• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RE: Discussion for article on Site to Site ISA to DLink VPN

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> RE: Discussion for article on Site to Site ISA to DLink VPN Page: <<   < prev  1 2 [3]
Login
Message << Older Topic   Newer Topic >>
RE: Discussion for article on Site to Site ISA to DLink... - 14.May2007 4:55:20 AM   
justmee

 

Posts: 505
Joined: 14.May2007
Status: offline
Hi White,
quote:

ISA Server - LAN Interface (Internal IP 192.168.10.2)

This should be ISA's External interface, is this true ?
quote:

Primary HQ LAN = 192.168.0.0/24

since this is your Primary this should be ISA's default Internal network.
Is ISA the Calling Gateway or the Answering Gateway?
In other words who is initializing the l2tp/ipsec connection?
indeed your Dlinks 502T must support NAT-T.
are you using pre-shared keys/certificates with ms-chap/eap-tls(you've said about l2tp/ipsec so I have assumed that you are using it)?
what are ISA's logs saying?
are there any vpn sessions established?
for further monitoring use wireshark and capture the traffic on ISA's side to see how long IKE negotiation goes and also if the use of UDP port 4500 is done in order that NAT-T  be successful.
don't test from ISA itself. check from clients behind the VPN gateways.
Best regards!

< Message edited by justmee -- 14.May2007 5:24:43 AM >

(in reply to whitehjb)
Post #: 41
RE: Discussion for article on Site to Site ISA to DLink... - 16.Jan.2008 5:12:29 AM   
Domel

 

Posts: 7
Joined: 21.Jan.2007
Status: offline
I have configured my DI-804HV as described in article, but it's not working.
I don't understand what mean errors in device log (SDP Error and error = 77).
217.153.119.* is ISA server 2004
217.153.119.* is DI-804HV
D-Link log looks like that (Time in logs is wrong - clock was not set)...
WAN Type: Static IP Address (V1.44)
Display time: Friday November 24, 2006 00:57:09
Friday November 24, 2006 00:37:09 SPD Error : not found [192.168.168.0]<->[192.168.1.64] from peer IP address 217.153.150.*
Friday November 24, 2006 00:37:09 error = 77
Friday November 24, 2006 00:37:13 IKED re-TX : QINIT to 217.153.150.*
Friday November 24, 2006 00:37:13 Receive IKE Q1(QINIT) : [217.153.150.*]-->[217.153.119.*]
Friday November 24, 2006 00:37:13 SPD Error : not found [192.168.168.0]<->[192.168.1.64] from peer IP address 217.153.150.*
Friday November 24, 2006 00:37:13 error = 77
Friday November 24, 2006 00:37:14 Send IKE (INFO) : delete [192.168.1.1|217.153.119.*]-->[217.153.150.*|192.168.168.1] phase 2
Friday November 24, 2006 00:37:14 IKE phase2 (IPSec SA) remove : 192.168.1.1 <-> 192.168.168.1
Friday November 24, 2006 00:37:14 inbound SPI = 0x39000010, outbound SPI = 0x0
Friday November 24, 2006 00:37:14 Send IKE Q1(QINIT) : 192.168.1.1 --> 192.168.168.1
Friday November 24, 2006 00:37:14 Receive IKE INFO : 217.153.150.* --> 217.153.119.*
Friday November 24, 2006 00:37:19 IKED re-TX : QINIT to 217.153.150.*
Friday November 24, 2006 00:37:21 Receive IKE Q1(QINIT) : [217.153.150.*]-->[217.153.119.*]
Friday November 24, 2006 00:37:21 SPD Error : not found [192.168.168.0]<->[192.168.1.64] from peer IP address 217.153.150.*
Friday November 24, 2006 00:37:21 error = 77
Friday November 24, 2006 00:37:24 IKED re-TX : QINIT to 217.153.150.*
Friday November 24, 2006 00:37:34 IKED re-TX : QINIT to 217.153.150.*
Friday November 24, 2006 00:37:37 Receive IKE Q1(QINIT) : [217.153.150.*]-->[217.153.119.*]















< Message edited by Domel -- 16.Jan.2008 5:14:26 AM >


_____________________________

In skating over thin ice, our safety is in our speed.

(in reply to justmee)
Post #: 42
RE: Discussion for article on Site to Site ISA to DLink... - 16.Jan.2008 5:37:10 AM   
Domel

 

Posts: 7
Joined: 21.Jan.2007
Status: offline
Here are few other errors
Tuesday January 16, 2007 11:11:50 inbound SPI = 0x74000010, outbound SPI = 0x0
Tuesday January 16, 2007 11:11:50 Send IKE Q1(QINIT) : 192.168.1.0 --> 192.168.168.0
Tuesday January 16, 2007 11:11:50 Receive IKE INFO : 217.153.150.* --> 217.153.119.*
Tuesday January 16, 2007 11:11:55 IKED re-TX : QINIT to 217.153.150.*
Tuesday January 16, 2007 11:12:00 IKED re-TX : QINIT to 217.153.150.*
Tuesday January 16, 2007 11:12:10 IKED re-TX : QINIT to 217.153.150.*
Tuesday January 16, 2007 11:12:20 IKED re-TX : QINIT to 217.153.150.*
Tuesday January 16, 2007 11:12:40 IKED re-TX : QINIT to 217.153.150.*
Tuesday January 16, 2007 11:12:41 Send IKE (INFO) : delete [192.168.1.0|217.153.119.*]-->[217.153.150.*|192.168.168.0] phase 2
Tuesday January 16, 2007 11:12:41 IKE phase2 (IPSec SA) remove : 192.168.1.0 <-> 192.168.168.0
Tuesday January 16, 2007 11:12:41 inbound SPI = 0x76000010, outbound SPI = 0x0
Tuesday January 16, 2007 11:12:41 Send IKE Q1(QINIT) : 192.168.1.0 --> 192.168.168.0
Tuesday January 16, 2007 11:12:41 Receive IKE INFO : 217.153.150.* --> 217.153.119.*
Tuesday January 16, 2007 11:12:46 IKED re-TX : QINIT to 217.153.150.*
Tuesday January 16, 2007 11:12:51 IKED re-TX : QINIT to 217.153.150.*
Tuesday January 16, 2007 11:13:01 IKED re-TX : QINIT to 217.153.150.*
Tuesday January 16, 2007 11:13:11 IKED re-TX : QINIT to 217.153.150.*
Tuesday January 16, 2007 11:13:31 IKED re-TX : QINIT to 217.153.150.*
Tuesday January 16, 2007 11:13:32 Send IKE (INFO) : delete [192.168.1.0|217.153.119.*]-->[217.153.150.*|192.168.168.0] phase 2
Tuesday January 16, 2007 11:13:32 IKE phase2 (IPSec SA) remove : 192.168.1.0 <-> 192.168.168.0













_____________________________

In skating over thin ice, our safety is in our speed.

(in reply to Domel)
Post #: 43
RE: Discussion for article on Site to Site ISA to DLink... - 16.Jan.2008 7:50:50 AM   
justmee

 

Posts: 505
Joined: 14.May2007
Status: offline
Hi Dominik,
I think it would be more useful to post the Oakley.log from ISA.
Not sure what those errors mean.
Regards!

(in reply to Domel)
Post #: 44
RE: Discussion for article on Site to Site ISA to DLink... - 16.Jan.2008 9:26:21 AM   
Domel

 

Posts: 7
Joined: 21.Jan.2007
Status: offline
oakley.log:
1-16: 15:22:26:972:bf8 Retransmit failed to find SA
1-16: 15:22:27:66:1d6c SA Dead. sa:0799B6B8 status:35f0
1-16: 15:22:27:66:1d6c isadb_set_status sa:0799B6B8 centry:00000000 status 35f0
1-16: 15:22:27:66:1d6c Key Exchange Mode (Main Mode)
1-16: 15:22:27:66:1d6c Source IP Address 217.153.150.*  Source IP Address Mask 255.255.255.255  Destination IP Address 217.153.119.*  Destination IP Address Mask 255.255.255.255  Protocol 0  Source Port 0  Destination Port 0  IKE Local Addr 217.153.150.*  IKE Peer Addr 217.153.119.*  IKE Source Port 500  IKE Destination Port 500  Peer Private Addr
1-16: 15:22:27:66:1d6c
1-16: 15:22:27:66:1d6c Me
1-16: 15:22:27:66:1d6c IKE SA deleted before establishment completed
1-16: 15:22:27:66:1d6c Sent first (SA) payload  Initiator.  Delta Time 70   0x0 0x0
1-16: 15:22:27:66:1d6c constructing ISAKMP Header
1-16: 15:22:27:66:1d6c constructing DELETE. MM 0799B6B8
1-16: 15:22:27:66:1d6c
1-16: 15:22:27:66:1d6c Sending: SA = 0x0799B6B8 to 217.153.119.*:Type 1.500
1-16: 15:22:27:66:1d6c ISAKMP Header: (V1.0), len = 56
1-16: 15:22:27:66:1d6c   I-COOKIE a3a5ae59c0e81671
1-16: 15:22:27:66:1d6c   R-COOKIE 0402bb67e1df658d
1-16: 15:22:27:66:1d6c   exchange: ISAKMP Informational Exchange
1-16: 15:22:27:66:1d6c   flags: 0
1-16: 15:22:27:66:1d6c   next payload: DELETE
1-16: 15:22:27:66:1d6c   message ID: fffc2738
1-16: 15:22:27:66:1d6c Ports S:f401 D:f401
1-16: 15:22:27:66:1d6c ClearFragList
1-16: 15:23:01:160:bf0 Acquire from driver: op=0000008E src=192.168.168.49.0 dst=192.168.1.100.0 proto = 0, SrcMask=255.255.255.0, DstMask=255.255.255.192, Tunnel 1, TunnelEndpt=217.153.119.* Inbound TunnelEndpt=217.153.150.*
1-16: 15:23:01:160:1d6c Filter to match: Src 217.153.119.* Dst 217.153.150.*
1-16: 15:23:01:160:1d6c MM PolicyName: ISA Server Gliwice MM Policy
1-16: 15:23:01:160:1d6c MMPolicy dwFlags 0 SoftSAExpireTime 28800
1-16: 15:23:01:160:1d6c MMOffer[0] LifetimeSec 28800 QMLimit 0 DHGroup 2
1-16: 15:23:01:160:1d6c MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
1-16: 15:23:01:160:1d6c Auth[0]:PresharedKey KeyLen 18
1-16: 15:23:01:160:1d6c QM PolicyName: ISA Server Gliwice QM Policy dwFlags 0
1-16: 15:23:01:160:1d6c QMOffer[0] LifetimeKBytes 0 LifetimeSec 3600
1-16: 15:23:01:160:1d6c QMOffer[0] dwFlags 0 dwPFSGroup 2
1-16: 15:23:01:160:1d6c  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
1-16: 15:23:01:160:1d6c Starting Negotiation: src = 217.153.150.*.0500, dst = 217.153.119.*.0500, proto = 00, context = 0000008E, ProxySrc = 192.168.168.0.0000, ProxyDst = 192.168.1.64.0000 SrcMask = 255.255.255.0 DstMask = 255.255.255.192
1-16: 15:23:01:160:1d6c constructing ISAKMP Header
1-16: 15:23:01:160:1d6c constructing SA (ISAKMP)
1-16: 15:23:01:160:1d6c Constructing Vendor MS NT5 ISAKMPOAKLEY
1-16: 15:23:01:160:1d6c Constructing Vendor FRAGMENTATION
1-16: 15:23:01:160:1d6c Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
1-16: 15:23:01:160:1d6c Constructing Vendor Vid-Initial-Contact
1-16: 15:23:01:160:1d6c
1-16: 15:23:01:160:1d6c Sending: SA = 0x0846D1E8 to 217.153.119.*:Type 2.500
1-16: 15:23:01:160:1d6c ISAKMP Header: (V1.0), len = 168
1-16: 15:23:01:160:1d6c   I-COOKIE f0a10f116ec7d425
1-16: 15:23:01:160:1d6c   R-COOKIE 0000000000000000
1-16: 15:23:01:160:1d6c   exchange: Oakley Main Mode
1-16: 15:23:01:160:1d6c   flags: 0
1-16: 15:23:01:160:1d6c   next payload: SA
1-16: 15:23:01:160:1d6c   message ID: 00000000
1-16: 15:23:01:160:1d6c Ports S:f401 D:f401
1-16: 15:23:01:316:1d6c
1-16: 15:23:01:316:1d6c Receive: (get) SA = 0x0846d1e8 from 217.153.119.*.500
1-16: 15:23:01:316:1d6c ISAKMP Header: (V1.0), len = 84
1-16: 15:23:01:316:1d6c   I-COOKIE f0a10f116ec7d425
1-16: 15:23:01:316:1d6c   R-COOKIE 7228fc05759801bf
1-16: 15:23:01:316:1d6c   exchange: Oakley Main Mode
1-16: 15:23:01:316:1d6c   flags: 0
1-16: 15:23:01:316:1d6c   next payload: SA
1-16: 15:23:01:316:1d6c   message ID: 00000000
1-16: 15:23:01:316:1d6c Failed for length exceeded
1-16: 15:23:01:332:1d6c invalid payload received
1-16: 15:23:01:332:1d6c GetPacket failed 3613
1-16: 15:23:01:972:bf8 Retransmit failed to find SA

_____________________________

In skating over thin ice, our safety is in our speed.

(in reply to justmee)
Post #: 45
RE: Discussion for article on Site to Site ISA to DLink... - 16.Jan.2008 10:14:22 AM   
justmee

 

Posts: 505
Joined: 14.May2007
Status: offline
Hmmm.
That's the entire log ?
A quick advise when you "take" a Oakley.log, take it clean: reaboot ISA or the services in order to have an empty "Oakley.log". Then connect. In this way we have a clean path over what had happened starting from the first packet.
Are you sure the remote site only includes 192.168.1.64/26 ?
We can follow the "end" of your Oakley.log
ISA is sending the first IKE MM packet:
1-16: 15:23:01:160:1d6c constructing ISAKMP Header
...
1-16: 15:23:01:160:1d6c Sending: SA = 0x0846D1E8 to 217.153.119.*:Type 2.500
1-16: 15:23:01:160:1d6c ISAKMP Header: (V1.0), len = 168
1-16: 15:23:01:160:1d6c   I-COOKIE f0a10f116ec7d425
1-16: 15:23:01:160:1d6c   R-COOKIE 0000000000000000

And receives a response from D-Link:
1-16: 15:23:01:316:1d6c Receive: (get) SA = 0x0846d1e8 from 217.153.119.*.500
1-16: 15:23:01:316:1d6c ISAKMP Header: (V1.0), len = 84
1-16: 15:23:01:316:1d6c   I-COOKIE f0a10f116ec7d425
1-16: 15:23:01:316:1d6c   R-COOKIE 7228fc05759801bf

Witch turns into:
1-16: 15:23:01:316:1d6c Failed for length exceeded
1-16: 15:23:01:332:1d6c invalid payload received
1-16: 15:23:01:332:1d6c GetPacket failed 3613

At a first glance looks like crappy IPsec software on the D-link.
Can you please take a clean Oakley.log, maybe we can find out more.
J

(in reply to Domel)
Post #: 46
RE: Discussion for article on Site to Site ISA to DLink... - 17.Jan.2008 6:35:20 AM   
Domel

 

Posts: 7
Joined: 21.Jan.2007
Status: offline
There is entire log

And ISA IPSec is set to:
Local Tunnel Endpoint: 217.153.150.*
Remote Tunnel Endpoint: 217.153.119.*

To allow HTTP proxy or NAT traffic to the remote site,
the remote site configuration must contain the local
site tunnel end-point IP address.

IKE Phase I Parameters:
   Mode: Main mode
   Encryption: 3DES
   Integrity: SHA1
   Diffie-Hellman group: Group 2 (1024 bit)
   Authentication method: Pre-shared secret (pass removed)
   Security Association lifetime: 28800 seconds

IKE Phase II Parameters:
   Mode: ESP tunnel mode
   Encryption: 3DES
   Integrity: SHA1
   Perfect Forward Secrecy: ON
   Diffie-Hellman group: Group 2 (1024 bit)
   Time rekeying: ON
   Security Association lifetime: 3600 seconds
   Kbyte rekeying: OFF

Remote Network 'Gliwice' IP Subnets:
   Subnet: 192.168.1.1/255.255.255.255
   Subnet: 192.168.1.2/255.255.255.254
   Subnet: 192.168.1.4/255.255.255.252
   Subnet: 192.168.1.8/255.255.255.248
   Subnet: 192.168.1.16/255.255.255.240
   Subnet: 192.168.1.32/255.255.255.224
   Subnet: 192.168.1.64/255.255.255.192
   Subnet: 192.168.1.128/255.255.255.128

Local Network 'Internal' IP Subnets:
   Subnet: 192.168.168.0/255.255.255.0

But I don't understand why there are so many subnets. I putet only one in New Location Wizard ...

_____________________________

In skating over thin ice, our safety is in our speed.

(in reply to justmee)
Post #: 47
RE: Discussion for article on Site to Site ISA to DLink... - 17.Jan.2008 7:53:07 AM   
justmee

 

Posts: 505
Joined: 14.May2007
Status: offline
Why are so many subnets?
Maybe because you have entered them ?
What exactly have you entered ?
If you want to include 192.168.1.0/24(which appears in your D-Link log) then type:
192.168.1.0-192.168.1.255
Don't start with 192.168.1.1
Regarding the Oakley.log same story from my previous post.
To be honest I have seen the same message (Failed for length exceeded, invalid payload received, GetPacket failed 3613) some time ago when I attempted to create a site to site between ISA and a crappy two cent device. That was fixed with a firmware upgrade on that device(it had a bug).
What's happening: ISA is sending the first IKE MM message with the proposal of IKE MM settings.
The D-Link replies something(don't know what from the Oakley.log). If configured correctly it should reply back with the same IKE MM proposal. After that, the second round of IKE messages should follow(DH key exchange).
But it appears it is something wrong with the D-Link packet.
If the D-Link does not have the same IKE MM settings it should inform ISA about that with a Notification payload(ISAKMP Informational).
Can you take a Wireshark trace on ISA's external interface and tell us(if you do not want to put a link for it due to some reasons) what's in the packet sent by D-Link ?
Watch for the first ISA IKE MM message(R-COOKIE 0) which contains ISA's proposal payload(something like):
Sending: SA = 0x0846D1E8 to 217.153.119.*:Type 2.500
SAKMP Header: (V1.0), len = 168
I-COOKIE f0a10f116ec7d425
R-COOKIE 0000000000000000
And the D-LINK response to that. See if the D-Link sends back a proposal.
Is there any other device between ISA and D-Link?

< Message edited by justmee -- 17.Jan.2008 7:54:32 AM >

(in reply to Domel)
Post #: 48
RE: Discussion for article on Site to Site ISA to DLink... - 17.Jan.2008 8:34:45 AM   
Domel

 

Posts: 7
Joined: 21.Jan.2007
Status: offline
quote:


Why are so many subnets?
Maybe because you have entered them ?
What exactly have you entered ?
If you want to include 192.168.1.0/24(which appears in your D-Link log) then type:
192.168.1.0-192.168.1.255
Don't start with 192.168.1.1

My fault. I have entered 192.168.1.1.
I have configured ISA again with 192.168.1.0, upgraded again firmware and it started to work exactly as described in article :)
Thanks for help! :)

_____________________________

In skating over thin ice, our safety is in our speed.

(in reply to justmee)
Post #: 49
RE: Discussion for article on Site to Site ISA to DLink... - 23.Jan.2008 2:44:36 PM   
clayman24

 

Posts: 3
Joined: 21.Sep.2006
Status: offline
I have this VPN working reliably with the Dlink router mentiuoned in the article:

I couple gotcha's that were not mentioned in the document:

Assumptions: 
ISA external Adapter fixed IP: 10.0.0.1
Internal Subnet Addresses: 192.168.1.0 - 192.168.1.255
 
DLINK External Fixed IP: 10.0.1.1
Intenal Subnet at DLink SIte: 192.168.3.1 - 192.168.3.255


1. The Fixed IP address for the remote site where the gateway is installed must be included in the subnet addressing: At both the dlink and the ISA locations: i.e.

ISA side:
192.168.3.0-192.168.3.255
10.0.1.1 - 10.0.1.1

DLink Side:
192.168.1.0 - 192.168.1.255
10.0.0.1

2.  The static route has to be setup to point the correct way:

ISA side:
Destination: 192.168.3.0
SubnetMask: 255.255.255.0
Gateway: 10.0.1.1 ( external ip of DLink)

DLINk side:
Destination: 192.168.1.0
Subnet Mask: 255.255.255.0
Gateway: 10.0.0.1 ( ISA external adapter)

I hope this helps

Clayton


(in reply to Domel)
Post #: 50
RE: Discussion for article on Site to Site ISA to DLink... - 18.Dec.2008 2:56:21 PM   
Kevdg

 

Posts: 17
Joined: 1.Jul.2004
From: Atlanta
Status: offline
Justmee,

I have been pulling my hair trying to get a site-to-site VPN setup between my Headquarters and Branch office. I have ISA 2006 in my headquarters office and a D-Link Netdefend DFL-CPG310 in my branch office. I have verified several times now that the settings on each end are identical, however, I can't get the connection to establish. In the Oakley log below you can see that I am receiving an "Invalid Payload" and "Policy too general - DescAddrType does not match 1 != 2" error.


Is this an issue with the D-Link router? Is there any way that I can determine if the D-link is send the wrong information in it's response?

12-18: 15:04:06:567:ec8 Receive: (get) SA = 0x00000000 from 68.209.xxx.xxx.500
12-18: 15:04:06:567:ec8 ISAKMP Header: (V1.0), len = 148
12-18: 15:04:06:567:ec8 I-COOKIE cd347e45f6e50bf3
12-18: 15:04:06:567:ec8 R-COOKIE 0000000000000000
12-18: 15:04:06:567:ec8 exchange: Oakley Main Mode
12-18: 15:04:06:567:ec8 flags: 0
12-18: 15:04:06:567:ec8 next payload: SA
12-18: 15:04:06:567:ec8 message ID: 00000000
12-18: 15:04:06:567:ec8 Filter to match: Src 68.209.xxx.xxx Dst 74.231.xxx.xxx
12-18: 15:04:06:583:ec8 MM PolicyName: ISA Server BHM MM Policy
12-18: 15:04:06:583:ec8 MMPolicy dwFlags 0 SoftSAExpireTime 28800
12-18: 15:04:06:583:ec8 MMOffer[0] LifetimeSec 28800 QMLimit 0 DHGroup 2
12-18: 15:04:06:583:ec8 MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
12-18: 15:04:06:583:ec8 Auth[0]:PresharedKey KeyLen 6
12-18: 15:04:06:583:ec8 Responding with new SA 168f1a0
12-18: 15:04:06:583:ec8 processing payload SA
12-18: 15:04:06:583:ec8 Received Phase 1 Transform 1
12-18: 15:04:06:583:ec8 Encryption Alg Triple DES CBC(5)
12-18: 15:04:06:583:ec8 Hash Alg SHA(2)
12-18: 15:04:06:583:ec8 Auth Method Preshared Key(1)
12-18: 15:04:06:583:ec8 Oakley Group 2
12-18: 15:04:06:583:ec8 Life type in Seconds
12-18: 15:04:06:583:ec8 Life duration of 28800
12-18: 15:04:06:583:ec8 Phase 1 SA accepted: transform=1
12-18: 15:04:06:583:ec8 SA - Oakley proposal accepted
12-18: 15:04:06:583:ec8 processing payload VENDOR ID
12-18: 15:04:06:583:ec8 processing payload VENDOR ID
12-18: 15:04:06:583:ec8 Received VendorId draft-ietf-ipsec-nat-t-ike-02
12-18: 15:04:06:583:ec8 ClearFragList
12-18: 15:04:06:583:ec8 constructing ISAKMP Header
12-18: 15:04:06:583:ec8 constructing SA (ISAKMP)
12-18: 15:04:06:583:ec8 Constructing Vendor MS NT5 ISAKMPOAKLEY
12-18: 15:04:06:583:ec8 Constructing Vendor FRAGMENTATION
12-18: 15:04:06:583:ec8 Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
12-18: 15:04:06:583:ec8
12-18: 15:04:06:583:ec8 Sending: SA = 0x0168F1A0 to 68.209.xxx.xxx:Type 2.500
12-18: 15:04:06:583:ec8 ISAKMP Header: (V1.0), len = 148
12-18: 15:04:06:583:ec8 I-COOKIE cd347e45f6e50bf3
12-18: 15:04:06:583:ec8 R-COOKIE ba182dd1c1fd9da5
12-18: 15:04:06:583:ec8 exchange: Oakley Main Mode
12-18: 15:04:06:583:ec8 flags: 0
12-18: 15:04:06:583:ec8 next payload: SA
12-18: 15:04:06:583:ec8 message ID: 00000000
12-18: 15:04:06:583:ec8 Ports S:f401 D:f401
12-18: 15:04:06:911:ec8
12-18: 15:04:06:911:ec8 Receive: (get) SA = 0x0168f1a0 from 68.209.xxx.xxx.500
12-18: 15:04:06:911:ec8 ISAKMP Header: (V1.0), len = 232
12-18: 15:04:06:911:ec8 I-COOKIE cd347e45f6e50bf3
12-18: 15:04:06:911:ec8 R-COOKIE ba182dd1c1fd9da5
12-18: 15:04:06:911:ec8 exchange: Oakley Main Mode
12-18: 15:04:06:911:ec8 flags: 0
12-18: 15:04:06:911:ec8 next payload: KE
12-18: 15:04:06:911:ec8 message ID: 00000000
12-18: 15:04:06:911:ec8 processing payload KE
12-18: 15:04:06:973:ec8 processing payload NONCE
12-18: 15:04:06:973:ec8 processing payload NATDISC
12-18: 15:04:06:973:ec8 Processing NatHash
12-18: 15:04:06:973:ec8 Nat hash e152f9d92d991ca13bbbba7114e559f2
12-18: 15:04:06:973:ec8 7357d3f9
12-18: 15:04:06:973:ec8 SA StateMask2 e
12-18: 15:04:06:973:ec8 processing payload NATDISC
12-18: 15:04:06:973:ec8 Processing NatHash
12-18: 15:04:06:973:ec8 Nat hash 66e93e32ea6019c66e6b2dc62e64ba53
12-18: 15:04:06:973:ec8 46952023
12-18: 15:04:06:973:ec8 SA StateMask2 8e
12-18: 15:04:06:973:ec8 ClearFragList
12-18: 15:04:06:973:ec8 constructing ISAKMP Header
12-18: 15:04:06:973:ec8 constructing KE
12-18: 15:04:06:973:ec8 constructing NONCE (ISAKMP)
12-18: 15:04:06:973:ec8 Constructing NatDisc
12-18: 15:04:06:973:ec8
12-18: 15:04:06:973:ec8 Sending: SA = 0x0168F1A0 to 68.209.xxx.xxx:Type 2.500
12-18: 15:04:06:973:ec8 ISAKMP Header: (V1.0), len = 232
12-18: 15:04:06:973:ec8 I-COOKIE cd347e45f6e50bf3
12-18: 15:04:06:973:ec8 R-COOKIE ba182dd1c1fd9da5
12-18: 15:04:06:973:ec8 exchange: Oakley Main Mode
12-18: 15:04:06:973:ec8 flags: 0
12-18: 15:04:06:973:ec8 next payload: KE
12-18: 15:04:06:973:ec8 message ID: 00000000
12-18: 15:04:06:973:ec8 Ports S:f401 D:f401
12-18: 15:04:07:286:ec8
12-18: 15:04:07:286:ec8 Receive: (get) SA = 0x0168f1a0 from 68.209.xxx.xxx.500
12-18: 15:04:07:286:ec8 ISAKMP Header: (V1.0), len = 68
12-18: 15:04:07:286:ec8 I-COOKIE cd347e45f6e50bf3
12-18: 15:04:07:286:ec8 R-COOKIE ba182dd1c1fd9da5
12-18: 15:04:07:286:ec8 exchange: Oakley Main Mode
12-18: 15:04:07:286:ec8 flags: 1 ( encrypted )
12-18: 15:04:07:286:ec8 next payload: ID
12-18: 15:04:07:286:ec8 message ID: 00000000
12-18: 15:04:07:286:ec8 processing payload ID
12-18: 15:04:07:286:ec8 processing payload HASH
12-18: 15:04:07:286:ec8 AUTH: Phase I authentication accepted
12-18: 15:04:07:286:ec8 ClearFragList
12-18: 15:04:07:286:ec8 constructing ISAKMP Header
12-18: 15:04:07:286:ec8 constructing ID
12-18: 15:04:07:286:ec8 MM ID Type 1
12-18: 15:04:07:286:ec8 MM ID 4ae720c4
12-18: 15:04:07:286:ec8 constructing HASH
12-18: 15:04:07:286:ec8 MM established. SA: 0168F1A0
12-18: 15:04:07:286:ec8
12-18: 15:04:07:286:ec8 Sending: SA = 0x0168F1A0 to 68.209.xxx.xxx:Type 2.500
12-18: 15:04:07:286:ec8 ISAKMP Header: (V1.0), len = 68
12-18: 15:04:07:286:ec8 I-COOKIE cd347e45f6e50bf3
12-18: 15:04:07:286:ec8 R-COOKIE ba182dd1c1fd9da5
12-18: 15:04:07:286:ec8 exchange: Oakley Main Mode
12-18: 15:04:07:286:ec8 flags: 1 ( encrypted )
12-18: 15:04:07:286:ec8 next payload: ID
12-18: 15:04:07:286:ec8 message ID: 00000000
12-18: 15:04:07:286:ec8 Ports S:f401 D:f401
12-18: 15:04:07:614:ec8
12-18: 15:04:07:614:ec8 Receive: (get) SA = 0x0168f1a0 from 68.209.xxx.xxx.500
12-18: 15:04:07:629:ec8 ISAKMP Header: (V1.0), len = 292
12-18: 15:04:07:629:ec8 I-COOKIE cd347e45f6e50bf3
12-18: 15:04:07:629:ec8 R-COOKIE ba182dd1c1fd9da5
12-18: 15:04:07:629:ec8 exchange: Oakley Quick Mode
12-18: 15:04:07:629:ec8 flags: 1 ( encrypted )
12-18: 15:04:07:629:ec8 next payload: HASH
12-18: 15:04:07:629:ec8 message ID: 9db44953
12-18: 15:04:07:629:ec8 processing HASH (QM)
12-18: 15:04:07:629:ec8 ClearFragList
12-18: 15:04:07:629:ec8 processing payload NONCE
12-18: 15:04:07:629:ec8 processing payload KE
12-18: 15:04:07:629:ec8 Quick Mode KE processed; Saved KE data
12-18: 15:04:07:629:ec8 processing payload ID
12-18: 15:04:07:629:ec8 processing payload ID
12-18: 15:04:07:629:ec8 processing payload SA
12-18: 15:04:07:629:ec8 Negotiated Proxy ID: Src 68.209.xxx.xxx.0 Dst 74.231.xxx.xxx.0
12-18: 15:04:07:629:ec8 Checking Proposal 1: Proto= ESP(3), num trans=1 Next=0
12-18: 15:04:07:629:ec8 Checking Transform # 1: ID=Triple DES CBC(3)
12-18: 15:04:07:629:ec8 SA life type in seconds
12-18: 15:04:07:629:ec8 SA life duration 00000e10
12-18: 15:04:07:629:ec8 group description for PFS is 2
12-18: 15:04:07:629:ec8 tunnel mode is Tunnel Mode(1)
12-18: 15:04:07:629:ec8 HMAC algorithm is SHA(2)
12-18: 15:04:07:629:ec8 Finding Responder Policy for SRC=68.209.xxx.xxx.0000 DST=74.231.xxx.xxx.0000, SRCMask=255.255.255.255, DSTMask=255.255.255.255, Prot=0 InTunnelEndpt c420e74a OutTunnelEndpt c30ad144
12-18: 15:04:07:629:ec8 QM PolicyName: ISA Server BHM QM Policy dwFlags 0
12-18: 15:04:07:629:ec8 QMOffer[0] LifetimeKBytes 0 LifetimeSec 3600
12-18: 15:04:07:629:ec8 QMOffer[0] dwFlags 0 dwPFSGroup 2
12-18: 15:04:07:629:ec8 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
12-18: 15:04:07:629:ec8 Policy too general - DescAddrType does not match 1 != 2
12-18: 15:04:07:629:ec8 Policy too general
12-18: 15:04:07:629:ec8 Phase 2 SA accepted: proposal=1 transform=1
12-18: 15:04:07:629:ec8 Adding default policy for SRC=c30ad144.0000 DST=c420e74a.0000, SRCMask=ffffffff, DSTMask=ffffffff, Prot=0, TunnelFilter 1, TunnelAddr c420e74a
12-18: 15:04:07:629:ec8 GetSpi: src = 68.209.xxx.xxx.0000, dst = 74.231.xxx.xxx.0000, proto = 00, context = 00000000, srcMask = 255.255.255.255, destMask = 255.255.255.255, TunnelFilter 1
12-18: 15:04:07:629:ec8 Setting SPI 3392134866
12-18: 15:04:07:708:ec8 constructing ISAKMP Header
12-18: 15:04:07:708:ec8 constructing HASH (null)
12-18: 15:04:07:708:ec8 constructing SA (IPSEC)
12-18: 15:04:07:708:ec8 constructing QM KE
12-18: 15:04:07:708:ec8 constructing NONCE (IPSEC)
12-18: 15:04:07:708:ec8 constructing ID (proxy)
12-18: 15:04:07:708:ec8 constructing ID (proxy)
12-18: 15:04:07:708:ec8 constructing HASH (QM)
12-18: 15:04:07:708:ec8
12-18: 15:04:07:708:ec8 Sending: SA = 0x0168F1A0 to 68.209.xxx.xxx:Type 2.500
12-18: 15:04:07:708:ec8 ISAKMP Header: (V1.0), len = 292
12-18: 15:04:07:708:ec8 I-COOKIE cd347e45f6e50bf3
12-18: 15:04:07:708:ec8 R-COOKIE ba182dd1c1fd9da5
12-18: 15:04:07:708:ec8 exchange: Oakley Quick Mode
12-18: 15:04:07:708:ec8 flags: 3 ( encrypted commit )
12-18: 15:04:07:708:ec8 next payload: HASH
12-18: 15:04:07:708:ec8 message ID: 9db44953
12-18: 15:04:07:708:ec8 Ports S:f401 D:f401
12-18: 15:04:08:67:ec8
12-18: 15:04:08:67:ec8 Receive: (get) SA = 0x0168f1a0 from 68.209.xxx.xxx.500
12-18: 15:04:08:67:ec8 ISAKMP Header: (V1.0), len = 60
12-18: 15:04:08:67:ec8 I-COOKIE cd347e45f6e50bf3
12-18: 15:04:08:67:ec8 R-COOKIE ba182dd1c1fd9da5
12-18: 15:04:08:67:ec8 exchange: Oakley Quick Mode
12-18: 15:04:08:67:ec8 flags: 1 ( encrypted )
12-18: 15:04:08:67:ec8 next payload: HASH
12-18: 15:04:08:67:ec8 message ID: 9db44953
12-18: 15:04:08:67:ec8 processing HASH (QM)
12-18: 15:04:08:67:ec8 ClearFragList
12-18: 15:04:08:67:ec8 Adding QMs: src = 74.231.xxx.xxx.0000, dst = 68.209.xxx.xxx.0000, proto = 00, context = 0000001D, my tunnel = 74.231.xxx.xxx, peer tunnel = 68.209.xxx.xxx, SrcMask = 0.0.0.0, DestMask = 0.0.0.0 Lifetime = 3600 LifetimeKBytes 100000 dwFlags 1 Direction 1 EncapType 1
12-18: 15:04:08:67:ec8 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
12-18: 15:04:08:67:ec8 Algo[0] MySpi: 3392134866 PeerSpi: 1576696082
12-18: 15:04:08:67:ec8 Encap Ports Src 500 Dst 500
12-18: 15:04:08:67:ec8 isadb_set_status sa:0168F1A0 centry:000E2A40 status 0
12-18: 15:04:08:67:ec8 Constructing Commit Notify
12-18: 15:04:08:67:ec8 constructing ISAKMP Header
12-18: 15:04:08:67:ec8 constructing HASH (null)
12-18: 15:04:08:67:ec8 constructing NOTIFY 16384
12-18: 15:04:08:67:ec8 constructing HASH (QM)
12-18: 15:04:08:67:ec8
12-18: 15:04:08:67:ec8 Sending: SA = 0x0168F1A0 to 68.209.xxx.xxx:Type 4.500
12-18: 15:04:08:67:ec8 ISAKMP Header: (V1.0), len = 76
12-18: 15:04:08:67:ec8 I-COOKIE cd347e45f6e50bf3
12-18: 15:04:08:67:ec8 R-COOKIE ba182dd1c1fd9da5
12-18: 15:04:08:67:ec8 exchange: Oakley Quick Mode
12-18: 15:04:08:67:ec8 flags: 3 ( encrypted commit )
12-18: 15:04:08:67:ec8 next payload: HASH
12-18: 15:04:08:67:ec8 message ID: 9db44953
12-18: 15:04:08:67:ec8 Ports S:f401 D:f401
12-18: 15:04:08:83:ec8
12-18: 15:04:08:83:ec8 Receive: (get) SA = 0x0168f1a0 from 68.209.xxx.xxx.500
12-18: 15:04:08:83:ec8 ISAKMP Header: (V1.0), len = 60
12-18: 15:04:08:83:ec8 I-COOKIE cd347e45f6e50bf3
12-18: 15:04:08:83:ec8 R-COOKIE ba182dd1c1fd9da5
12-18: 15:04:08:83:ec8 exchange: Oakley Quick Mode
12-18: 15:04:08:83:ec8 flags: 1 ( encrypted )
12-18: 15:04:08:83:ec8 next payload: HASH
12-18: 15:04:08:83:ec8 message ID: 9db44953
12-18: 15:04:08:83:ec8 invalid payload received
12-18: 15:04:08:83:ec8 Resending last payload
12-18: 15:04:08:83:ec8
12-18: 15:04:08:83:ec8 Sending: SA = 0x0168F1A0 to 68.209.xxx.xxx:Type 4.500
12-18: 15:04:08:83:ec8 ISAKMP Header: (V1.0), len = 76
12-18: 15:04:08:83:ec8 I-COOKIE cd347e45f6e50bf3
12-18: 15:04:08:83:ec8 R-COOKIE ba182dd1c1fd9da5
12-18: 15:04:08:83:ec8 exchange: Oakley Quick Mode
12-18: 15:04:08:83:ec8 flags: 3 ( encrypted commit )
12-18: 15:04:08:83:ec8 next payload: HASH
12-18: 15:04:08:83:ec8 message ID: 9db44953
12-18: 15:04:08:83:ec8 Ports S:f401 D:f401
12-18: 15:04:08:83:ec8 GetPacket failed 3613
12-18: 15:04:08:754:548 Acquire from driver: op=0000001E src=74.231.xxx.xxx.0 dst=192.168.1.1.0 proto = 0, SrcMask=255.255.255.255, DstMask=255.255.255.0, Tunnel 1, TunnelEndpt=68.209.xxx.xxx Inbound TunnelEndpt=74.231.xxx.xxx
12-18: 15:04:08:754:ec8 Starting Negotiation: src = 68.209.xxx.xxx.0500, dst = 74.231.xxx.xxx.0500, proto = 00, context = 0000001E, ProxySrc = 74.231.xxx.xxx.0000, ProxyDst = 192.168.1.0.0000 SrcMask = 255.255.255.255 DstMask = 255.255.255.0
12-18: 15:04:08:754:ec8 QM PolicyName: ISA Server BHM QM Policy dwFlags 0
12-18: 15:04:08:754:ec8 QMOffer[0] LifetimeKBytes 0 LifetimeSec 3600
12-18: 15:04:08:754:ec8 QMOffer[0] dwFlags 0 dwPFSGroup 2
12-18: 15:04:08:754:ec8 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
12-18: 15:04:08:754:ec8 GetSpi: src = 192.168.1.0.0000, dst = 74.231.xxx.xxx.0000, proto = 00, context = 0000001E, srcMask = 255.255.255.0, destMask = 255.255.255.255, TunnelFilter 1
12-18: 15:04:08:754:ec8 Setting SPI 3540359839
12-18: 15:04:08:754:ec8 constructing ISAKMP Header
12-18: 15:04:08:754:ec8 constructing HASH (null)
12-18: 15:04:08:754:ec8 constructing SA (IPSEC)
12-18: 15:04:08:754:ec8 constructing QM KE
12-18: 15:04:08:801:ec8 constructing NONCE (IPSEC)
12-18: 15:04:08:801:ec8 constructing ID (proxy)
12-18: 15:04:08:801:ec8 constructing ID (proxy)
12-18: 15:04:08:801:ec8 constructing HASH (QM)
12-18: 15:04:08:801:ec8
12-18: 15:04:08:801:ec8 Sending: SA = 0x0168F1A0 to 68.209.xxx.xxx:Type 2.500
12-18: 15:04:08:801:ec8 ISAKMP Header: (V1.0), len = 292
12-18: 15:04:08:801:ec8 I-COOKIE cd347e45f6e50bf3
12-18: 15:04:08:801:ec8 R-COOKIE ba182dd1c1fd9da5
12-18: 15:04:08:801:ec8 exchange: Oakley Quick Mode
12-18: 15:04:08:801:ec8 flags: 1 ( encrypted )
12-18: 15:04:08:801:ec8 next payload: HASH
12-18: 15:04:08:801:ec8 message ID: 2dca206a
12-18: 15:04:08:801:ec8 Ports S:f401 D:f401
12-18: 15:04:09:145:ec8
12-18: 15:04:09:145:ec8 Receive: (get) SA = 0x0168f1a0 from 68.209.xxx.xxx.500
12-18: 15:04:09:145:ec8 ISAKMP Header: (V1.0), len = 300
12-18: 15:04:09:145:ec8 I-COOKIE cd347e45f6e50bf3
12-18: 15:04:09:145:ec8 R-COOKIE ba182dd1c1fd9da5
12-18: 15:04:09:145:ec8 exchange: Oakley Quick Mode
12-18: 15:04:09:145:ec8 flags: 1 ( encrypted )
12-18: 15:04:09:145:ec8 next payload: HASH
12-18: 15:04:09:145:ec8 message ID: 2dca206a
12-18: 15:04:09:145:ec8 processing HASH (QM)
12-18: 15:04:09:145:ec8 ClearFragList
12-18: 15:04:09:145:ec8 processing payload NONCE
12-18: 15:04:09:145:ec8 processing payload KE
12-18: 15:04:09:145:ec8 Quick Mode KE processed; Saved KE data
12-18: 15:04:09:145:ec8 processing payload ID
12-18: 15:04:09:145:ec8 processing payload ID
12-18: 15:04:09:145:ec8 processing payload SA
12-18: 15:04:09:145:ec8 Negotiated Proxy ID: Src 74.231.xxx.xxx.0 Dst 192.168.1.0.0
12-18: 15:04:09:145:ec8 Dst id for subnet. Mask 255.255.255.0
12-18: 15:04:09:145:ec8 Checking Proposal 1: Proto= ESP(3), num trans=1 Next=0
12-18: 15:04:09:145:ec8 Checking Transform # 1: ID=Triple DES CBC(3)
12-18: 15:04:09:145:ec8 SA life type in seconds
12-18: 15:04:09:145:ec8 SA life duration 00000e10
12-18: 15:04:09:145:ec8 tunnel mode is Tunnel Mode(1)
12-18: 15:04:09:145:ec8 HMAC algorithm is SHA(2)
12-18: 15:04:09:145:ec8 group description for PFS is 2
12-18: 15:04:09:145:ec8 Phase 2 SA accepted: proposal=1 transform=1
12-18: 15:04:09:176:ec8 constructing ISAKMP Header
12-18: 15:04:09:176:ec8 constructing HASH (QM)
12-18: 15:04:09:176:ec8 Adding QMs: src = 74.231.xxx.xxx.0000, dst = 192.168.1.0.0000, proto = 00, context = 0000001E, my tunnel = 74.231.xxx.xxx, peer tunnel = 68.209.xxx.xxx, SrcMask = 0.0.0.0, DestMask = 255.255.255.0 Lifetime = 3600 LifetimeKBytes 100000 dwFlags 1 Direction 2 EncapType 1
12-18: 15:04:09:176:ec8 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
12-18: 15:04:09:176:ec8 Algo[0] MySpi: 3540359839 PeerSpi: 1576696084
12-18: 15:04:09:176:ec8 Encap Ports Src 500 Dst 500
12-18: 15:04:09:176:ec8 Skipping Outbound SA add
12-18: 15:04:09:176:ec8 Adding QMs: src = 74.231.xxx.xxx.0000, dst = 192.168.1.0.0000, proto = 00, context = 0000001E, my tunnel = 74.231.xxx.xxx, peer tunnel = 68.209.xxx.xxx, SrcMask = 0.0.0.0, DestMask = 255.255.255.0 Lifetime = 3600 LifetimeKBytes 100000 dwFlags 1 Direction 3 EncapType 1
12-18: 15:04:09:176:ec8 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
12-18: 15:04:09:176:ec8 Algo[0] MySpi: 3540359839 PeerSpi: 1576696084
12-18: 15:04:09:176:ec8 Encap Ports Src 500 Dst 500
12-18: 15:04:09:176:ec8 Skipping Inbound SA add
12-18: 15:04:09:176:ec8 isadb_set_status sa:0168F1A0 centry:000E2DE8 status 0
12-18: 15:04:09:176:ec8
12-18: 15:04:09:176:ec8 Sending: SA = 0x0168F1A0 to 68.209.xxx.xxx:Type 4.500
12-18: 15:04:09:176:ec8 ISAKMP Header: (V1.0), len = 52
12-18: 15:04:09:176:ec8 I-COOKIE cd347e45f6e50bf3
12-18: 15:04:09:176:ec8 R-COOKIE ba182dd1c1fd9da5
12-18: 15:04:09:176:ec8 exchange: Oakley Quick Mode
12-18: 15:04:09:176:ec8 flags: 1 ( encrypted )
12-18: 15:04:09:176:ec8 next payload: HASH
12-18: 15:04:09:176:ec8 message ID: 2dca206a
12-18: 15:04:09:176:ec8 Ports S:f401 D:f401
12-18: 15:04:09:504:228 isadb_schedule_kill_oldPolicy_sas: 5e07a8f7-0bdc-41bc-b07172481ea97db5 4
12-18: 15:04:09:504:1e8 isadb_schedule_kill_oldPolicy_sas: 88a0fc92-89d8-487f-8d610bcf978e0905 3
12-18: 15:04:09:520:ec8 entered kill_old_policy_sas 4
12-18: 15:04:09:520:ec8 SA Dead. sa:0168F1A0 status:3619
12-18: 15:04:09:520:ec8 isadb_set_status sa:0168F1A0 centry:00000000 status 3619
12-18: 15:04:09:520:fec entered kill_old_policy_sas 3
12-18: 15:04:09:520:ec8 constructing ISAKMP Header
12-18: 15:04:09:520:ec8 constructing HASH (null)
12-18: 15:04:09:520:ec8 constructing DELETE. MM 0168F1A0
12-18: 15:04:09:520:ec8 constructing HASH (Notify/Delete)
12-18: 15:04:09:520:ec8 Not setting retransmit to downlevel client. SA 0168F1A0 Centry 00000000
12-18: 15:04:09:520:ec8
12-18: 15:04:09:520:ec8 Sending: SA = 0x0168F1A0 to 68.209.xxx.xxx:Type 1.500
12-18: 15:04:09:520:ec8 ISAKMP Header: (V1.0), len = 84
12-18: 15:04:09:520:ec8 I-COOKIE cd347e45f6e50bf3
12-18: 15:04:09:520:ec8 R-COOKIE ba182dd1c1fd9da5
12-18: 15:04:09:520:ec8 exchange: ISAKMP Informational Exchange
12-18: 15:04:09:520:ec8 flags: 1 ( encrypted )
12-18: 15:04:09:520:ec8 next payload: HASH
12-18: 15:04:09:520:ec8 message ID: b090c4d8
12-18: 15:04:09:520:ec8 Ports S:f401 D:f401
12-18: 15:04:09:536:228 isadb_schedule_kill_oldPolicy_sas: 1bab0391-ced4-4998-b42253f79c6b1283 4
12-18: 15:04:09:536:1e8 isadb_schedule_kill_oldPolicy_sas: f7f88cc3-593d-4075-894c83ddd62c761e 3
12-18: 15:04:09:551:fec entered kill_old_policy_sas 4
12-18: 15:04:09:551:ec8 entered kill_old_policy_sas 3
12-18: 15:04:10:723:fec SA Dead. sa:0168EAD0 status:35f0
12-18: 15:04:10:723:fec ClearFragList
12-18: 15:04:10:723:fec SA Dead. sa:0168EE38 status:35f0
12-18: 15:04:10:723:fec ClearFragList
12-18: 15:04:15:348:fec QM Deleted. Notify from driver: Src 74.231.xxx.xxx Dest 192.168.1.0 InSPI 3540359839 OutSpi 1576696084 Tunnel c30ad144 TunnelFilter 0
12-18: 15:04:15:348:fec srcEncapPort=62465, dstEncapPort=62465
12-18: 15:04:15:348:fec Could not find the peer list entry
12-18: 15:04:15:348:fec constructing ISAKMP Header
12-18: 15:04:15:348:fec constructing HASH (null)
12-18: 15:04:15:348:fec Construct QM Delete Spi 3540359839
12-18: 15:04:15:348:fec constructing HASH (Notify/Delete)
12-18: 15:04:15:348:fec Not setting retransmit to downlevel client. SA 0168F1A0 Centry 00000000
12-18: 15:04:15:348:fec
12-18: 15:04:15:348:fec Sending: SA = 0x0168F1A0 to 68.209.xxx.xxx:Type 1.500
12-18: 15:04:15:348:fec ISAKMP Header: (V1.0), len = 68
12-18: 15:04:15:348:fec I-COOKIE cd347e45f6e50bf3
12-18: 15:04:15:348:fec R-COOKIE ba182dd1c1fd9da5
12-18: 15:04:15:348:fec exchange: ISAKMP Informational Exchange
12-18: 15:04:15:348:fec flags: 1 ( encrypted )
12-18: 15:04:15:348:fec next payload: HASH
12-18: 15:04:15:348:fec message ID: 347cd244
12-18: 15:04:15:348:fec Ports S:f401 D:f401
12-18: 15:04:15:348:fec PrivatePeerAddr 0
12-18: 15:04:15:364:bfc isadb_schedule_kill_oldPolicy_sas: f084ecf2-c745-4ea4-8d9d98bbfd8b8bc8 2
12-18: 15:04:15:364:1e8 isadb_schedule_kill_oldPolicy_sas: 14d7ad01-7437-4cba-ba5277c9cd68fb76 1
12-18: 15:04:15:379:ec8 entered kill_old_policy_sas 1
12-18: 15:04:15:379:fec entered kill_old_policy_sas 2
12-18: 15:04:15:379:fec constructing ISAKMP Header
12-18: 15:04:15:379:fec constructing HASH (null)
12-18: 15:04:15:379:fec Construct QM Delete Spi 3392134866
12-18: 15:04:15:379:fec constructing HASH (Notify/Delete)
12-18: 15:04:15:379:fec Not setting retransmit to downlevel client. SA 0168F1A0 Centry 00000000
12-18: 15:04:15:379:fec
12-18: 15:04:15:379:fec Sending: SA = 0x0168F1A0 to 68.209.xxx.xxx:Type 1.500
12-18: 15:04:15:379:fec ISAKMP Header: (V1.0), len = 68
12-18: 15:04:15:379:fec I-COOKIE cd347e45f6e50bf3
12-18: 15:04:15:379:fec R-COOKIE ba182dd1c1fd9da5
12-18: 15:04:15:379:fec exchange: ISAKMP Informational Exchange
12-18: 15:04:15:379:fec flags: 1 ( encrypted )
12-18: 15:04:15:379:fec next payload: HASH
12-18: 15:04:15:379:fec message ID: c4bed41c
12-18: 15:04:15:379:fec Ports S:f401 D:f401
12-18: 15:04:15:379:fec Expiring SPI 3392134866 src c30ad144 dst c420e74a
12-18: 15:04:15:379:fec Deleting filter from PA
12-18: 15:04:15:379:ec8 QM Deleted. Notify from driver: Src 74.231.xxx.xxx Dest 68.209.xxx.xxx InSPI 3392134866 OutSpi 1576696082 Tunnel c30ad144 TunnelFilter 0
12-18: 15:04:15:379:ec8 srcEncapPort=62465, dstEncapPort=62465
12-18: 15:04:15:379:ec8 Could not find the peer list entry
12-18: 15:04:15:379:ec8 PrivatePeerAddr 0
12-18: 15:04:20:473:228 isadb_schedule_kill_oldPolicy_sas: 42a68f78-231f-479a-9fe703adcaa54a96 4
12-18: 15:04:20:473:1e8 isadb_schedule_kill_oldPolicy_sas: ef627c10-15c2-4fd0-a306cd4b1729d011 3
12-18: 15:04:20:488:ec8 entered kill_old_policy_sas 4
12-18: 15:04:20:488:fec entered kill_old_policy_sas 3
12-18: 15:04:20:504:228 isadb_schedule_kill_oldPolicy_sas: e74ef2e8-c5a8-46ff-b06168ee663b3c3f 4
12-18: 15:04:20:504:1e8 isadb_schedule_kill_oldPolicy_sas: e1d36899-e5e0-44be-bd65cc6614de0d5e 3
12-18: 15:04:20:520:fec entered kill_old_policy_sas 3
12-18: 15:04:20:520:ec8 entered kill_old_policy_sas 4
12-18: 15:04:20:754:548 Acquire from driver: op=0000001F src=74.231.xxx.xxx.0 dst=192.168.1.1.0 proto = 0, SrcMask=255.255.255.255, DstMask=255.255.255.0, Tunnel 1, TunnelEndpt=68.209.xxx.xxx Inbound TunnelEndpt=74.231.xxx.xxx
12-18: 15:04:20:754:ec8 Filter to match: Src 68.209.xxx.xxx Dst 74.231.xxx.xxx
12-18: 15:04:20:754:ec8 MatchMMFilter failed 13013
12-18: 15:04:20:754:ec8 isadb_set_status sa:0168EE38 centry:00000000 status 32d5
12-18: 15:04:20:754:ec8 Key Exchange Mode (Main Mode)
12-18: 15:04:20:754:ec8 Source IP Address 74.231.xxx.xxx Source IP Address Mask 255.255.255.255 Destination IP Address 68.209.xxx.xxx Destination IP Address Mask 255.255.255.255 Protocol 0 Source Port 0 Destination Port 0 IKE Local Addr 74.231.xxx.xxx IKE Peer Addr 68.209.xxx.xxx IKE Source Port 500 IKE Destination Port 500 Peer Private Addr
12-18: 15:04:20:754:ec8
12-18: 15:04:20:754:ec8 Me
12-18: 15:04:20:754:ec8 The specified main mode policy was not found.
12-18: 15:04:20:754:ec8 Sent first (SA) payload Initiator. Delta Time 0 0x0 0x0
12-18: 15:04:20:754:ec8 initiator: failed cbad02a5
12-18: 15:04:26:613:bfc isadb_schedule_kill_oldPolicy_sas: f084ecf2-c745-4ea4-8d9d98bbfd8b8bc8 2
12-18: 15:04:26:613:1e8 isadb_schedule_kill_oldPolicy_sas: 11d1eff9-d5ff-478e-ab530fa1056e1e4d 1
12-18: 15:04:26:629:fec entered kill_old_policy_sas 1
12-18: 15:04:26:629:ec8 entered kill_old_policy_sas 2
12-18: 15:04:33:675:fec
12-18: 15:04:33:675:fec Receive: (get) SA = 0x00000000 from 68.209.xxx.xxx.500
12-18: 15:04:33:675:fec ISAKMP Header: (V1.0), len = 148
12-18: 15:04:33:675:fec I-COOKIE b8648f6a2e798ae2
12-18: 15:04:33:675:fec R-COOKIE 0000000000000000
12-18: 15:04:33:675:fec exchange: Oakley Main Mode
12-18: 15:04:33:675:fec flags: 0
12-18: 15:04:33:675:fec next payload: SA
12-18: 15:04:33:675:fec message ID: 00000000
12-18: 15:04:33:675:fec Filter to match: Src 68.209.xxx.xxx Dst 74.231.xxx.xxx
12-18: 15:04:33:675:fec MatchMMFilter failed 13013
12-18: 15:04:33:675:fec Responding with new SA 0
12-18: 15:04:33:675:fec HandleFirstPacketResponder failed 3601

< Message edited by Kevdg -- 18.Dec.2008 3:21:38 PM >

(in reply to justmee)
Post #: 51

Page:   <<   < prev  1 2 [3] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> VPN >> RE: Discussion for article on Site to Site ISA to DLink VPN Page: <<   < prev  1 2 [3]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts