 50b0def5cc8ec754
5-05: 06:34:37:422:27c   R-COOKIE 3eeb718bcc48242c
5-05: 06:34:37:422:27c   exchange: ISAKMP Informational Exchange
5-05: 06:34:37:422:27c   flags: 1 ( encrypted )
5-05: 06:34:37:422:27c   next payload: HASH
5-05: 06:34:37:422:27c   message ID: 2191ea1e
5-05: 06:34:37:422:27c Ports S:f401 D:f401
5-05: 06:34:37:422:b8c Filter to match: Src 70.71.249.37 Dst 192.168.104.2
5-05: 06:34:37:422:b8c MM PolicyName: ISA Server bent MM Policy
5-05: 06:34:37:422:b8c MMPolicy dwFlags 0 SoftSAExpireTime 28800
5-05: 06:34:37:422:b8c MMOffer[0] LifetimeSec 28800 QMLimit 0 DHGroup 2
5-05: 06:34:37:422:b8c MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
5-05: 06:34:37:422:b8c Auth[0]:PresharedKey KeyLen 30
5-05: 06:34:37:422:b8c QM PolicyName: ISA Server bent QM Policy dwFlags 0
5-05: 06:34:37:422:b8c QMOffer[0] LifetimeKBytes 0 LifetimeSec 28800
5-05: 06:34:37:422:b8c QMOffer[0] dwFlags 0 dwPFSGroup 2
5-05: 06:34:37:422:b8c  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
5-05: 06:34:37:422:b8c Starting Negotiation: src = 192.168.104.2.0500, dst = 70.71.249.37.0500, proto = 00, context = 0000000E, ProxySrc = 192.168.104.2.0000, ProxyDst = 10.0.1.0.0000 SrcMask = 255.255.255.255 DstMask = 255.255.255.0
5-05: 06:34:37:422:b8c constructing ISAKMP Header
5-05: 06:34:37:422:b8c constructing SA (ISAKMP)
5-05: 06:34:37:422:b8c Constructing Vendor MS NT5 ISAKMPOAKLEY
5-05: 06:34:37:422:b8c Constructing Vendor FRAGMENTATION
5-05: 06:34:37:422:b8c Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
5-05: 06:34:37:422:b8c
5-05: 06:34:37:422:b8c Sending: SA = 0x040C4A18 to 70.71.249.37:Type 2.500
5-05: 06:34:37:422:b8c ISAKMP Header: (V1.0), len = 148
5-05: 06:34:37:422:b8c   I-COOKIE 7a82ef9c6e6d4783
5-05: 06:34:37:422:b8c   R-COOKIE 0000000000000000
5-05: 06:34:37:422:b8c   exchange: Oakley Main Mode
5-05: 06:34:37:422:b8c   flags: 0
5-05: 06:34:37:422:b8c   next payload: SA
5-05: 06:34:37:422:b8c   message ID: 00000000
5-05: 06:34:37:422:b8c Ports S:f401 D:f401
5-05: 06:34:37:438:b8c
5-05: 06:34:37:438:b8c Receive: (get) SA = 0x0304fc80 from 70.71.249.37.500
5-05: 06:34:37:438:b8c ISAKMP Header: (V1.0), len = 168
5-05: 06:34:37:438:b8c   I-COOKIE e89d9a2e991242e8
5-05: 06:34:37:438:b8c   R-COOKIE 3dbd483c0ce84bb6
5-05: 06:34:37:438:b8c   exchange: ISAKMP Informational Exchange
5-05: 06:34:37:438:b8c   flags: 0
5-05: 06:34:37:438:b8c   next payload: NOTIFY
5-05: 06:34:37:438:b8c   message ID: 1c4d7277
5-05: 06:34:37:438:b8c received an unencrypted packet when crypto active
5-05: 06:34:37:438:b8c GetPacket failed 35ec
5-05: 06:34:37:438:b8c
5-05: 06:34:37:438:b8c Receive: (get) SA = 0x0304f918 from 70.71.249.37.500
5-05: 06:34:37:438:b8c ISAKMP Header: (V1.0), len = 168
5-05: 06:34:37:438:b8c   I-COOKIE ec9ae0e59b7bd105
5-05: 06:34:37:438:b8c   R-COOKIE 3784864df834ac9c
5-05: 06:34:37:438:b8c   exchange: ISAKMP Informational Exchange
5-05: 06:34:37:438:b8c   flags: 0
5-05: 06:34:37:438:b8c   next payload: NOTIFY
5-05: 06:34:37:438:b8c   message ID: 49199d52
5-05: 06:34:37:438:b8c received an unencrypted packet when crypto active
5-05: 06:34:37:438:b8c GetPacket failed 35ec
5-05: 06:34:37:453:b8c
5-05: 06:34:37:453:b8c Receive: (get) SA = 0x0304f5b0 from 70.71.249.37.500
5-05: 06:34:37:453:b8c ISAKMP Header: (V1.0), len = 168
5-05: 06:34:37:453:b8c   I-COOKIE 50b0def5cc8ec754
5-05: 06:34:37:453:b8c   R-COOKIE 3eeb718bcc48242c
5-05: 06:34:37:453:b8c   exchange: ISAKMP Informational Exchange
5-05: 06:34:37:453:b8c   flags: 0
5-05: 06:34:37:453:b8c   next payload: NOTIFY
5-05: 06:34:37:453:b8c   message ID: 1eaadd00
5-05: 06:34:37:453:b8c received an unencrypted packet when crypto active
5-05: 06:34:37:453:b8c GetPacket failed 35ec
5-05: 06:34:37:453:b8c
5-05: 06:34:37:453:b8c Receive: (get) SA = 0x040c4a18 from 70.71.249.37.500
5-05: 06:34:37:453:b8c ISAKMP Header: (V1.0), len = 80
5-05: 06:34:37:453:b8c   I-COOKIE 7a82ef9c6e6d4783
5-05: 06:34:37:453:b8c   R-COOKIE 7f3d0c2b2d327641
5-05: 06:34:37:453:b8c   exchange: Oakley Main Mode
5-05: 06:34:37:453:b8c   flags: 0
5-05: 06:34:37:453:b8c   next payload: SA
5-05: 06:34:37:453:b8c   message ID: 00000000
5-05: 06:34:37:453:b8c processing payload SA
5-05: 06:34:37:453:b8c Received Phase 1 Transform 1
