R1 #
R1 #
R1 # ping 192.168.20.1 source 192.168.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.10.1
* Aug 8 20:20:40. 323: ISAKMP :( 0): SA request profile is (NULL)
* Aug 8 20:20:40. 323: ISAKMP: Created a peer struct for 202.102.1.2, peer port 5
00
* Aug 8 20:20:40. 323: ISAKMP: New peer created peer = 0x6637AAAC peer_handle = 0
X80000003
* Aug 8 20:20:40. 323: ISAKMP: Locking peer struct 0x6637AAAC, refcount 1 for isa
Kmp_initiator
* Aug 8 20:20:40. 323: ISAKMP: local port 500, remote port 500
* Aug 8 20:20:40. 323: ISAKMP: set new node 0 to QM_IDLE
* Aug 8 20:20:40. 323: insert sa successfully sa = 65D3B7A8
* Aug 8 20:20:40. 323: ISAKMP :( 0): Can not start Aggressive mode, trying Main mode
.
* Aug 8 20:20:40. 323: ISAKMP :( 0): found peer pre-shared key matching 202.102.1.2
* Aug 8 20:20:40. 323: ISAKMP :( 0): constructed NAT-T vendor-07 ID
* Aug 8 20:20:40. 323: ISAKMP :( 0): constructed NAT-T vendor-03 ID
* Aug 8 20:20:40. 323: ISAKMP :( 0): constructed NAT-T vendor-02 ID
* Aug 8 20:20:40. 323: ISAKMP :( 0): Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
* Aug 8 20:20:40. 323: ISAKMP :( 0): Old State = IKE_READY New State = IKE_ I _MM1
* Aug 8 20:20:40. 323: ISAKMP :( 0): beginning Main Mode exchange
* Aug 8 20:20:40. 323: ISAKMP :( 0): sending packet to 202.102.1.2 my_port 500 peer
_ Port 500 (I) MM_NO_STATE (send the first packet)
* Aug 8 20:20:40. 351: ISAKMP (0: 0): received packet from 202.102.1.2 dport 500 s
Port 500 Global (I) MM_NO_STATE (receives the second packet)
<! -Initial status -->
* Aug 8 20:20:40. 355: ISAKMP :( 0): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
* Aug 8 20:20:40. 355: ISAKMP :( 0): Old State = IKE_ I _MM1 New State = IKE_ I _MM2
* Aug 8 20:20:40. 355: ISAKMP :( 0): processing SA payload. message ID = 0
* Aug 8 20:20:40. 355: ISAKMP :( 0): processing vendor id payload
* Aug 8 20:20:40. 355: ISAKMP :( 0): vendor ID seems Unity/DPD but major 245 mismat
Ch
* Aug 8 20:20:40. 355: ISAKMP (0: 0): vendor ID is NAT-T v7
* Aug 8 20:20:40. 355: ISAKMP :( 0): found peer pre-shared key matching 202.102.1.2
* Aug 8 20:20:40. 355: ISAKMP :( 0): local preshared key found
* Aug 8 20:20:40. 355: ISAKMP: Scanning profiles for xauth...
* Aug 8 20:20:40. 355: ISAKMP :.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 28/46/72 MS
R1 # (0): Checking ISAKMP transform 1 against priority 100 policy
* Aug 8 20:20:40. 355: ISAKMP: encryption DES-CBC
* Aug 8 20:20:40. 355: ISAKMP: hash SHA
* Aug 8 20:20:40. 355: ISAKMP: default group 1
* Aug 8 20:20:40. 355: ISAKMP: auth pre-share
* Aug 8 20:20:40. 355: ISAKMP: life type in seconds
* Aug 8 20:20:40. 355: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
* Aug 8 20:20:40. 355: ISAKMP :( 0): atts are acceptable. (both parties agree.) Next payload is 0
<! -Phase 1: Policy negotiation --> If retransmission is always performed, the policy does not match.
* Aug 8 20:20:40. 355: ISAKMP :( 0): processing vendor id payload
* Aug 8 20:20:40. 355: ISAKMP :( 0): vendor ID seems Unity/DPD but major 245 mismatch
* Aug 8 20:20:40. 355: ISAKMP (0: 0): vendor ID is NAT-T v7
* Aug 8 20:20:40. 355: ISAKMP :( 0): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MOD
E
* Aug 8 20:20:40. 355: ISAKMP :( 0): Old State = IKE_ I _MM2 New State = IKE_ I _MM2
* Aug 8 20:20:40. 355: ISAKMP :( 0): sending packet to 202.102.1.2 my_port 500 peer
_ Port 500 (I) MM_SA_SETUP
* Aug 8 20:20:40. 355: ISAKMP :( 0): Input = IKE_ME
R1 # SG_INTERNAL, IKE_PROCESS_COMPLETE
* Aug 8 20:20:40. 355: ISAKMP :( 0): Old State = IKE_ I _MM2 New State = IKE_ I _MM3
Send one
* Aug 8 20:20:40. 403: ISAKMP (0: 0): received packet from 202.102.1.2 dport 500 s
Port 500 Global (I) MM_SA_SETUP
* Aug 8 20:20:40. 407: ISAKMP :( 0): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
* Aug 8 20:20:40. 411: ISAKMP :( 0): Old State = IKE_ I _MM3 New State = IKE_ I _MM4
Receive
* Aug 8 20:20:40. 419: ISAKMP :( 0): processing KE payload. message ID = 0 public value
* Aug 8 20:20:40. 423: ISAKMP :( 0): processing NONCE payload. message ID = 0 Random Number
* Aug 8 20:20:40. 423: ISAKMP :( 0): found peer pre-shared key matching 202.102.1.2
<! -Generate a random number for verification -->
* Aug 8 20:20:40. 423: ISAKMP :( 1002): processing vendor id payload
* Aug 8 20:20:40. 423: ISAKMP :( 1002): vendor ID is Unity
* Aug 8 20:20:40. 423: ISAKMP :( 1002): processing vendor id payload
* Aug 8 20:20:40. 423: ISAKMP :( 1002): vendor ID is DPD
* Aug 8 20:20:40. 423: ISAKMP :( 1002): processing vendor id payload
* Aug 8 20:20:40. 423: ISAKMP :( 1002): speaking to another IOS box!
* Au
R1 # g 8 20:20:40. 423: ISAKMP :( 1002): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN _
MODE
* Aug 8 20:20:40. 423: ISAKMP :( 1002): Old State = IKE_ I _MM4 New State = IKE_ I _MM4
* Aug 8 20:20:40. 423: ISAKMP :( 1002): Send initial contact
* Aug 8 20:20:40. 423: ISAKMP :( 1002): SA is doing pre-shared key authentication us
Ing id type id_00004_addr
* Aug 8 20:20:40. 423: ISAKMP (): ID payload
Next-payload: 8
Type: 1
Address: 202.102.1.1
Protocol: 17
Port: 500
Length: 12
* Aug 8 20:20:40. 423: ISAKMP :( 1002): Total payload length: 12
* Aug 8 20:20:40. 423: ISAKMP :( 1002): sending packet to 202.102.1.2 my_port 500 p
Eer_port 500 (I) MM_KEY_EXCH fifth package
* Aug 8 20:20:40. 423: ISAKMP :( 1002): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPL
ETE
* Aug 8 20:20:40. 423: ISAKMP :( 1002): Old State = IKE_ I _MM4 New State = IKE_ I _MM5
* Aug 8 20:20:40. 463: ISAKMP (): received packet from 202.102.1.2 dport 50
0 sport 500 Global (I) MM_KEY_EXCH sixth package
* Aug 8 20:20:40. 467: ISA
R1 # KMPL1002): processing ID payload. Message ID = 0
* Aug 8 20:20:40. 467: ISAKMP (): ID payload
Next-payload: 8
Type: 1
Address: 202.102.1.2
Protocol: 17
Port: 500
Length: 12
* Aug 8 20:20:40. 467: ISAKMPL0): peer matches * none * of the profiles
* Aug 8 20:20:40. 467: ISAKMPL1002): processing HASH payload. Message ID = 0
* Aug 8 20:20:40. 467: ISAKMPL1002): SA authentication status:
Authenticated
<! -Identity Authentication
* Aug 8 20:20:40. 467: ISAKMPL1002): SA has been authenticated with 202.102.1.2 (the final result is successfully authenticated, and the first stage is successful)
* Aug 8 20:20:40. 467: ISAKMP: Trying to insert a peer 202.102.1.1/202.102.1.2/50
0/, and inserted successfully 6637AAAC.
* Aug 8 20:20:40. 467: ISAKMP :( 1002): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
* Aug 8 20:20:40. 467: ISAKMP :( 1002): Old State = IKE_ I _MM5 New State = IKE_ I _MM6
* Aug 8 20:20:40. 467: ISAKMP :( 1002): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN _
MODE
* Aug 8 20:20:40. 467: ISAKMP :( 1002): Old State = IKE_ I _MM6 New State = IKE_ I _MM6
R1 # * Aug 8 20:20:40. 467: ISAKMP :( 1002): Input = IKE_MESG_INTERNAL, IKE_PROCESS_CO
MPLETE
* Aug 8 20:20:40. 467: ISAKMP :( 1002): Old State = IKE_ I _MM6 New State = IKE_P1_CO
MPLETE
<! -Negotiation parameters of phase 2 -->
* Aug 8 20:20:40. 467: ISAKMP :( 1002): beginning Quick Mode exchange, M-ID of 10935
59871
* Aug 8 20:20:40. 467: ISAKMP :( 1002): QM Initiator gets spi
* Aug 8 20:20:40. 467: ISAKMP :( 1002): sending packet to 202.102.1.2 my_port 500 p
Eer_port 500 (I) QM_IDLE sends the first packet starting from the second segment; QM indicates the fast mode
* Aug 8 20:20:40. 467: ISAKMP :( 1002): Node 1093559871, Input = IKE_MESG_INTERNAL,
IKE_INIT_QM
* Aug 8 20:20:40. 467: ISAKMP :( 1002): Old State = IKE_QM_READY New State = IKE_QM
_ I _QM1
* Aug 8 20:20:40. 467: ISAKMP :( 1002): Input = IKE_MESG_INTERNAL, ike_phase‑comple
TE
* Aug 8 20:20:40. 467: ISAKMP :( 1002): Old State = IKE_P1_COMPLETE New State = IKE
_ P1_COMPLETE
* Aug 8 20:20:40. 511: ISAKMP (): received packet from 202.102.1.2 dport 50
0 sport 500 Global (I) QM_IDLE receives the response from the other party
* Aug 8 20:20:40. 519: ISAKMP :( 1002): processing HASH payload. message ID = 10935
59871
R1 #
* Aug 8 20:20:40. 519: ISAKMP :( 1002): processing SA payload. message ID = 1093559
871
* Aug 8 20:20:40. 523: ISAKMP :( 1002): Checking IPSec proposal 1
* Aug 8 20:20:40. 523: ISAKMP: transform 1, ESP_DES
* Aug 8 20:20:40. 527: ISAKMP: attributes in transform:
* Aug 8 20:20:40. 527: ISAKMP: encaps is 1 (Tunnel)
* Aug 8 20:20:40. 531: ISAKMP: SA life type in seconds
* Aug 8 20:20:40. 531: ISAKMP: SA life duration (basic) of 3600
* Aug 8 20:20:40. 531: ISAKMP: SA life type in kilobytes
* Aug 8 20:20:40. 535: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0
* Aug 8 20:20:40. 539: ISAKMP :( 1002): atts are acceptable. Results accepted by both parties in Stage 2
* Aug 8 20:20:40. 543: ISAKMP :( 1002): processing NONCE payload. message ID = 1093
559871
* Aug 8 20:20:40. 547: ISAKMP :( 1002): processing ID payload. message ID = 1093559
871
* Aug 8 20:20:40. 551: ISAKMP :( 1002): processing ID payload. message ID = 1093559
871
* Aug 8 20:20:40. 551: ISAKMP :( 1002): Creating IPSec SAs
* Aug 8 20:20:40. 551: inboun
R1 # d SA from 202.102.1.2 to 202.102.1.1 (f/I) 0/0
(Proxy 192.168.20.0 to 192.168.10.0)
* Aug 8 20:20:40. 551: has spi 0x866A05BA and conn_id 0 SPI is the final negotiation result of both parties.
* Aug 8 20:20:40. 551: lifetime of 3600 seconds
* Aug 8 20:20:40. 551: lifetime of 4608000 kilobytes
* Aug 8 20:20:40. 551: outbound SA from 202.102.1.1 to 202.102.1.2 (f/I)
0/0
(Proxy 192.168.10.0 to 192.168.20.0)
* Aug 8 20:20:40. 551: has spi 0x2E48CED3 and conn_id 0
* Aug 8 20:20:40. 551: lifetime of 3600 seconds
* Aug 8 20:20:40. 551: lifetime of 4608000 kilobytes
* Aug 8 20:20:40. 551: ISAKMP :( 1002): sending packet to 202.102.1.2 my_port 500 p
Eer_port 500 (I) QM_IDLE
* Aug 8 20:20:40. 551: ISAKMP :( 1002): deleting node 1093559871 error FALSE reason
"No Error"
* Aug 8 20:20:40. 551: ISAKMP :( 1002): Node 1093559871, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
* Aug 8 20:20:40. 551: ISAKMP :( 1002): Old State = IKE_QM_ I _QM1 New State = IKE_QM_PHASE2_COMPLETE
<! -Create a data connection SA -->
R1 # show crypto isakmp sa
IPv4 Crypto ISAKMP SA
Dst src state conn-id slot status
202.102.1.2 202.102.1.1 QM_IDLE 1002 0 ACTIVE
IPv6 Crypto ISAKMP SA
R1 #
* Aug 8 20:21:30. 551: ISAKMP :( 1002): purging node 1093559871
R1 #
This article is from the blog "shangshanruoshui Weijia Hai ".
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