5-05: 06:34:37:453:b8c      Encryption Alg Triple DES CBC(5)
5-05: 06:34:37:453:b8c      Hash Alg SHA(2)
5-05: 06:34:37:453:b8c      Oakley Group 2
5-05: 06:34:37:453:b8c      Auth Method Preshared Key(1)
5-05: 06:34:37:453:b8c      Life type in Seconds
5-05: 06:34:37:453:b8c      Life duration of 28800
5-05: 06:34:37:453:b8c Phase 1 SA accepted: transform=1
5-05: 06:34:37:453:b8c SA - Oakley proposal accepted
5-05: 06:34:37:453:b8c ClearFragList
5-05: 06:34:37:453:b8c constructing ISAKMP Header
5-05: 06:34:37:485:b8c constructing KE
5-05: 06:34:37:485:b8c constructing NONCE (ISAKMP)
5-05: 06:34:37:485:b8c
5-05: 06:34:37:485:b8c Sending: SA = 0x040C4A18 to 70.71.249.37:Type 2.500
5-05: 06:34:37:485:b8c ISAKMP Header: (V1.0), len = 184
5-05: 06:34:37:485:b8c   I-COOKIE 7a82ef9c6e6d4783
5-05: 06:34:37:485:b8c   R-COOKIE 7f3d0c2b2d327641
5-05: 06:34:37:485:b8c   exchange: Oakley Main Mode
5-05: 06:34:37:485:b8c   flags: 0
5-05: 06:34:37:485:b8c   next payload: KE
5-05: 06:34:37:485:b8c   message ID: 00000000
5-05: 06:34:37:485:b8c Ports S:f401 D:f401
5-05: 06:34:37:485:b8c
5-05: 06:34:37:485:b8c Receive: (get) SA = 0x0304f248 from 70.71.249.37.500
5-05: 06:34:37:485:b8c ISAKMP Header: (V1.0), len = 168
5-05: 06:34:37:485:b8c   I-COOKIE 81520543693d912a
5-05: 06:34:37:485:b8c   R-COOKIE c710b4606340d1aa
5-05: 06:34:37:485:b8c   exchange: ISAKMP Informational Exchange
5-05: 06:34:37:485:b8c   flags: 0
5-05: 06:34:37:485:b8c   next payload: NOTIFY
5-05: 06:34:37:485:b8c   message ID: 5b935008
5-05: 06:34:37:485:b8c received an unencrypted packet when crypto active
5-05: 06:34:37:485:b8c GetPacket failed 35ec
5-05: 06:34:37:688:6fc
5-05: 06:34:37:688:6fc Receive: (get) SA = 0x040c4a18 from 70.71.249.37.500
5-05: 06:34:37:688:6fc ISAKMP Header: (V1.0), len = 220
5-05: 06:34:37:688:6fc   I-COOKIE 7a82ef9c6e6d4783
5-05: 06:34:37:688:6fc   R-COOKIE 7f3d0c2b2d327641
5-05: 06:34:37:688:6fc   exchange: Oakley Main Mode
5-05: 06:34:37:688:6fc   flags: 0
5-05: 06:34:37:688:6fc   next payload: KE
5-05: 06:34:37:688:6fc   message ID: 00000000
5-05: 06:34:37:688:6fc processing payload KE
5-05: 06:34:37:703:6fc processing payload NONCE
5-05: 06:34:37:703:6fc processing payload VENDOR ID
5-05: 06:34:37:703:6fc processing payload VENDOR ID
5-05: 06:34:37:703:6fc processing payload VENDOR ID
5-05: 06:34:37:703:6fc ClearFragList
5-05: 06:34:37:703:6fc constructing ISAKMP Header
5-05: 06:34:37:703:6fc constructing ID
5-05: 06:34:37:703:6fc MM ID Type 1
5-05: 06:34:37:703:6fc MM ID c0a86802
5-05: 06:34:37:703:6fc constructing HASH
5-05: 06:34:37:703:6fc
5-05: 06:34:37:703:6fc Sending: SA = 0x040C4A18 to 70.71.249.37:Type 2.500
5-05: 06:34:37:703:6fc ISAKMP Header: (V1.0), len = 68
5-05: 06:34:37:703:6fc   I-COOKIE 7a82ef9c6e6d4783
5-05: 06:34:37:703:6fc   R-COOKIE 7f3d0c2b2d327641
5-05: 06:34:37:703:6fc   exchange: Oakley Main Mode
5-05: 06:34:37:703:6fc   flags: 1 ( encrypted )
5-05: 06:34:37:703:6fc   next payload: ID
5-05: 06:34:37:703:6fc   message ID: 00000000
5-05: 06:34:37:703:6fc Ports S:f401 D:f401
5-05: 06:34:37:719:6fc
5-05: 06:34:37:719:6fc Receive: (get) SA = 0x040c4a18 from 70.71.249.37.500
5-05: 06:34:37:719:6fc ISAKMP Header: (V1.0), len = 68
5-05: 06:34:37:719:6fc   I-COOKIE 7a82ef9c6e6d4783
5-05: 06:34:37:719:6fc   R-COOKIE 7f3d0c2b2d327641
5-05: 06:34:37:719:6fc   exchange: Oakley Main Mode
5-05: 06:34:37:719:6fc   flags: 1 ( encrypted )
5-05: 06:34:37:719:6fc   next payload: ID
5-05: 06:34:37:719:6fc   message ID: 00000000
5-05: 06:34:37:719:6fc processing payload ID
5-05: 06:34:37:719:6fc processing payload HASH
5-05: 06:34:37:719:6fc AUTH: Phase I authentication accepted
5-05: 06:34:37:719:6fc ClearFragList
5-05: 06:34:37:719:6fc MM established.  SA: 040C4A18
5-05: 06:34:37:719:6fc QM PolicyName: ISA Server bent QM Policy dwFlags 0
5-05: 06:34:37:719:6fc QMOffer[0] LifetimeKBytes 0 LifetimeSec 28800
5-05: 06:34:37:719:6fc QMOffer[0] dwFlags 0 dwPFSGroup 2
5-05: 06:34:37:719:6fc  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
5-05: 06:34:37:719:6fc GetSpi: src = 10.0.1.0.0000, dst = 192.168.104.2.0000, proto = 00, context = 0000000E, srcMask = 255.255.255.0, destMask = 255.255.255.255, TunnelFilter 1
5-05: 06:34:37:719:6fc Setting SPI  476581175
5-05: 06:34:37:719:6fc constructing ISAKMP Header
5-05: 06:34:37:719:6fc constructing HASH (null)
5-05: 06:34:37:719:6fc constructing SA (IPSEC)
5-05: 06:34:37:719:6fc constructing QM KE
5-05: 06:34:37:750:6fc constructing NONCE (IPSEC)
5-05: 06:34:37:750:6fc constructing ID (proxy)
5-05: 06:34:37:750:6fc constructing ID (proxy)
5-05: 06:34:37:750:6fc constructing HASH (QM)
5-05: 06:34:37:750:6fc
5-05: 06:34:37:750:6fc Sending: SA = 0x040C4A18 to 70.71.249.37:Type 2.500
5-05: 06:34:37:750:6fc ISAKMP Header: (V1.0), len = 292
5-05: 06:34:37:750:6fc   I-COOKIE 7a82ef9c6e6d4783
5-05: 06:34:37:750:6fc   R-COOKIE 7f3d0c2b2d327641
5-05: 06:34:37:750:6fc   exchange: Oakley Quick Mode
5-05: 06:34:37:750:6fc   flags: 1 ( encrypted )
5-05: 06:34:37:750:6fc   next payload: HASH
5-05: 06:34:37:750:6fc   message ID: d44d4746
5-05: 06:34:37:750:6fc Ports S:f401 D:f401
5-05: 06:34:37:969:6fc
5-05: 06:34:37:969:6fc Receive: (get) SA = 0x040c4a18 from 70.71.249.37.500
5-05: 06:34:37:969:6fc ISAKMP Header: (V1.0), len = 292
5-05: 06:34:37:969:6fc   I-COOKIE 7a82ef9c6e6d4783
5-05: 06:34:37:969:6fc   R-COOKIE 7f3d0c2b2d327641
5-05: 06:34:37:969:6fc   exchange: Oakley Quick Mode
5-05: 06:34:37:969:6fc   flags: 1 ( encrypted )
5-05: 06:34:37:969:6fc   next payload: HASH
5-05: 06:34:37:969:6fc   message ID: d44d4746
5-05: 06:34:37:969:6fc processing HASH (QM)
5-05: 06:34:37:969:6fc ClearFragList
5-05: 06:34:37:969:6fc processing payload NONCE
5-05: 06:34:37:969:6fc processing payload KE
5-05: 06:34:37:969:6fc Quick Mode KE processed; Saved KE data
5-05: 06:34:37:969:6fc processing payload ID
5-05: 06:34:37:969:6fc processing payload ID
5-05: 06:34:37:969:6fc processing payload SA
5-05: 06:34:37:969:6fc Negotiated Proxy ID: Src 192.168.104.2.0 Dst 10.0.1.0.0
5-05: 06:34:37:969:6fc Dst id for subnet.  Mask 255.255.255.0
5-05: 06:34:37:969:6fc Checking Proposal 1: Proto= ESP(3), num trans=1 Next=0
5-05: 06:34:37:969:6fc Checking Transform # 1: ID=Triple DES CBC(3)
5-05: 06:34:37:969:6fc  SA life type in seconds
5-05: 06:34:37:969:6fc  SA life duration 28800
5-05: 06:34:37:969:6fc  group description for PFS is 2
5-05: 06:34:37:969:6fc  tunnel mode is Tunnel Mode(1)
5-05: 06:34:37:969:6fc  HMAC algorithm is SHA(2)
5-05: 06:34:37:969:6fc Phase 2 SA accepted: proposal=1 transform=1
5-05: 06:34:37:969:6fc constructing ISAKMP Header
5-05: 06:34:37:969:6fc constructing HASH (QM)
5-05: 06:34:37:969:6fc Adding QMs: src = 192.168.104.2.0000, dst = 10.0.1.0.0000, proto = 00, context = 0000000E, my tunnel = 192.168.104.2, peer tunnel = 70.71.249.37, SrcMask = 0.0.0.0, DestMask = 255.255.255.0 Lifetime = 28800 LifetimeKBytes 100000 dwFlags 101 Direction 2 EncapType 1
5-05: 06:34:37:969:6fc  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
5-05: 06:34:37:969:6fc  Algo[0] MySpi: 476581175 PeerSpi: 3552572149
5-05: 06:34:37:969:6fc Encap Ports Src 500 Dst 500
5-05: 06:34:37:969:6fc Skipping Outbound SA add
5-05: 06:34:37:969:6fc Adding QMs: src = 192.168.104.2.0000, dst = 10.0.1.0.0000, proto = 00, context = 0000000E, my tunnel = 192.168.104.2, peer tunnel = 70.71.249.37, SrcMask = 0.0.0.0, DestMask = 255.255.255.0 Lifetime = 28800 LifetimeKBytes 100000 dwFlags 101 Direction 3 EncapType 1
5-05: 06:34:37:969:6fc  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
5-05: 06:34:37:969:6fc  Algo[0] MySpi: 476581175 PeerSpi: 3552572149
5-05: 06:34:37:969:6fc Encap Ports Src 500 Dst 500
5-05: 06:34:37:969:6fc Skipping Inbound SA add
5-05: 06:34:37:985:6fc isadb_set_status sa:040C4A18 centry:000EC558 status 0
5-05: 06:34:37:985:6fc
5-05: 06:34:37:985:6fc Sending: SA = 0x040C4A18 to 70.71.249.37:Type 4.500
5-05: 06:34:37:985:6fc ISAKMP Header: (V1.0), len = 52
5-05: 06:34:37:985:6fc   I-COOKIE 7a82ef9c6e6d4783
5-05: 06:34:37:985:6fc   R-COOKIE 7f3d0c2b2d327641
5-05: 06:34:37:985:6fc   exchange: Oakley Quick Mode
5-05: 06:34:37:985:6fc   flags: 1 ( encrypted )
5-05: 06:34:37:985:6fc   next payload: HASH
5-05: 06:34:37:985:6fc   message ID: d44d4746
5-05: 06:34:37:985:6fc Ports S:f401 D:f401
5-05: 06:34:48:532:6fc ClearFragList
5-05: 06:34:48:532:6fc ClearFragList
5-05: 06:34:48:532:6fc ClearFragList
5-05: 06:34:48:532:6fc ClearFragList
5-05: 06:35:38:0:14f4 CE Dead. sa:040C4A18 ce:000EC558 status:35ef

(in reply to murpy)
Post #: 2
RE: VPN IPSEC (Sonicwall to ISA server) with edge route... - 5.May2006 3:56:40 PM   
murpy

 

Posts: 43
Joined: 4.Mar.2006
Status: offline
Sonicwall Logfile


0006-B121-6E6A Log (part 1) dumped to email at 2006-05-05 06:34:43
10/01/2004 07:00:00.176 - SonicWALL initializing - -
10/01/2004 07:00:03.784 - Sending DHCP REQUEST (Rebooting). - 0.0.0.0, 68 - 255.255.255.255, 67 - 70.71.249.37
10/01/2004 07:00:04.800 - SonicWALL activated - -
10/01/2004 07:00:05.624 - DHCP Client got ACK from server. - 70.71.224.1, 67 - 70.71.249.37, 68 - 70.71.249.37
10/01/2004 07:00:05.912 - ARP timeout - 0.0.0.0 - 70.71.248.1 -
10/01/2004 07:00:07.032 - RECEIVED<<< ISAKMP OAK INFO (InitCookie 0x50b0def5cc8ec754, MsgID: 0x6C612E63) (HASH) - 70.71.207.53, 500 - 70.71.249.37, 500 -
10/01/2004 07:00:07.032 - SENDING>>>> ISAKMP OAK INFO (InitCookie 0x50b0def5cc8ec754, MsgID: 0x11A4A34E) (NOTIFY:INVALID_COOKIE) - 70.71.249.37 - 70.71.207.53, 500 -
10/01/2004 07:00:22.432 - Broadcast packet dropped - 70.71.224.1, 67, WAN - 255.255.255.255, 68, LAN - Protocol:68
10/01/2004 07:00:22.448 - Interface LAN Link Is Up - -
10/01/2004 07:00:22.448 - Interface WAN Link Is Up - -
10/01/2004 07:00:26.000 - Malformed or unhandled IP packet dropped - 10.0.1.17, 0, LAN - 224.0.0.22 - IP Protocol 2
10/01/2004 07:00:26.064 - IKE Initiator: Start Main Mode negotiation (Phase 1) - 70.71.249.37, 500 - 70.71.207.53, 500 -
10/01/2004 07:00:26.064 - SENDING>>>> ISAKMP OAK MM (InitCookie 0xe89d9a2e991242e8, MsgID: 0x0) (SA) - 70.71.249.37, 500 - 70.71.207.53, 500 -
10/01/2004 07:00:26.080 - RECEIVED<<< ISAKMP OAK MM (InitCookie 0xe89d9a2e991242e8, MsgID: 0x0) (SA, VID, VID, VID) - 70.71.207.53, 500 - 70.71.249.37, 500 -
10/01/2004 07:00:26.176 - SENDING>>>> ISAKMP OAK MM (InitCookie 0xe89d9a2e991242e8, MsgID: 0x0) (KE, NON, VID, VID, VID) - 70.71.249.37, 500 - 70.71.207.53, 500 -
10/01/2004 07:00:26.224 - RECEIVED<<< ISAKMP OAK MM (InitCookie 0xe89d9a2e991242e8, MsgID: 0x0) (KE, NON) - 70.71.207.53, 500 - 70.71.249.37, 500 -
10/01/2004 07:00:26.320 - SENDING>>>> ISAKMP OAK MM (InitCookie 0xe89d9a2e991242e8, MsgID: 0x0) *(ID, HASH, NOTIFY:INITIAL_CONTACT) - 70.71.249.37, 500 - 70.71.207.53, 500 -
10/01/2004 07:00:26.336 - RECEIVED<<< ISAKMP OAK MM (InitCookie 0xe89d9a2e991242e8, MsgID: 0x0) *(ID, HASH) - 70.71.207.53, 500 - 70.71.249.37, 500 -
10/01/2004 07:00:26.336 - IKE Initiator: Main Mode complete (Phase 1) - 70.71.249.37, 500 - 70.71.207.53, 500 - 3DES SHA1 Group 2 lifeSeconds=28800
10/01/2004 07:00:26.336 - IKE Initiator: Start Quick Mode (Phase 2). - 70.71.249.37, 500 - 70.71.207.53, 500 -
10/01/2004 07:00:26.432 - SENDING>>>> ISAKMP OAK QM (InitCookie 0xe89d9a2e991242e8, MsgID: 0xC28A0249) *(HASH, SA, NON, KE, ID, ID) - 70.71.249.37, 500 - 70.71.207.53, 500 -
10/01/2004 07:00:26.496 - Loading IPSec SA (Message ID = 0xc28a0249, Local SPI = 0x674f21de, Remote SPI = 0) - -
10/01/2004 07:00:26.496 - RECEIVED<<< ISAKMP OAK QM (InitCookie 0xe89d9a2e991242e8, MsgID: 0xC28A0249) *(HASH, SA, KE, NON, ID, ID) - 70.71.207.53, 500 - 70.71.249.37, 500 -
10/01/2004 07:00:26.592 - IKE Initiator: Accepting IPSec proposal (Phase 2) - 70.71.249.37 - 70.71.207.53 - 10.0.1.0/24 -> 10.0.0.0/24
10/01/2004 07:00:26.592 - IKE negotiation complete. Adding IPSec SA. (Phase 2) - 70.71.249.37 - 70.71.207.53 - ESP:3DES, HMAC_SHA1, Group 2 lifeSeconds=28800 Local SPI:0x674f21de Remote SPI:0x1fa9465e
10/01/2004 07:00:26.592 - SENDING>>>> ISAKMP OAK QM (InitCookie 0xe89d9a2e991242e8, MsgID: 0xC28A0249) *(HASH) - 70.71.249.37, 500 - 70.71.207.53, 500 -
10/01/2004 07:00:26.608 - Loading IPSec SA (Message ID = 0xc28a0249, Local SPI = 0x674f21de, Remote SPI = 0x1fa9465e) - -
10/01/2004 07:00:26.608 - RECEIVED<<< ISAKMP OAK QM (InitCookie 0xe89d9a2e991242e8, MsgID: 0xC28A0249) *(HASH, NOTIFY:CONNECTED) - 70.71.207.53, 500 - 70.71.249.37, 500 -
10/01/2004 07:00:26.608 - RECEIVED<<< ISAKMP OAK INFO (InitCookie 0xec9ae0e59b7bd105, MsgID: 0x319880E1) (HASH) - 70.71.207.53, 500 - 70.71.249.37, 500 -
10/01/2004 07:00:26.608 - SENDING>>>> ISAKMP OAK INFO (InitCookie 0xec9ae0e59b7bd105, MsgID: 0x5282856D) (NOTIFY:INVALID_COOKIE) - 70.71.249.37 - 70.71.207.53, 500 -
05/05/2006 06:26:23.240 - Broadcast packet dropped - 10.0.1.17, 0, LAN - 10.0.1.255, 46976, LAN - Protocol:138
05/05/2006 06:26:31.560 - IKE SA lifetime expired. - 70.71.249.37 - 70.71.207.53 -
05/05/2006 06:26:31.560 - IKE Initiator: Start Main Mode negotiation (Phase 1) - 70.71.249.37, 500 - 70.71.207.53, 500 -
05/05/2006 06:26:31.560 - SENDING>>>> ISAKMP OAK MM (InitCookie 0x931af113c07ff9af, MsgID: 0x0) (SA) - 70.71.249.37, 500 - 70.71.207.53, 500 -
05/05/2006 06:26:31.576 - RECEIVED<<< ISAKMP OAK MM (InitCookie 0x931af113c07ff9af, MsgID: 0x0) (SA, VID, VID, VID) - 70.71.207.53, 500 - 70.71.249.37, 500 -
05/05/2006 06:26:31.656 - SENDING>>>> ISAKMP OAK MM (InitCookie 0x931af113c07ff9af, MsgID: 0x0) (KE, NON, VID, VID, VID) - 70.71.249.37, 500 - 70.71.207.53, 500 -
05/05/2006 06:26:31.720 - RECEIVED<<< ISAKMP OAK MM (InitCookie 0x931af113c07ff9af, MsgID: 0x0) (KE, NON) - 70.71.207.53, 500 - 70.71.249.37, 500 -
05/05/2006 06:26:31.816 - SENDING>>>> ISAKMP OAK MM (InitCookie 0x931af113c07ff9af, MsgID: 0x0) *(ID, HASH) - 70.71.249.37, 500 - 70.71.207.53, 500 -
05/05/2006 06:26:31.832 - RECEIVED<<< ISAKMP OAK MM (InitCookie 0x931af113c07ff9af, MsgID: 0x0) *(ID, HASH) - 70.71.207.53, 500 - 70.71.249.37, 500 -
05/05/2006 06:26:31.832 - IKE Initiator: Main Mode complete (Phase 1) - 70.71.249.37, 500 - 70.71.207.53, 500 - 3DES SHA1 Group 2 lifeSeconds=28800
05/05/2006 06:26:32.704 - Received packet retransmission. Drop duplicate packet - 70.71.207.53, 500 - 70.71.207.53, 500 -
05/05/2006 06:26:34.704 - Received packet retransmission. Drop duplicate packet - 70.71.207.53, 500 - 70.71.207.53, 500 -
05/05/2006 06:26:38.672 - Received packet retransmission. Drop duplicate packet - 70.71.207.53, 500 - 70.71.207.53, 500 -
05/05/2006 06:26:43.448 - Web management request allowed - 10.0.1.17, 3265, LAN - 10.0.1.1, 80, LAN - TCP Web (HTTP)
05/05/2006 06:26:46.608 - Received packet retransmission. Drop duplicate packet - 70.71.207.53, 500 - 70.71.207.53, 500 -
05/05/2006 06:26:50.208 - Administrator login allowed - 10.0.1.17, 0, LAN (admin) - 10.0.1.1, 80, LAN - admin, TCP Web (HTTP)
05/05/2006 06:27:02.560 - Received packet retransmission. Drop duplicate packet - 70.71.207.53, 500 - 70.71.207.53, 500 -
05/05/2006 06:27:16.048 - UDP packet dropped - 57.61.61.63, 13364, WAN - 70.71.249.37, 1026, WAN - UDP Port: 1026
05/05/2006 06:27:24.288 - Broadcast packet dropped - 10.0.1.17, 0, LAN (admin) - 10.0.1.255, 46976, LAN - Protocol:138
05/05/2006 06:27:34.432 - RECEIVED<<< ISAKMP OAK INFO (InitCookie 0x931af113c07ff9af, MsgID: 0xF49FF1B7) *(HASH, DEL) - 70.71.207.53, 500 - 70.71.249.37, 500 -
05/05/2006 06:27:34.432 - Received IKE SA delete request - 70.71.207.53, 500 - 70.71.249.37, 500 -
05/05/2006 06:28:01.176 - TCP connection dropped - 70.71.192.252, 2496, WAN - 70.71.249.37, 445, WAN - TCP Port: 445
05/05/2006 06:28:24.304 - Broadcast packet dropped - 10.0.1.17, 0, LAN (admin) - 10.0.1.255, 46976, LAN - Protocol:138
05/05/2006 06:29:25.048 - Broadcast packet dropped - 70.71.224.1, 67, WAN - 255.255.255.255, 68, LAN - Protocol:68
05/05/2006 06:29:50.560 - IKE Initiator: Start Main Mode negotiation (Phase 1) - 70.71.249.37, 500 - 70.71.207.53, 500 -
05/05/2006 06:29:50.560 - SENDING>>>> ISAKMP OAK MM (InitCookie 0xd2ec2ac31a813d53, MsgID: 0x0) (SA) - 70.71.249.37, 500 - 70.71.207.53, 500 -
05/05/2006 06:29:50.576 - RECEIVED<<< ISAKMP OAK MM (InitCookie 0xd2ec2ac31a813d53, MsgID: 0x0) (SA, VID, VID, VID) - 70.71.207.53, 500 - 70.71.249.37, 500 -
05/05/2006 06:29:50.672 - SENDING>>>> ISAKMP OAK MM (InitCookie 0xd2ec2ac31a813d53, MsgID: 0x0) (KE, NON, VID, VID, VID) - 70.71.249.37, 500 - 70.71.207.53, 500 -
05/05/2006 06:29:50.720 - RECEIVED<<< ISAKMP OAK MM (InitCookie 0xd2ec2ac31a813d53, MsgID: 0x0) (KE, NON) - 70.71.207.53, 500 - 70.71.249.37, 500 -
05/05/2006 06:29:50.816 - SENDING>>>> ISAKMP OAK MM (InitCookie 0xd2ec2ac31a813d53, MsgID: 0x0) *(ID, HASH) - 70.71.249.37, 500 - 70.71.207.53, 500 -
05/05/2006 06:29:50.832 - RECEIVED<<< ISAKMP OAK MM (InitCookie 0xd2ec2ac31a813d53, MsgID: 0x0) *(ID, HASH) - 70.71.207.53, 500 - 70.71.249.37, 500 -
05/05/2006 06:29:50.832 - IKE Initiator: Main Mode complete (Phase 1) - 70.71.249.37, 500 - 70.71.207.53, 500 - 3DES SHA1 Group 2 lifeSeconds=28800
05/05/2006 06:29:50.832 - IKE Initiator: Start Quick Mode (Phase 2). - 70.71.249.37, 500 - 70.71.207.53, 500 -
05/05/2006 06:29:50.928 - SENDING>>>> ISAKMP OAK QM (InitCookie 0xd2ec2ac31a813d53, MsgID: 0x68B2BF6E) *(HASH, SA, NON, KE, ID, ID) - 70.71.249.37, 500 - 70.71.207.53, 500 -
05/05/2006 06:29:51.000 - RECEIVED<<< ISAKMP OAK INFO (InitCookie 0xd2ec2ac31a813d53, MsgID: 0x7775B781) *(HASH, NOTIFY:INVALID_ID_INFO) - 70.71.207.53, 500 - 70.71.249.37, 500 -
05/05/2006 06:29:51.000 - Received notify: INVALID_ID_INFO - 70.71.207.53 - 70.71.249.37 -
05/05/2006 06:29:55.560 - Loading IPSec SA (Message ID = 0x68b2bf6e, Local SPI = 0xf1910ba3, Remote SPI = 0) - -
05/05/2006 06:30:04.560 - Loading IPSec SA (Message ID = 0x68b2bf6e, Local SPI = 0xf1910ba3, Remote SPI = 0) - -
05/05/2006 06:30:20.368 - TCP connection dropped - 70.71.97.248, 1805, WAN - 70.71.249.37, 135, WAN - TCP Port: 135
05/05/2006 06:30:21.560 - Loading IPSec SA (Message ID = 0x68b2bf6e, Local SPI = 0xf1910ba3, Remote SPI = 0) - -
05/05/2006 06:30:48.752 - Broadcast packet dropped - 70.71.224.1, 67, WAN - 255.255.255.255, 68, LAN - Protocol:68
05/05/2006 06:30:55.560 - DNS packet allowed - 10.0.1.1, 1035, LAN - 64.59.144.16, 53, WAN - UDP Port: 53
05/05/2006 06:31:29.768 - TCP connection dropped - 70.71.192.252, 1639, WAN - 70.71.249.37, 445, WAN - TCP Port: 445
05/05/2006 06:31:52.240 - RECEIVED<<< ISAKMP OAK INFO (InitCookie 0xe89d9a2e991242e8, MsgID: 0x2663A4C8) (HASH) - 70.71.207.53, 500 - 70.71.249.37, 500 -
05/05/2006 06:31:52.240 - SENDING>>>> ISAKMP OAK INFO (InitCookie 0xe89d9a2e991242e8, MsgID: 0x4EC5D74E) (NOTIFY:INVALID_COOKIE) - 70.71.249.37 - 70.71.207.53, 500 -
05/05/2006 06:31:54.048 - Broadcast packet dropped - 70.71.224.1, 67, WAN - 255.255.255.255, 68, LAN - Protocol:68
05/05/2006 06:32:06.816 - IKE Responder: Received Quick Mode Request (Phase 2) - 70.71.207.53, 500 - 70.71.207.53, 500 -
05/05/2006 06:32:06.816 - RECEIVED<<< ISAKMP OAK QM (InitCookie 0xd2ec2ac31a813d53, MsgID: 0x6BB35CC1) *(HASH, SA, KE, NON, ID, ID) - 70.71.207.53, 500 - 70.71.249.37, 500 -
05/05/2006 06:32:07.064 - SENDING>>>> ISAKMP OAK QM (InitCookie 0xd2ec2ac31a813d53, MsgID: 0x6BB35CC1) *(HASH, SA, NON, KE, ID, ID) - 70.71.249.37, 500 - 70.71.207.53, 500 -
05/05/2006 06:32:07.096 - Loading IPSec SA (Message ID = 0x6bb35cc1, Local SPI = 0x763214ef, Remote SPI = 0x3371224b) - -
05/05/2006 06:32:07.096 - RECEIVED<<< ISAKMP OAK QM (InitCookie 0xd2ec2ac31a813d53, MsgID: 0x6BB35CC1) *(HASH) - 70.71.207.53, 500 - 70.71.249.37, 500 -
05/05/2006 06:32:07.096 - IKE Responder: Accepting IPSec proposal (Phase 2) - 70.71.207.53 - 70.71.249.37 - 10.0.0.0/24 -> 10.0.1.0/24
05/05/2006 06:32:07.096 - IKE negotiation complete. Adding IPSec SA. (Phase 2) - 70.71.249.37 - 70.71.207.53 - ESP:3DES, HMAC_SHA1, Group 2 lifeSeconds=28800 Local SPI:0x763214ef Remote SPI:0x3371224b
05/05/2006 06:32:29.864 - TCP connection dropped - 70.71.4.208, 1803, WAN - 70.71.249.37, 445, WAN - TCP Port: 445
05/05/2006 06:32:41.512 - Web management request allowed - 10.0.1.17, 3347, LAN (admin) - 10.0.1.1, 80, LAN - TCP Web (HTTP)
05/05/2006 06:32:57.080 - Broadcast packet dropped - 70.71.224.1, 67, WAN - 255.255.255.255, 68, LAN - Protocol:68
05/05/2006 06:33:31.208 - IKE Responder: Received Quick Mode Request (Phase 2) - 70.71.207.53, 500 - 70.71.207.53, 500 -
05/05/2006 06:33:31.224 - RECEIVED<<< ISAKMP OAK QM (InitCookie 0xd2ec2ac31a813d53, MsgID: 0x6C88A847) *(HASH, SA, KE, NON, ID, ID) - 70.71.207.53, 500 - 70.71.249.37, 500 -
05/05/2006 06:33:31.400 - IKE Responder: IPSec proposal does not match (Phase 2) - 70.71.207.53 - 70.71.249.37 - 192.168.104.2/32 -> 10.0.1.0/24
05/05/2006 06:33:31.400 - SENDING>>>> ISAKMP OAK INFO (InitCookie 0xd2ec2ac31a813d53, MsgID: 0x47E21700) *(HASH, NOTIFY:NO_PROPOSAL_CHOSEN) - 70.71.249.37, 500 - 70.71.207.53, 500 -
05/05/2006 06:33:32.064 - IKE Responder: Received Quick Mode Request (Phase 2) - 70.71.207.53, 500 - 70.71.207.53, 500 -
05/05/2006 06:33:32.064 - RECEIVED<<< ISAKMP OAK QM (InitCookie 0xd2ec2ac31a813d53, MsgID: 0x6C88A847) *(HASH, SA, KE, NON, ID, ID) - 70.71.207.53, 500 - 70.71.249.37, 500 -
05/05/2006 06:33:32.256 - IKE Responder: IPSec proposal does not match (Phase 2) - 70.71.207.53 - 70.71.249.37 - 192.168.104.2/32 -> 10.0.1.0/24
05/05/2006 06:33:32.256 - SENDING>>>> ISAKMP OAK INFO (InitCookie 0xd2ec2ac31a813d53, MsgID: 0x518E06B6) *(HASH, NOTIFY:NO_PROPOSAL_CHOSEN) - 70.71.249.37, 500 - 70.71.207.53, 500 -
05/05/2006 06:33:34.048 - Received packet retransmission. Drop duplicate packet - 70.71.207.53, 500 - 70.71.207.53, 500 -
05/05/2006 06:33:38.016 - Received packet retransmission. Drop duplicate packet - 70.71.207.53, 500 - 70.71.207.53, 500 -
05/05/2006 06:33:45.944 - Received packet retransmission. Drop duplicate packet - 70.71.207.53, 500 - 70.71.207.53, 500 -
05/05/2006 06:33:50.560 - IKE Initiator: Start Quick Mode (Phase 2). - 70.71.249.37, 500 - 70.71.207.53, 500 -
05/05/2006 06:33:50.656 - SENDING>>>> ISAKMP OAK QM (InitCookie 0xd2ec2ac31a813d53, MsgID: 0xB9F637FC) *(HASH, SA, NON, KE, ID, ID) - 70.71.249.37, 500 - 70.71.207.53, 500 -
05/05/2006 06:33:50.672 - RECEIVED<<< ISAKMP OAK INFO (InitCookie 0xd2ec2ac31a813d53, MsgID: 0x67F7D20A) *(HASH, NOTIFY:INVALID_ID_INFO) - 70.71.207.53, 500 - 70.71.249.37, 500 -
05/05/2006 06:33:50.672 - Received notify: INVALID_ID_INFO - 70.71.207.53 - 70.71.249.37 -
05/05/2006 06:33:55.560 - Loading IPSec SA (Message ID = 0xb9f637fc, Local SPI = 0x9b596914, Remote SPI = 0) - -
05/05/2006 06:34:01.416 - UDP packet dropped - 200.153.245.217, 1025, WAN - 70.71.249.37, 137, WAN - UDP Port: 137
05/05/2006 06:34:04.560 - Loading IPSec SA (Message ID = 0xb9f637fc, Local SPI = 0x9b596914, Remote SPI = 0) - -
05/05/2006 06:34:10.048 - Broadcast packet dropped - 70.71.224.1, 67, WAN - 255.255.255.255, 68, LAN - Protocol:68
05/05/2006 06:34:21.560 - Loading IPSec SA (Message ID = 0xb9f637fc, Local SPI = 0x9b596914, Remote SPI = 0) - -
05/05/2006 06:34:33.784 - RECEIVED<<< ISAKMP OAK INFO (InitCookie 0xd2ec2ac31a813d53, MsgID: 0x7AD0EDDF) *(HASH, DEL) - 70.71.207.53, 500 - 70.71.249.37, 500 -
05/05/2006 06:34:33.784 - Received IKE SA delete request - 70.71.207.53, 500 - 70.71.249.37, 500 -
05/05/2006 06:34:33.784 - RECEIVED<<< ISAKMP OAK INFO (InitCookie 0xe89d9a2e991242e8, MsgID: 0x4BAE27CA) (HASH) - 70.71.207.53, 500 - 70.71.249.37, 500 -
05/05/2006 06:34:33.784 - SENDING>>>> ISAKMP OAK INFO (InitCookie 0xe89d9a2e991242e8, MsgID: 0x1C4D7277) (NOTIFY:INVALID_COOKIE) - 70.71.249.37 - 70.71.207.53, 500 -
05/05/2006 06:34:33.800 - RECEIVED<<< ISAKMP OAK INFO (InitCookie 0xec9ae0e59b7bd105, MsgID: 0x3A81DB0B) (HASH) - 70.71.207.53, 500 - 70.71.249.37, 500 -
05/05/2006 06:34:33.800 - SENDING>>>> ISAKMP OAK INFO (InitCookie 0xec9ae0e59b7bd105, MsgID: 0x49199D52) (NOTIFY:INVALID_COOKIE) - 70.71.249.37 - 70.71.207.53, 500 -
05/05/2006 06:34:33.800 - RECEIVED<<< ISAKMP OAK INFO (InitCookie 0x50b0def5cc8ec754, MsgID: 0x2191EA1E) (HASH) - 70.71.207.53, 500 - 70.71.249.37, 500 -
05/05/2006 06:34:33.800 - SENDING>>>> ISAKMP OAK INFO (InitCookie 0x50b0def5cc8ec754, MsgID: 0x1EAADD00) (NOTIFY:INVALID_COOKIE) - 70.71.249.37 - 70.71.207.53, 500 -
05/05/2006 06:34:33.800 - RECEIVED<<< ISAKMP OAK INFO (InitCookie 0x81520543693d912a, MsgID: 0xEB8C5ADD) (HASH) - 70.71.207.53, 500 - 70.71.249.37, 500 -
05/05/2006 06:34:33.800 - SENDING>>>> ISAKMP OAK INFO (InitCookie 0x81520543693d912a, MsgID: 0x5B935008) (NOTIFY:INVALID_COOKIE) - 70.71.249.37 - 70.71.207.53, 500 -
05/05/2006 06:34:33.800 - RECEIVED<<< ISAKMP OAK MM (InitCookie 0x7a82ef9c6e6d4783, MsgID: 0x0) (SA, VID, VID, VID) - 70.71.207.53, 500 - 70.71.249.37, 500 -
05/05/2006 06:34:33.800 - IKE Responder: Received Main Mode request (Phase 1) - 70.71.207.53, 500 - 70.71.249.37, 500 -
05/05/2006 06:34:33.800 - SENDING>>>> ISAKMP OAK MM (InitCookie 0x7a82ef9c6e6d4783, MsgID: 0x0) (SA) - 70.71.249.37, 500 - 70.71.207.53, 500 -
05/05/2006 06:34:33.848 - RECEIVED<<< ISAKMP OAK MM (InitCookie 0x7a82ef9c6e6d4783, MsgID: 0x0) (KE, NON) - 70.71.207.53, 500 - 70.71.249.37, 500 -
05/05/2006 06:34:34.064 - SENDING>>>> ISAKMP OAK MM (InitCookie 0x7a82ef9c6e6d4783, MsgID: 0x0) (KE, NON, VID, VID, VID) - 70.71.249.37, 500 - 70.71.207.53, 500 -
05/05/2006 06:34:34.096 - RECEIVED<<< ISAKMP OAK MM (InitCookie 0x7a82ef9c6e6d4783, MsgID: 0x0) *(ID, HASH) - 70.71.207.53, 500 - 70.71.249.37, 500 -
05/05/2006 06:34:34.096 - IKE Responder: Main Mode complete (Phase 1) - 70.71.207.53, 500 - 70.71.249.37, 500 - 3DES SHA1 Group 2 lifeSeconds=28800
05/05/2006 06:34:34.096 - SENDING>>>> ISAKMP OAK MM (InitCookie 0x7a82ef9c6e6d4783, MsgID: 0x0) *(ID, HASH) - 70.71.249.37, 500 - 70.71.207.53, 500 -
05/05/2006 06:34:34.144 - IKE Responder: Received Quick Mode Request (Phase 2) - 70.71.207.53, 500 - 70.71.249.37, 500 -
05/05/2006 06:34:34.144 - RECEIVED<<< ISAKMP OAK QM (InitCookie 0x7a82ef9c6e6d4783, MsgID: 0xD44D4746) *(HASH, SA, KE, NON, ID, ID) - 70.71.207.53, 500 - 70.71.249.37, 500 -
05/05/2006 06:34:34.336 - SENDING>>>> ISAKMP OAK QM (InitCookie 0x7a82ef9c6e6d4783, MsgID: 0xD44D4746) *(HASH, SA, NON, KE, ID, ID) - 70.71.249.37, 500 - 70.71.207.53, 500 -
05/05/2006 06:34:34.368 - Loading IPSec SA (Message ID = 0xd44d4746, Local SPI = 0xd3bff2f5, Remote SPI = 0x1c680d37) - -
05/05/2006 06:34:34.368 - RECEIVED<<< ISAKMP OAK QM (InitCookie 0x7a82ef9c6e6d4783, MsgID: 0xD44D4746) *(HASH) - 70.71.207.53, 500 - 70.71.249.37, 500 -
05/05/2006 06:34:34.368 - IKE Responder: Accepting IPSec proposal (Phase 2) - 70.71.207.53 - 70.71.249.37 - 192.168.104.2/32 -> 10.0.1.0/24
05/05/2006 06:34:34.368 - IKE negotiation complete. Adding IPSec SA. (Phase 2) - 70.71.249.37 - 70.71.207.53 - ESP:3DES, HMAC_SHA1, Group 2 lifeSeconds=28800 Local SPI:0xd3bff2f5 Remote SPI:0x1c680d37
05/05/2006 06:34:41.208 - Web management request allowed - 10.0.1.17, 3465, LAN (admin) - 10.0.1.1, 80, LAN - TCP Web (HTTP)
This email was generated by: SonicOS Standard 3.1.0.15-95s (0006-B121-6E6A)


(in reply to murpy)
Post #: 3
RE: VPN IPSEC (Sonicwall to ISA server) with edge route... - 5.May2006 4:16:31 PM   
murpy

 

Posts: 43
Joined: 4.Mar.2006
Status: offline
Can anyone tell me why the hash is null?

What does this mean "Could not find the peer list entry "?

(in reply to murpy)
Post #: 4
RE: VPN IPSEC (Sonicwall to ISA server) with edge route... - 5.May2006 11:17:47 PM   
ClintD

 

Posts: 1848
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
I believe the HASH is taken over the entire payload and since negotiations aren't complete (there's no traffic being sent), the HASH can only be null. Don't quote me though.

I'm not sure about the "peer list entry".

If you're using Win2003 SP1, then it might be worth chacking out Stefaan's thread about a similar problem.

http://forums.isaserver.org/S2S_VPN%3a_why_is_a_new_QM_SA_negotiated_every_5_minutes_%3f/m_2002001812/tm.htm

There's a MSFT hotfix for this problem with the article number on the second page of the thread.

(in reply to murpy)
Post #: 5
RE: VPN IPSEC (Sonicwall to ISA server) with edge route... - 6.May2006 12:04:27 AM   
murpy

 

Posts: 43
Joined: 4.Mar.2006
Status: offline
UM...

again you are brilliant. 


How did you know about this?  You don't understand how much effort I have put into trying to find this out...   Can I buy you a beer, a coffee a new car perhaps?

Thanks Clint

(in reply to ClintD)
Post #: 6
RE: VPN IPSEC (Sonicwall to ISA server) with edge route... - 6.May2006 12:38:01 AM   
ClintD

 

Posts: 1848
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
Heh - I just watch, and try to remember, what other people write. :p

(in reply to murpy)
Post #: 7
RE: VPN IPSEC (Sonicwall to ISA server) with edge route... - 6.May2006 1:45:00 AM   
LLigetfa

 

Posts: 2187
Joined: 10.Aug.2004
From: fort frances.on.ca
Status: offline
quote:

ORIGINAL: ClintD
Heh - I just watch, and try to remember, what other people write. :p

Hey, that's what I do... only have problems with the remembering part. :( 

_____________________________

The School of Hard Knocks is a mean teacher. She gives the exam before the lesson.

(in reply to ClintD)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> VPN >> VPN IPSEC (Sonicwall to ISA server) with edge router does IS NOT Stable Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts