debug cr Router#debug cry Router#debug crypto ip   % Incomplete command. Router#debug crypto    ips Router#debug crypto ipsec Crypto IPSEC debugging is on Router#debug crypto ipsec      sa Router#debug crypto isakmp Crypto ISAKMP debugging is on Router#ping 192.16 *Mar 3 02:11:30.340: ISAKMP (0:116): purging SA., sa=82F25044, delme=82F25044 *Mar 3 02:11:30.761: ISAKMP (0:120): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:11:30.761: ISAKMP (0:120): phase 2 packet is a duplicate of a previous packet. *Mar 3 02:11:30.761: ISAKMP (0:120): retransmitting due to retransmit phase 2 *Mar 3 02:11:30.765: ISAKMP (0:120): retransmitting phase 2 QM_IDLE -1661623687 ... *Mar 3 02:11:31.258: ISAKMP (0:120): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:11:31.258: ISAKMP: set new node 1600745458 to QM_IDLE *Mar 3 02:11:31.262: ISAKMP (0:120): processing HASH payload. message ID = 1600745458 *Mar 3 02:11:31.262: ISAKMP (0:120): processing SA payload. message ID = 1600745458 *Mar 3 02:11:31.266: ISAKMP (0:120): Checking IPSec proposal 0 *Mar 3 02:11:31.266: ISAKMP: transform 0, ESP_DES *Mar 3 02:11:31.266: ISAKMP: attributes in transfo Router#ping 19rm: *Mar 3 02:11:31.266: ISAKMP: encaps is 1 *Mar 3 02:11:31.266: ISAKMP: SA life type in seconds *Mar 3 02:11:31.266: ISAKMP: SA life duration (basic) of 3600 *Mar 3 02:11:31.266: ISAKMP: authenticator is HMAC-MD5 *Mar 3 02:11:31.266: ISAKMP (0:120): atts are acceptable. *Mar 3 02:11:31.270: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 192.168.8.254, remote= 192.168.8.223, local_proxy= 10.9.9.1/255.255.255.255/0/0 (type=4), remote_proxy= 10.9.9.2/255.255.255.255/0/0 (type=4), protocol= ESP, transform= esp-des esp-md5-hmac , lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Mar 3 02:11:31.270: IPSEC(kei_proxy): head = cm-cryptomap, map->ivrf = , kei->ivrf = *Mar 3 02:11:31.274: IPSEC(validate_transform_proposal): proxy identities not supported *Mar 3 02:11:31.274: ISAKMP (0:120): IPSec policy invalidated proposal *Mar 3 02:11:31.274: ISAKMP (0:120): phase 2 SA policy not acceptable! (local 192.168.8.254 remote 192.168.8.223) *Mar 3 02:11:31.274: ISAKMP: set new node -809583201 to QM_IDLE *Mar 3 02:11:31.278: ISAKMP (0:120): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) QM_IDLE *Mar 3 02:11:31.278: ISAKMP (0:120): purging node -809583201 *Mar 3 02:11:31.282: ISAKMP (0:120): Node 1600745458, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Mar 3 02:11:31.282: ISAKMP (0:120): Old State = IKE_QM_READY New State = IKE_QM_READY *Mar 3 02:11:31.282: ISAKMP (0:120): retransmitting phase 2 QM_IDLE -1661623687 ... *Mar 3 02:11:31.282: ISAKMP (0:120): incrementing error counter on sa: retransmit phase 2 *Mar 3 02:11:31.282: ISAKMP (0:120): incrementing error counter on sa: retransmit phase 2 *Mar 3 02:11:31.282: ISAKMP (0:120): no outgoing phase 2 packet to retransmit. -1661623687 QM_IDLE *Mar 3 02:11:33.730: ISAKMP (0:120): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:11:33.734: ISAKMP: set new node 1559610025 to QM_IDLE *Mar 3 02:11:33.734: ISAKMP (0:120): processing HASH payload. message ID = 1559610025 *Mar 3 02:11:33.738: ISAKMP (0:120): processing DELETE payload. message ID = 1559610025 *Mar 3 02:11:33.738: ISAKMP (0:120): peer does not do paranoid keepalives. *Mar 3 02:11:33.738: ISAKMP (0:120): deleting SA reason "P1 delete notify (in)" state (R) QM_IDLE (peer 192.168.8.223) input queue 0 *Mar 3 02:11:33.738: ISAKMP (0:120): deleting node 1559610025 error FALSE reason "informational (in) state 1" *Mar 3 02:11:33.738: ISAKMP (0:120): Input = IKE_MESG_FROM_PEER, IKE_INFO_DELETE *Mar 3 02:11:33.738: ISAKMP (0:120): Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Mar 3 02:11:33.742: ISAKMP (0:120): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Mar 3 02:11:33.742: ISAKMP (0:120): Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA *Mar 3 02:11:33.742: ISAKMP (0:120): deleting SA reason "" state (R) QM_IDLE (peer 192.168.8.223) input queue 0 *Mar 3 02:11:33.746: ISAKMP (0:120): deleting node -1661623687 error FALSE reason "" *Mar 3 02:11:33.746: ISAKMP (0:120): deleting node 1600745458 error FALSE reason "" *Mar 3 02:11:33.746: ISAKMP (0:120): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 3 02:11:33.746: ISAKMP (0:120): Old State = IKE_DEST_SA New State = IKE_DEST_SA *Mar 3 02:11:34.920: ISAKMP (0:120): received packet from 192.168.8.223 dport 500 sport 500 Global (R) MM_NO_STATE2.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: *Mar 3 02:11:36.186: ISAKMP (0:117): purging node 8503907 *Mar 3 02:11:36.190: ISAKMP (0:117): purging node 1216783669 *Mar 3 02:11:36.190: ISAKMP (0:117): purging node 66416299 *Mar 3 02:11:37.207: ISAKMP (0:0): received packet from 192.168.8.223 dport 500 sport 500 Global (N) NEW SA *Mar 3 02:11:37.207: ISAKMP: local port 500, remote port 500 *Mar 3 02:11:37.211: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 82F25044 *Mar 3 02:11:37.211: ISAKMP (0:121): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 3 02:11:37.211: ISAKMP (0:121): Old State = IKE_READY New State = IKE_R_MM1 *Mar 3 02:11:37.215: ISAKMP (0:121): processing SA payload. message ID = 0 *Mar 3 02:11:37.215: ISAKMP (0:121): processing vendor id payload *Mar 3 02:11:37.215: ISAKMP (0:121): vendor ID is DPD *Mar 3 02:11:37.215: ISAKMP (0:121): processing vendor id payload *Mar 3 02:11:37.215: ISAKMP (0:121): vendor ID seems Unity/DPD but major 69 mismatch *Mar 3 02:11:37.215: ISAKMP (0.:121): processing vendor id payload *Mar 3 02:11:37.215: ISAKMP (0:121): vendor ID seems Unity/DPD but major 157 mismatch *Mar 3 02:11:37.219: ISAKMP (0:121): vendor ID is NAT-T v3 *Mar 3 02:11:37.219: ISAKMP (0:121): processing vendor id payload *Mar 3 02:11:37.219: ISAKMP (0:121): vendor ID seems Unity/DPD but major 123 mismatch *Mar 3 02:11:37.219: ISAKMP (0:121): vendor ID is NAT-T v2 *Mar 3 02:11:37.219: ISAKMP (0:121): processing vendor id payload *Mar 3 02:11:37.219: ISAKMP (0:121): vendor ID seems Unity/DPD but major 164 mismatch *Mar 3 02:11:37.219: ISAKMP (0:121): processing vendor id payload *Mar 3 02:11:37.223: ISAKMP (0:121): vendor ID seems Unity/DPD but major 221 mismatch *Mar 3 02:11:37.223: ISAKMP: Looking for a matching key for 192.168.8.223 in default : success *Mar 3 02:11:37.223: ISAKMP (0:121): found peer pre-shared key matching 192.168.8.223 *Mar 3 02:11:37.223: ISAKMP (0:121) local preshared key found *Mar 3 02:11:37.223: ISAKMP : Scanning profiles for xauth ... *Mar 3 02:11:37.223: ISAKMP (0:121): Checking ISAKMP transform 0 against priority 1 policy *Mar 3 02:11:37.223: ISAKMP: life type in seconds *Mar 3 02:11:37.223: ISAKMP: life duration (basic) of 28800 *Mar 3 02:11:37.227: ISAKMP: encryption DES-CBC *Mar 3 02:11:37.227: ISAKMP: hash MD5 *Mar 3 02:11:37.227: ISAKMP: auth pre-share *Mar 3 02:11:37.227: ISAKMP: default group 1 *Mar 3 02:11:37.227: ISAKMP (0:121): atts are acceptable. Next payload is 3 *Mar 3 02:11:37.396: ISAKMP (0:121): processing vendor id payload *Mar 3 02:11:37.396: ISAKMP (0:121): vendor ID is DPD *Mar 3 02:11:37.396: ISAKMP (0:121): processing vendor id payload *Mar 3 02:11:37.400: ISAKMP (0:121): ven.dor ID seems Unity/DPD but major 69 mismatch *Mar 3 02:11:37.400: ISAKMP (0:121): processing vendor id payload *Mar 3 02:11:37.400: ISAKMP (0:121): vendor ID seems Unity/DPD but major 157 mismatch *Mar 3 02:11:37.400: ISAKMP (0:121): vendor ID is NAT-T v3 *Mar 3 02:11:37.400: ISAKMP (0:121): processing vendor id payload *Mar 3 02:11:37.400: ISAKMP (0:121): vendor ID seems Unity/DPD but major 123 mismatch *Mar 3 02:11:37.404: ISAKMP (0:121): vendor ID is NAT-T v2 *Mar 3 02:11:37.404: ISAKMP (0:121): processing vendor id payload *Mar 3 02:11:37.404: ISAKMP (0:121): vendor ID seems Unity/DPD but major 164 mismatch *Mar 3 02:11:37.404: ISAKMP (0:121): processing vendor id payload *Mar 3 02:11:37.404: ISAKMP (0:121): vendor ID seems Unity/DPD but major 221 mismatch *Mar 3 02:11:37.408: ISAKMP (0:121): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Mar 3 02:11:37.408: ISAKMP (0:121): Old State = IKE_R_MM1 New State = IKE_R_MM1 *Mar 3 02:11:37.412: ISAKMP (0:121): constructed NAT-T vendor-03 ID *Mar 3 02:11:37.412: ISAKMP (0:121): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) MM_SA_SETUP *Mar 3 02:11:37.416: ISAKMP (0:121): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Mar 3 02:11:37.416: ISAKMP (0:121): Old State = IKE_R_MM1 New State = IKE_R_MM2 *Mar 3 02:11:37.444: ISAKMP (0:121): received packet from 192.168.8.223 dport 500 sport 500 Global (R) MM_SA_SETUP *Mar 3 02:11:37.448: ISAKMP (0:121): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 3 02:11:37.448: ISAKMP (0:121): Old State = IKE_R_MM2 New State = IKE_R_MM3 *Mar 3 02:11:37.448: ISAKMP (0:121): processing KE payload. message ID = 0 *Mar 3 02:11:37.652: ISAKMP (0:121): processing NONCE payload. message ID .= 0 *Mar 3 02:11:37.656: ISAKMP: Looking for a matching key for 192.168.8.223 in default : success *Mar 3 02:11:37.656: ISAKMP (0:121): found peer pre-shared key matching 192.168.8.223 *Mar 3 02:11:37.660: ISAKMP (0:121): SKEYID state generated *Mar 3 02:11:37.660: ISAKMP:received payload type 17 *Mar 3 02:11:37.660: ISAKMP (0:121): Detected NAT-D payload *Mar 3 02:11:37.660: ISAKMP (0:121): NAT match MINE hash *Mar 3 02:11:37.660: ISAKMP:received payload type 17 *Mar 3 02:11:37.660: ISAKMP (0:121): Detected NAT-D payload *Mar 3 02:11:37.660: ISAKMP (0:121): NAT match HIS hash *Mar 3 02:11:37.664: ISAKMP (0:121): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Mar 3 02:11:37.664: ISAKMP (0:121): Old State = IKE_R_MM3 New State = IKE_R_MM3 *Mar 3 02:11:37.664: ISAKMP (0:121): constructed HIS NAT-D *Mar 3 02:11:37.668: ISAKMP (0:121): constructed MINE NAT-D *Mar 3 02:11:37.668: ISAKMP (0:121): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Mar 3 02:11:37.668: ISAKMP (0:121): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Mar 3 02:11:37.668: ISAKMP (0:121): Old State = IKE_R_MM3 New State = IKE_R_MM4 *Mar 3 02:11:37.712: ISAKMP (0:121): received packet from 192.168.8.223 dport 500 sport 500 Global (R) MM_KEY_EXCH *Mar 3 02:11:37.712: ISAKMP (0:121): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 3 02:11:37.716: ISAKMP (0:121): Old State = IKE_R_MM4 New State = IKE_R_MM5 *Mar 3 02:11:37.716: ISAKMP (0:121): processing ID payload. message ID = 0 *Mar 3 02:11:37.716: ISAKMP (0:121): peer matches *none* of the profiles *Mar 3 02:11:37.716: ISAKMP (0:121): processing HASH payload. message ID = 0 *Mar 3 02:11:37.720: ISAKMP (0:121): processing NOTIFY I.NITIAL_CONTACT protocol 1 spi 0, message ID = 0, sa = 82F25044 *Mar 3 02:11:37.720: ISAKMP (0:121): Process initial contact, bring down existing phase 1 and 2 SA's with local 192.168.8.254 remote 192.168.8.223 remote port 500 *Mar 3 02:11:37.720: ISAKMP (0:121): SA has been authenticated with 192.168.8.223 *Mar 3 02:11:37.724: ISAKMP (0:121): peer matches *none* of the profiles *Mar 3 02:11:37.724: ISAKMP (0:121): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Mar 3 02:11:37.724: ISAKMP (0:121): Old State = IKE_R_MM5 New State = IKE_R_MM5 *Mar 3 02:11:37.724: IPSEC(key_engine): got a queue event... *Mar 3 02:11:37.728: ISAKMP (0:121): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR *Mar 3 02:11:37.728: ISAKMP (121): ID payload next-payload : 8 type : 1 addr : 192.168.8.254 protocol : 17 port : 500 length : 8 *Mar 3 02:11:37.728: ISAKMP (121): Total payload length: 12 *Mar 3 02:11:37.732: ISAKMP (0:121): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Mar 3 02:11:37.732: ISAKMP: set new node -769584358 to QM_IDLE *Mar 3 02:11:37.736: ISAKMP (0:121): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Mar 3 02:11:37.736: ISAKMP (0:121): purging node -769584358 *Mar 3 02:11:37.740: ISAKMP: Sending phase 1 responder lifetime 3600 *Mar 3 02:11:37.740: ISAKMP (0:121): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Mar 3 02:11:37.740: ISAKMP (0:121): Old State = IKE_R_MM5 New State = IKE_P1_COMPLETE *Mar 3 02:11:37.744: ISAKMP (0:121): Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE *Mar 3 02:11:37.744: ISAKMP (0:121): Old State = IKE_P1_COMPLETE New State = IKE_. Success rate is 0 percent (0/5) Router#P1_COMPLETE *Mar 3 02:11:37.744: ISAKMP (0:121): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:11:37.744: ISAKMP: set new node -2043870740 to QM_IDLE *Mar 3 02:11:37.748: ISAKMP (0:121): processing HASH payload. message ID = -2043870740 *Mar 3 02:11:37.748: ISAKMP (0:121): processing SA payload. message ID = -2043870740 *Mar 3 02:11:37.752: ISAKMP (0:121): Checking IPSec proposal 0 *Mar 3 02:11:37.752: ISAKMP: transform 0, ESP_DES *Mar 3 02:11:37.752: ISAKMP: attributes in transform: *Mar 3 02:11:37.752: ISAKMP: encaps is 1 *Mar 3 02:11:37.752: ISAKMP: SA life type in seconds *Mar 3 02:11:37.752: ISAKMP: SA life duration (basic) of 3600 *Mar 3 02:11:37.752: ISAKMP: authenticator is HMAC-MD5 *Mar 3 02:11:37.752: ISAKMP (0:121): atts are acceptable. *Mar 3 02:11:37.756: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 192.168.8.254, remote= 192.168.8.223, local_proxy= 10.9.9.1/255.255.255.255/0/0 (type=4), remote_proxy= 10.9.9.2/255.255.255.255/0/0 (type=4), protocol= ESP, transform= esp-des esp-md5-hmac , lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Mar 3 02:11:37.756: IPSEC(kei_proxy): head = cm-cryptomap, map->ivrf = , kei->ivrf = *Mar 3 02:11:37.760: IPSEC(validate_transform_proposal): proxy identities not supported *Mar 3 02:11:37.760: ISAKMP (0:121): IPSec policy invalidated proposal *Mar 3 02:11:37.760: ISAKMP (0:121): phase 2 SA policy not acceptable! (local 192.168.8.254 remote 192.168.8.223) *Mar 3 02:11:37.760: ISAKMP: set new node -977668274 to QM_IDLE *Mar 3 02:11:37.764: ISAKMP (0:121): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) QM_IDLE *Mar 3 02:11:37.764: ISAKMP (0:121): purging node -977668274 *Mar 3 02:11:37.768: ISAKMP (0:121): Node -2043870740, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Mar 3 02:11:37.768: ISAKMP (0:121): Old State = IKE_QM_READY New State = IKE_QM_READY *Mar 3 02:11:40.741: ISAKMP (0:121): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:11:40.741: ISAKMP (0:121): phase 2 packet is a duplicate of a previous packet. *Mar 3 02:11:40.745: ISAKMP (0:121): retransmitting due to retransmit phase 2 *Mar 3 02:11:40.745: ISAKMP (0:121): retransmitting phase 2 QM_IDLE -2043870740 ... *Mar 3 02:11:40.745: ISAKMP (0:120): received packet from 192.168.8.223 dport 500 sport 500 Global (R) MM_NO_STATE *Mar 3 02:11:41.246: ISAKMP (0:121): retransmitting phase 2 QM_IDLE -2043870740 ... *Mar 3 02:11:41.246: ISAKMP (0:121): incrementing error counter on sa: retransmit phase 2 *Mar 3 02:11:41.246: ISAKMP (0:121): incrementing error counter on sa: retransmit phase 2 *Mar 3 02:11:41.246: ISAKMP (0:121): no outgoing phase 2 packet to retransmit. -2043870740 QM_IDLE *Mar 3 02:11:46.190: ISAKMP (0:117): purging SA., sa=82F291C4, delme=82F291C4 *Mar 3 02:11:46.623: ISAKMP (0:121): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:11:46.623: ISAKMP (0:121): phase 2 packet is a duplicate of a previous packet. *Mar 3 02:11:46.623: ISAKMP (0:121): retransmitting due to retransmit phase 2 *Mar 3 02:11:46.623: ISAKMP (0:121): retransmitting phase 2 QM_IDLE -2043870740 ... *Mar 3 02:11:47.120: ISAKMP (0:121): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:11:47.120: ISAKMP: set new node 815122530 to QM_IDLE *Mar 3 02:11:47.124: ISAKMP (0:121): processing HASH payload. message ID = 815122530 *Mar 3 02:11:47.124: ISAKMP (0:121): processing SA payload. message ID = 815122530 *Mar 3 02:11:47.124: ISAKMP (0:121): Checking IPSec proposal 0 *Mar 3 02:11:47.128: ISAKMP: transform 0, ESP_DES *Mar 3 02:11:47.128: ISAKMP: attributes in transform: *Mar 3 02:11:47.128: ISAKMP: encaps is 1 *Mar 3 02:11:47.128: ISAKMP: SA life type in seconds *Mar 3 02:11:47.128: ISAKMP: SA life duration (basic) of 3600 *Mar 3 02:11:47.128: ISAKMP: authenticator is HMAC-MD5 *Mar 3 02:11:47.128: ISAKMP (0:121): atts are acceptable. *Mar 3 02:11:47.132: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 192.168.8.254, remote= 192.168.8.223, local_proxy= 10.9.9.1/255.255.255.255/0/0 (type=4), remote_proxy= 10.9.9.2/255.255.255.255/0/0 (type=4), protocol= ESP, transform= esp-des esp-md5-hmac , lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Mar 3 02:11:47.132: IPSEC(kei_proxy): head = cm-cryptomap, map->ivrf = , kei->ivrf = *Mar 3 02:11:47.132: IPSEC(validate_transform_proposal): proxy identities not supported *Mar 3 02:11:47.136: ISAKMP (0:121): IPSec policy invalidated proposal *Mar 3 02:11:47.136: ISAKMP (0:121): phase 2 SA policy not acceptable! (local 192.168.8.254 remote 192.168.8.223) *Mar 3 02:11:47.136: ISAKMP: set new node -692858997 to QM_IDLE *Mar 3 02:11:47.140: ISAKMP (0:121): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) QM_IDLE *Mar 3 02:11:47.140: ISAKMP (0:121): purging node -69285 Router#8997 *Mar 3 02:11:47.140: ISAKMP (0:121): Node 815122530, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Mar 3 02:11:47.140: ISAKMP (0:121): Old State = IKE_QM_READY New State = IKE_QM_READY *Mar 3 02:11:47.144: ISAKMP (0:121): retransmitting phase 2 QM_IDLE -2043870740 ... *Mar 3 02:11:47.144: ISAKMP (0:121): incrementing error counter on sa: retransmit phase 2 *Mar 3 02:11:47.144: ISAKMP (0:121): incrementing error counter on sa: retransmit phase 2 *Mar 3 02:11:47.144: ISAKMP (0:121): no outgoing phase 2 packet to retransmit. -2043870740 QM_IDLE *Mar 3 02:11:49.592: ISAKMP (0:121): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:11:49.592: ISAKMP: set new node 757144602 to QM_IDLE *Mar 3 02:11:49.596: ISAKMP (0:121): processing HASH payload. message ID = 757144602 *Mar 3 02:11:49.596: ISAKMP (0:121): processing DELETE payload. message ID = 757144602 *Mar 3 02:11:49.596: ISAKMP (0:121): peer does not do paranoid keepal Router#ives. *Mar 3 02:11:49.596: ISAKMP (0:121): deleting SA reason "P1 delete notify (in)" state (R) QM_IDLE (peer 192.168.8.223) input queue 0 *Mar 3 02:11:49.600: ISAKMP (0:121): deleting node 757144602 error FALSE reason "informational (in) state 1" *Mar 3 02:11:49.600: ISAKMP (0:121): Input = IKE_MESG_FROM_PEER, IKE_INFO_DELETE *Mar 3 02:11:49.600: ISAKMP (0:121): Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Mar 3 02:11:49.604: ISAKMP (0:121): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Mar 3 02:11:49.604: ISAKMP (0:121): Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA *Mar 3 02:11:49.604: ISAKMP (0:121): deleting SA reason "" state (R) QM_IDLE (peer 192.168.8.223) input queue 0 *Mar 3 02:11:49.608: ISAKMP (0:121): deleting node -2043870740 error FALSE reason "" *Mar 3 02:11:49.608: ISAKMP (0:121): deleting node 815122530 error FALSE reason "" *Mar 3 02:11:49.608: ISAKMP (0:121): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 3 02:11:49.608: ISAKMP (0:121): Old State = IKE_DEST_SA New State = IKE_DEST_SA *Mar 3 02:11:50.778: ISAKMP (0:121): received packet from 192.168.8.223 dport 500 sport 500 Global (R) MM_NO_STATE *Mar 3 02:11:52.036: ISAKMP (0:118): purging node -928639282 *Mar 3 02:11:52.040: ISAKMP (0:118): purging node 145159581 *Mar 3 02:11:52.040: ISAKMP (0:118): purging node -887438825 *Mar 3 02:11:53.310: ISAKMP (0:0): received packet from 192.168.8.223 dport 500 sport 500 Global (N) NEW SA *Mar 3 02:11:53.314: ISAKMP: local port 500, remote port 500 *Mar 3 02:11:53.318: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 82EADC60 *Mar 3 02:11:53.318: ISAKMP (0:122): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 3 02:11:53.318: ISAKMP (0:122): Old State = IKE_READY New State = IKE_R_MM1 *Mar 3 02:11:53.318: ISAKMP (0:122): processing SA payload. message ID = 0 *Mar 3 02:11:53.318: ISAKMP (0:122): processing vendor id payload *Mar 3 02:11:53.322: ISAKMP (0:122): vendor ID is DPD *Mar 3 02:11:53.322: ISAKMP (0:122): processing vendor id payload *Mar 3 02:11:53.322: ISAKMP (0:122): vendor ID seems Unity/DPD but major 69 mismatch *Mar 3 02:11:53.322: ISAKMP (0:122): processing vendor id payload *Mar 3 02:11:53.322: ISAKMP (0:122): vendor ID seems Unity/DPD but major 157 mismatch *Mar 3 02:11:53.322: ISAKMP (0:122): vendor ID is NAT-T v3 *Mar 3 02:11:53.322: ISAKMP (0:122): processing vendor id payload *Mar 3 02:11:53.326: ISAKMP (0:122): vendor ID seems Unity/DPD but major 123 mismatch *Mar 3 02:11:53.326: ISAKMP (0:122): vendor ID is NAT-T v2 *Mar 3 02:11:53.326: ISAKMP (0:122): processing vendor id payload *Mar 3 02:11:53.326: ISAKMP (0:122): vendor ID seems Unity/DPD but major 164 mismatch *Mar 3 02:11:53.326: ISAKMP (0:122): processing vendor id payload *Mar 3 02:11:53.326: ISAKMP (0:122): vendor ID seems Unity/DPD but major 221 mismatch *Mar 3 02:11:53.330: ISAKMP: Looking for a matching key for 192.168.8.223 in default : success *Mar 3 02:11:53.330: ISAKMP (0:122): found peer pre-shared key matching 192.168.8.223 *Mar 3 02:11:53.330: ISAKMP (0:122) local preshared key found *Mar 3 02:11:53.330: ISAKMP : Scanning profiles for xauth ... *Mar 3 02:11:53.330: ISAKMP (0:122): Checking ISAKMP transform 0 against priority 1 policy *Mar 3 02:11:53.330: ISAKMP: life type in seconds *Mar 3 02:11:53.330: ISAKMP: life duration (basic) of 28800 *Mar 3 02:11:53.330: ISAKMP: encryption DES-CBC *Mar 3 02:11:53.330: ISAKMP: hash MD5 *Mar 3 02:11:53.334: ISAKMP: auth pre-share *Mar 3 02:11:53.334: ISAKMP: default group 1 *Mar 3 02:11:53.334: ISAKMP (0:122): atts are acceptable. Next payload is 3 *Mar 3 02:11:53.502: ISAKMP (0:122): processing vendor id payload *Mar 3 02:11:53.502: ISAKMP (0:122): vendor ID is DPD *Mar 3 02:11:53.506: ISAKMP (0:122): processing vendor id payload *Mar 3 02:11:53.506: ISAKMP (0:122): vendor ID seems Unity/DPD but major 69 mismatch *Mar 3 02:11:53.506: ISAKMP (0:122): processing vendor id payload *Mar 3 02:11:53.506: ISAKMP (0:122): vendor ID seems Unity/DPD but major 157 mismatch *Mar 3 02:11:53.506: ISAKMP (0:122): vendor ID is NAT-T v3 *Mar 3 02:11:53.506: ISAKMP (0:122): processing vendor id payload *Mar 3 02:11:53.506: ISAKMP (0:122): vendor ID seems Unity/DPD but major 123 mismatch *Mar 3 02:11:53.510: ISAKMP (0:122): vendor ID is NAT-T v2 *Mar 3 02:11:53.510: ISAKMP (0:122): processing vendor id payload *Mar 3 02:11:53.510: ISAKMP (0:122): vendor ID seems Unity/DPD but major 164 mismatch *Mar 3 02:11:53.510: ISAKMP (0:122): processing vendor id payload *Mar 3 02:11:53.510: ISAKMP (0:122): vendor ID seems Unity/DPD but major 221 mismatch *Mar 3 02:11:53.514: ISAKMP (0:122): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Mar 3 02:11:53.514: ISAKMP (0:122): Old State = IKE_R_MM1 New State = IKE_R_MM1 *Mar 3 02:11:53.514: ISAKMP (0:122): constructed NAT-T vendor-03 ID *Mar 3 02:11:53.518: ISAKMP (0:122): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) MM_SA_SETUP *Mar 3 02:11:53.518: ISAKMP (0:122): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Mar 3 02:11:53.518: ISAKMP (0:122): Old State = IKE_R_MM1 New State = IKE_R_MM2 *Mar 3 02:11:53.546: ISAKMP (0:122): received packet from 192.168.8.223 dport 500 sport 500 Global (R) MM_SA_SETUP *Mar 3 02:11:53.550: ISAKMP (0:122): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 3 02:11:53.550: ISAKMP (0:122): Old State = IKE_R_MM2 New State = IKE_R_MM3 *Mar 3 02:11:53.554: ISAKMP (0:122): processing KE payload. message ID = 0 *Mar 3 02:11:53.759: ISAKMP (0:122): processing NONCE payload. message ID = 0 *Mar 3 02:11:53.759: ISAKMP: Looking for a matching key for 192.168.8.223 in default : success *Mar 3 02:11:53.759: ISAKMP (0:122): found peer pre-shared key matching 192.168.8.223 *Mar 3 02:11:53.763: ISAKMP (0:122): SKEYID state generated *Mar 3 02:11:53.763: ISAKMP:received payload type 17 *Mar 3 02:11:53.763: ISAKMP (0:122): Detected NAT-D payload *Mar 3 02:11:53.763: ISAKMP (0:122): NAT match MINE hash *Mar 3 02:11:53.767: ISAKMP:received payload type 17 *Mar 3 02:11:53.767: ISAKMP (0:122): Detected NAT-D payload *Mar 3 02:11:53.767: ISAKMP (0:122): NAT match HIS hash *Mar 3 02:11:53.767: ISAKMP (0:122): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Mar 3 02:11:53.767: ISAKMP (0:122): Old State = IKE_R_MM3 New State = IKE_R_MM3 *Mar 3 02:11:53.783: ISAKMP (0:122): constructed HIS NAT-D *Mar 3 02:11:53.783: ISAKMP (0:122): constructed MINE NAT-D *Mar 3 02:11:53.783: ISAKMP (0:122): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Mar 3 02:11:53.783: ISAKMP (0:122): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Mar 3 02:11:53.783: ISAKMP (0:122): Old State = IKE_R_MM3 New State = IKE_R_MM4 *Mar 3 02:11:53.827: ISAKMP (0:122): received packet from 192.168.8.223 dport 500 sport 500 Global (R) MM_KEY_EXCH *Mar 3 02:11:53.831: ISAKMP (0:122): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 3 02:11:53.831: ISAKMP (0:122): Old State = IKE_R_MM4 New State = IKE_R_MM5 *Mar 3 02:11:53.831: ISAKMP (0:122): processing ID payload. message ID = 0 *Mar 3 02:11:53.831: ISAKMP (0:122): peer matches *none* of the profiles *Mar 3 02:11:53.831: ISAKMP (0:122): processing HASH payload. message ID = 0 *Mar 3 02:11:53.835: ISAKMP (0:122): processing NOTIFY INITIAL_CONTACT protocol 1 spi 0, message ID = 0, sa = 82EADC60 *Mar 3 02:11:53.835: ISAKMP (0:122): Process initial contact, bring down existing phase 1 and 2 SA's with local 192.168.8.254 remote 192.168.8.223 remote port 500 *Mar 3 02:11:53.839: ISAKMP (0:122): SA has been authenticated with 192.168.8.223 *Mar 3 02:11:53.839: ISAKMP (0:122): peer matches *none* of the profiles *Mar 3 02:11:53.839: ISAKMP (0:122): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Mar 3 02:11:53.839: ISAKMP (0:122): Old State = IKE_R_MM5 New State = IKE_R_MM5 *Mar 3 02:11:53.839: IPSEC(key_engine): got a queue event... *Mar 3 02:11:53.843: ISAKMP (0:122): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR *Mar 3 02:11:53.843: ISAKMP (122): ID payload next-payload : 8 type : 1 addr : 192.168.8.254 protocol : 17 port : 500 length : 8 *Mar 3 02:11:53.843: ISAKMP (122): Total payload length: 12 *Mar 3 02:11:53.847: ISAKMP (0:122): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Mar 3 02:11:53.847: ISAKMP: set new node -2101214774 to QM_IDLE *Mar 3 02:11:53.851: ISAKMP (0:122): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Mar 3 02:11:53.855: ISAKMP (0:122): purging node -2101214774 *Mar 3 02:11:53.855: ISAKMP: Sending phase 1 responder lifetime 3600 *Mar 3 02:11:53.855: ISAKMP (0:122): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Mar 3 02:11:53.855: ISAKMP (0:122): Old State = IKE_R_MM5 New State = IKE_P1_COMPLETE *Mar 3 02:11:53.859: ISAKMP (0:122): Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE *Mar 3 02:11:53.859: ISAKMP (0:122): Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Mar 3 02:11:53.863: ISAKMP (0:122): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:11:53.863: ISAKMP: set new node -661030293 to QM_IDLE *Mar 3 02:11:53.867: ISAKMP (0:122): processing HASH payload. message ID = -661030293 *Mar 3 02:11:53.867: ISAKMP (0:122): processing SA payload. message ID = -661030293 *Mar 3 02:11:53.867: ISAKMP (0:122): Checking IPSec proposal 0 *Mar 3 02:11:53.867: ISAKMP: transform 0, ESP_DES *Mar 3 02:11:53.867: ISAKMP: attributes in transform: *Mar 3 02:11:53.867: ISAKMP: encaps is 1 *Mar 3 02:11:53.871: ISAKMP: SA life type in seconds *Mar 3 02:11:53.871: ISAKMP: SA life duration (basic) of 3600 *Mar 3 02:11:53.871: ISAKMP: authenticator is HMAC-MD5 *Mar 3 02:11:53.871: ISAKMP (0:122): atts are acceptable. *Mar 3 02:11:53.871: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 192.168.8.254, remote= 192.168.8.223, local_proxy= 10.9.9.1/255.255.255.255/0/0 (type=4), remote_proxy= 10.9.9.2/255.255.255.255/0/0 (type=4), protocol= ESP, transform= esp-des esp-md5-hmac , lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Mar 3 02:11:53.875: IPSEC(kei_proxy): head = cm-cryptomap, map->ivrf = , kei->ivrf = *Mar 3 02:11:53.875: IPSEC(validate_transform_proposal): proxy identities not supported *Mar 3 02:11:53.875: ISAKMP (0:122): IPSec policy invalidated proposal *Mar 3 02:11:53.875: ISAKMP (0:122): phase 2 SA policy not acceptable! (local 192.168.8.254 remote 192.168.8.223) *Mar 3 02:11:53.879: ISAKMP: set new node -28754723 to QM_IDLE *Mar 3 02:11:53.879: ISAKMP (0:122): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) QM_IDLE *Mar 3 02:11:53.883: ISAKMP (0:122): purging node -28754723 *Mar 3 02:11:53.883: ISAKMP (0:122): Node -661030293, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Mar 3 02:11:53.883: ISAKMP (0:122): Old State = IKE_QM_READY New State = IKE_QM_READY *Mar 3 02:11:56.852: ISAKMP (0:122): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:11:56.852: ISAKMP (0:122): phase 2 packet is a duplicate of a previous packet. *Mar 3 02:11:56.852: ISAKMP (0:122): retransmitting due to retransmit phase 2 *Mar 3 02:11:56.852: ISAKMP (0:122): retransmitting phase 2 QM_IDLE -661030293 ... *Mar 3 02:11:56.852: ISAKMP (0:121): received packet from 192.168.8.223 dport 500 sport 500 Global (R) MM_NO_STATE *Mar 3 02:11:57.352: ISAKMP (0:122): retransmitting phase 2 QM_IDLE -661030293 ... *Mar 3 02:11:57.352: ISAKMP (0:122): incrementing error counter on sa: retransmit phase 2 *Mar 3 02:11:57.352: ISAKMP (0:122): incrementing error counter on sa: retransmit phase 2 *Mar 3 02:11:57.352: ISAKMP (0:122): no outgoing phase 2 packet to retransmit. -661030293 QM_IDLE *Mar 3 02:12:02.040: ISAKMP (0:118): purging SA., sa=8257E348, delme=8257E348 *Mar 3 02:12:02.461: ISAKMP (0:122): received packet from Router#192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:12:02.465: ISAKMP (0:122): phase 2 packet is a duplicate of a previous packet. *Mar 3 02:12:02.465: ISAKMP (0:122): retransmitting due to retransmit phase 2 *Mar 3 02:12:02.465: ISAKMP (0:122): retransmitting phase 2 QM_IDLE -661030293 ... *Mar 3 02:12:02.958: ISAKMP (0:122): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:12:02.962: ISAKMP: set new node -155509040 to QM_IDLE *Mar 3 02:12:02.962: ISAKMP (0:122): processing HASH payload. message ID = -155509040 *Mar 3 02:12:02.966: ISAKMP (0:122): processing SA payload. message ID = -155509040 *Mar 3 02:12:02.966: ISAKMP (0:122): Checking IPSec proposal 0 *Mar 3 02:12:02.966: ISAKMP: transform 0, ESP_DES *Mar 3 02:12:02.966: ISAKMP: attributes in transform: *Mar 3 02:12:02.966: ISAKMP: encaps is 1 *Mar 3 02:12:02.966: ISAKMP: SA life type in seconds *Mar 3 02:12:02.966: ISAKMP: SA life duration (basic) of 3600 *Mar 3 02:12:02.966: ISAKMP: authenticator is HMAC-MD5 *Mar 3 02:12:02.970: ISAKMP (0:122): atts are acceptable. *Mar 3 02:12:02.970: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 192.168.8.254, remote= 192.168.8.223, local_proxy= 10.9.9.1/255.255.255.255/0/0 (type=4), remote_proxy= 10.9.9.2/255.255.255.255/0/0 (type=4), protocol= ESP, transform= esp-des esp-md5-hmac , lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Mar 3 02:12:02.974: IPSEC(kei_proxy): head = cm-cryptomap, map->ivrf = , kei->ivrf = *Mar 3 02:12:02.974: IPSEC(validate_transform_proposal): proxy identities not supported *Mar 3 02:12:02.974: ISAKMP (0:122): IPSec policy invalidated proposal *Mar 3 02:12:02.974: ISAKMP (0:122): phase 2 SA policy not acceptable! (local 192.168.8.254 remote 192.168.8.223) *Mar 3 02:12:02.974: ISAKMP: set new node 1468690519 to QM_IDLE *Mar 3 02:12:02.978: ISAKMP (0:122): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) QM_IDLE *Mar 3 02:12:02.978: ISAKMP (0:122): purging node 1468690519 *Mar 3 02:12:02.982: ISAKMP (0:122): Node -155509040, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Mar 3 02:12:02.982: ISAKMP (0:122): Old State = IKE_QM_READY New State = IKE_QM_READY *Mar 3 02:12:02.982: ISAKMP (0:122): retransmitting phase 2 QM_IDLE -661030293 ... *Mar 3 02:12:02.982: ISAKMP (0:122): incrementing error counter on sa: retransmit phase 2 *Mar 3 02:12:02.982: ISAKMP (0:122): incrementing error counter on sa: retransmit phase 2 *Mar 3 02:12:02.982: ISAKMP (0:122): no outgoing phase 2 packet to retransmit. -661030293 QM_IDLE *Mar 3 02:12:05.434: ISAKMP (0:122): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:12:05.434: ISAKMP: set new node -213421432 to QM_IDLE *Mar 3 02:12:05.438: ISAKMP (0:122): processing HASH payload. message ID = -213421432 *Mar 3 02:12:05.438: ISAKMP (0:122): processing DELETE payload. message ID = -213421432 *Mar 3 02:12:05.438: ISAKMP (0:122): peer does not do paranoid keepalives. *Mar 3 02:12:05.438: ISAKMP (0:122): deleting SA reason "P1 delete notify (in)" state (R) QM_IDLE (peer 192.168.8.223) input queue 0 *Mar 3 02:12:05.438: ISAKMP (0:122): deleting node -213421432 error FALSE reason "informational (in) state 1" *Mar 3 02:12:05.438: ISAKMP (0:122): Input = IKE_MESG_FROM_PEER, IKE_INFO_DELETE *Mar 3 02:12:05.442: ISAKMP (0:122): Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Mar 3 02:12:05.442: ISAKMP (0:122): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Mar 3 02:12:05.442: ISAKMP (0:122): Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA *Mar 3 02:12:05.446: ISAKMP (0:122): deleting SA reason "" state (R) QM_IDLE (peer 192.168.8.223) input queue 0 *Mar 3 02:12:05.446: ISAKMP (0:122): deleting node -661030293 error FALSE reason "" *Mar 3 02:12:05.446: ISAKMP (0:122): deleting node -155509040 error FALSE reason "" *Mar 3 02:12:05.450: ISAKMP (0:122): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 3 02:12:05.450: ISAKMP (0:122): Old State = IKE_DEST_SA New State = IKE_DEST_SA *Mar 3 02:12:06.620: ISAKMP (0:122): received packet from 192.168.8.223 dport 500 sport 500 Global (R) MM_NO_STATE *Mar 3 02:12:07.886: ISAKMP (0:119): purging node -1831965636 *Mar 3 02:12:07.890: ISAKMP (0:119): purging node -691057653 *Mar 3 02:12:07.890: ISAKMP (0:119): purging node -1807673212 *Mar 3 02:12:08.899: ISAKMP (0:0): received packet from 192.168.8.223 dport 500 sport 500 Global (N) NEW SA *Mar 3 02:12:08.899: ISAKMP: local port 500, remote port 500 *Mar 3 02:12:08.903: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 82F291C4 *Mar 3 02:12:08.903: ISAKMP (0:123): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 3 02:12:08.903: ISAKMP (0:123): Old State = IKE_READY New State = IKE_R_MM1 *Mar 3 02:12:08.907: ISAKMP (0:123): processing SA payload. message ID = 0 *Mar 3 02:12:08.907: ISAKMP (0:123): processing vendor id payload *Mar 3 02:12:08.907: ISAKMP (0:123): vendor ID is DPD *Mar 3 02:12:08.907: ISAKMP (0:123): processing vendor id payload *Mar 3 02:12:08.907: ISAKMP (0:123): vendor ID seems Unity/DPD but major 69 mismatch *Mar 3 02:12:08.911: ISAKMP (0:123): processing vendor id payload *Mar 3 02:12:08.911: ISAKMP (0:123): vendor ID seems Unity/DPD but major 157 mismatch *Mar 3 02:12:08.911: ISAKMP (0:123): vendor ID is NAT-T v3 *Mar 3 02:12:08.911: ISAKMP (0:123): processing vendor id payload *Mar 3 02:12:08.911: ISAKMP (0:123): vendor ID seems Unity/DPD but major 123 mismatch *Mar 3 02:12:08.911: ISAKMP (0:123): vendor ID is NAT-T v2 *Mar 3 02:12:08.911: ISAKMP (0:123): processing vendor id payload *Mar 3 02:12:08.911: ISAKMP (0:123): vendor ID seems Unity/DPD but major 164 mismatch *Mar 3 02:12:08.915: ISAKMP (0:123): processing vendor id payload *Mar 3 02:12:08.915: ISAKMP (0:123): vendor ID seems Unity/DPD but major 221 mismatch *Mar 3 02:12:08.915: ISAKMP: Looking for a matching key for 192.168.8.223 in default : success *Mar 3 02:12:08.915: ISAKMP (0:123): found peer pre-shared key matching 192.168.8.223 *Mar 3 02:12:08.915: ISAKMP (0:123) local preshared key found *Mar 3 02:12:08.915: ISAKMP : Scanning profiles for xauth ... *Mar 3 02:12:08.919: ISAKMP (0:123): Checking ISAKMP transform 0 against priority 1 policy *Mar 3 02:12:08.919: ISAKMP: life type in seconds *Mar 3 02:12:08.919: ISAKMP: life duration (basic) of 28800 *Mar 3 02:12:08.919: ISAKMP: encryption DES-CBC *Mar 3 02:12:08.919: ISAKMP: hash MD5 *Mar 3 02:12:08.919: ISAKMP: auth pre-share *Mar 3 02:12:08.919: ISAKMP: default group 1 *Mar 3 02:12:08.919: ISAKMP (0:123): atts are acceptable. Next payload is 3 *Mar 3 02:12:09.088: ISAKMP (0:123): processing vendor id payload *Mar 3 02:12:09.088: ISAKMP (0:123): vendor ID is DPD *Mar 3 02:12:09.092: ISAKMP (0:123): processing vendor id payload *Mar 3 02:12:09.092: ISAKMP (0:123): vendor ID seems Unity/DPD but major 69 mismatch *Mar 3 02:12:09.092: ISAKMP (0:123): processing vendor id payload *Mar 3 02:12:09.092: ISAKMP (0:123): vendor ID seems Unity/DPD but major 157 mismatch *Mar 3 02:12:09.092: ISAKMP (0:123): vendor ID is NAT-T v3 *Mar 3 02:12:09.096: ISAKMP (0:123): processing vendor id payload *Mar 3 02:12:09.096: ISAKMP (0:123): vendor ID seems Unity/DPD but major 123 mismatch *Mar 3 02:12:09.096: ISAKMP (0:123): vendor ID is NAT-T v2 *Mar 3 02:12:09.096: ISAKMP (0:123): processing vendor id payload *Mar 3 02:12:09.096: ISAKMP (0:123): vendor ID seems Unity/DPD but major 164 mismatch *Mar 3 02:12:09.096: ISAKMP (0:123): processing vendor id payload *Mar 3 02:12:09.096: ISAKMP (0:123): vendor ID seems Unity/DPD but major 221 mismatch *Mar 3 02:12:09.100: ISAKMP (0:123): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Mar 3 02:12:09.100: ISAKMP (0:123): Old State = IKE_R_MM1 New State = IKE_R_MM1 *Mar 3 02:12:09.116: ISAKMP (0:123): constructed NAT-T vendor-03 ID *Mar 3 02:12:09.116: ISAKMP (0:123): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) MM_SA_SETUP *Mar 3 02:12:09.116: ISAKMP (0:123): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Mar 3 02:12:09.116: ISAKMP (0:123): Old State = IKE_R_MM1 New State = IKE_R_MM2 *Mar 3 02:12:09.148: ISAKMP (0:123): received packet from 192.168.8.223 dport 500 sport 500 Global (R) MM_SA_SETUP *Mar 3 02:12:09.148: ISAKMP (0:123): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 3 02:12:09.152: ISAKMP (0:123): Old State = IKE_R_MM2 New State = IKE_R_MM3 *Mar 3 02:12:09.152: ISAKMP (0:123): processing KE payload. message ID = 0 *Mar 3 02:12:09.360: ISAKMP (0:123): processing NONCE payload. message ID = 0 *Mar 3 02:12:09.360: ISAKMP: Looking for a matching key for 192.168.8.223 in default : success *Mar 3 02:12:09.360: ISAKMP (0:123): found peer pre-shared key matching 192.168.8.223 *Mar 3 02:12:09.364: ISAKMP (0:123): SKEYID state generated *Mar 3 02:12:09.364: ISAKMP:received payload type 17 *Mar 3 02:12:09.364: ISAKMP (0:123): Detected NAT-D payload *Mar 3 02:12:09.364: ISAKMP (0:123): NAT match MINE hash *Mar 3 02:12:09.364: ISAKMP:received payload type 17 *Mar 3 02:12:09.364: ISAKMP (0:123): Detected NAT-D payload *Mar 3 02:12:09.364: ISAKMP (0:123): NAT match HIS hash *Mar 3 02:12:09.368: ISAKMP (0:123): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Mar 3 02:12:09.368: ISAKMP (0:123): Old State = IKE_R_MM3 New State = IKE_R_MM3 *Mar 3 02:12:09.372: ISAKMP (0:123): constructed HIS NAT-D *Mar 3 02:12:09.372: ISAKMP (0:123): constructed MINE NAT-D *Mar 3 02:12:09.372: ISAKMP (0:123): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Mar 3 02:12:09.376: ISAKMP (0:123): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Mar 3 02:12:09.376: ISAKMP (0:123): Old State = IKE_R_MM3 New State = IKE_R_MM4 *Mar 3 02:12:09.420: ISAKMP (0:123): received packet from 192.168.8.223 dport 500 sport 500 Global (R) MM_KEY_EXCH *Mar 3 02:12:09.420: ISAKMP (0:123): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 3 02:12:09.420: ISAKMP (0:123): Old State = IKE_R_MM4 New State = IKE_R_MM5 *Mar 3 02:12:09.424: ISAKMP (0:123): processing ID payload. message ID = 0 *Mar 3 02:12:09.424: ISAKMP (0:123): peer matches *none* of the profiles *Mar 3 02:12:09.424: ISAKMP (0:123): processing HASH payload. message ID = 0 *Mar 3 02:12:09.428: ISAKMP (0:123): processing NOTIFY INITIAL_CONTACT protocol 1 spi 0, message ID = 0, sa = 82F291C4 *Mar 3 02:12:09.428: ISAKMP (0:123): Process initial contact, bring down existing phase 1 and 2 SA's with local 192.168.8.254 remote 192.168.8.223 remote port 500 *Mar 3 02:12:09.428: ISAKMP (0:123): SA has been authenticated with 192.168.8.223 *Mar 3 02:12:09.428: ISAKMP (0:123): peer matches *none* of the profiles *Mar 3 02:12:09.432: ISAKMP (0:123): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Mar 3 02:12:09.432: ISAKMP (0:123): Old State = IKE_R_MM5 New State = IKE_R_MM5 *Mar 3 02:12:09.432: IPSEC(key_engine): got a queue event... *Mar 3 02:12:09.432: ISAKMP (0:123): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR *Mar 3 02:12:09.432: ISAKMP (123): ID payload next-payload : 8 type : 1 addr : 192.168.8.254 protocol : 17 port : 500 length : 8 *Mar 3 02:12:09.436: ISAKMP (123): Total payload length: 12 *Mar 3 02:12:09.436: ISAKMP (0:123): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Mar 3 02:12:09.440: ISAKMP: set new node 969661802 to QM_IDLE *Mar 3 02:12:09.444: ISAKMP (0:123): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Mar 3 02:12:09.444: ISAKMP (0:123): purging node 969661802 *Mar 3 02:12:09.448: ISAKMP: Sending phase 1 responder lifetime 3600 *Mar 3 02:12:09.448: ISAKMP (0:123): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Mar 3 02:12:09.448: ISAKMP (0:123): Old State = IKE_R_MM5 New State = IKE_P1_COMPLETE *Mar 3 02:12:09.452: ISAKMP (0:123): Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE *Mar 3 02:12:09.452: ISAKMP (0:123): Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Mar 3 02:12:09.452: ISAKMP (0:123): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:12:09.456: ISAKMP: set new node 528461768 to QM_IDLE *Mar 3 02:12:09.456: ISAKMP (0:123): processing HASH payload. message ID = 528461768 *Mar 3 02:12:09.460: ISAKMP (0:123): processing SA payload. message ID = 528461768 *Mar 3 02:12:09.460: ISAKMP (0:123): Checking IPSec proposal 0 *Mar 3 02:12:09.460: ISAKMP: transform 0, ESP_DES *Mar 3 02:12:09.460: ISAKMP: attributes in transform: *Mar 3 02:12:09.460: ISAKMP: encaps is 1 *Mar 3 02:12:09.460: ISAKMP: SA life type in seconds *Mar 3 02:12:09.460: ISAKMP: SA life duration (basic) of 3600 *Mar 3 02:12:09.460: ISAKMP: authenticator is HMAC-MD5 *Mar 3 02:12:09.464: ISAKMP (0:123): atts are acceptable. *Mar 3 02:12:09.464: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 192.168.8.254, remote= 192.168.8.223, local_proxy= 10.9.9.1/255.255.255.255/0/0 (type=4), remote_proxy= 10.9.9.2/255.255.255.255/0/0 (type=4), protocol= ESP, transform= esp-des esp-md5-hmac , lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Mar 3 02:12:09.464: IPSEC(kei_proxy): head = cm-cryptomap, map->ivrf = , kei->ivrf = *Mar 3 02:12:09.468: IPSEC(validate_transform_proposal): proxy identities not supported *Mar 3 02:12:09.468: ISAKMP (0:123): IPSec policy invalidated proposal *Mar 3 02:12:09.468: ISAKMP (0:123): phase 2 SA policy not acceptable! (local 192.168.8.254 remote 192.168.8.223) *Mar 3 02:12:09.468: ISAKMP: set new node 631454518 to QM_IDLE *Mar 3 02:12:09.472: ISAKMP (0:123): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) QM_IDLE *Mar 3 02:12:09.472: ISAKMP (0:123): purging node 631454518 *Mar 3 02:12:09.476: ISAKMP (0:123): Node 528461768, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Mar 3 02:12:09.476: ISAKMP (0:123): Old State = IKE_QM_READY New State = IKE_QM_READY *Mar 3 02:12:12.441: ISAKMP (0:123): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:12:12.445: ISAKMP (0:123): phase 2 packet is a duplicate of a previous packet. *Mar 3 02:12:12.445: ISAKMP (0:123): retransmitting due to retransmit phase 2 *Mar 3 02:12:12.445: ISAKMP (0:123): retransmitting phase 2 QM_IDLE 528461768 ... *Mar 3 02:12:12.445: ISAKMP (0:122): received packet from 192.168.8.223 dport 500 sport 500 Global (R) MM_NO_STATE *Mar 3 02:12:12.946: ISAKMP (0:123): retransmitting phase 2 QM_IDLE 528461768 ... *Mar 3 02:12:12.946: ISAKMP (0:123): incrementing error counter on sa: retransmit phase 2 *Mar 3 02:12:12.946: ISAKMP (0:123): incrementing error counter on sa: retransmit phase 2 *Mar 3 02:12:12.946: ISAKMP (0:123): no outgoing phase 2 packet to retransmit. 528461768 QM_IDLE *Mar 3 02:12:17.890: ISAKMP (0:119): purging SA., sa=82EB5D7C, delme=82EB5D7C *Mar 3 02:12:18.323: ISAKMP (0:123): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:12:18.323: ISAKMP (0:123): phase 2 packet is a duplicate of a previous packet. *Mar 3 02:12:18.323: ISAKMP (0:123): retransmitting due to retransmit phase 2 *Mar 3 02:12:18.323: ISAKMP (0:123): retransmitting phase 2 QM_IDLE 528461768 ... *Mar 3 02:12:18.820: ISAKMP (0:123): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:12:18.820: ISAKMP: set new node -991660738 to QM_IDLE *Mar 3 02:12:18.824: ISAKMP (0:123): processing HASH payload. message ID = -991660738 *Mar 3 02:12:18.824: ISAKMP (0:123): processing SA payload. message ID = -991660738 *Mar 3 02:12:18.828: ISAKMP (0:123): Checking IPSec proposal 0 *Mar 3 02:12:18.828: ISAKMP: transform 0, ESP_DES *Mar 3 02:12:18.828: ISAKMP: attributes in transform: *Mar 3 02:12:18.828: ISAKMP: encaps is 1 *Mar 3 02:12:18.828: ISAKMP: SA life type in seconds *Mar 3 02:12:18.828: ISAKMP: SA life duration (basic) of 3600 *Mar 3 02:12:18.828: ISAKMP: authenticator is HMAC-MD5 *Mar 3 02:12:18.828: ISAKMP (0:123): atts are acceptable. *Mar 3 02:12:18.832: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 192.168.8.254, remote= 192.168.8.223, local_proxy= 10.9.9.1/255.255.255.255/0/0 (type=4), remote_proxy= 10.9.9.2/255.255.255.255/0/0 (type=4), protocol= ESP, transform= esp-des esp-md5-hmac , lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Mar 3 02:12:18.832: IPSEC(kei_proxy): head = cm-cryptomap, map->ivrf = , kei->ivrf = *Mar 3 02:12:18.836: IPSEC(validate_transform_proposal): proxy identities not supported *Mar 3 02:12:18.836: ISAKMP (0:123): IPSec policy invalidated proposal *Mar 3 02:12:18.836: ISAKMP (0:123): phase 2 SA policy not acceptable! (local 192.168.8.254 remote 192.168.8.223) *Mar 3 02:12:18.836: ISAKMP: set new node 1324398623 to QM_IDLE *Mar 3 02:12:18.840: ISAKMP (0:123): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) QM_IDLE *Mar 3 02:12:18.840: ISAKMP (0:123): purging node 1324398623 *Mar 3 02:12:18.840: ISAKMP (0:123): Node -991660738, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Mar 3 02:12:18.844: ISAKMP (0:123): Old State = IKE_QM_READY New State = IKE_QM_READY *Mar 3 02:12:18.844: ISAKMP (0:123): retransmitting phase 2 QM_IDLE 528461768 ... *Mar 3 02:12:18.844: ISAKMP (0:123): incrementing error counter on sa: retransmit phase 2 *Mar 3 02:12:18.844: ISAKMP (0:123): incrementing error counter on sa: retransmit phase 2 *Mar 3 02:12:18.844: ISAKMP (0:123): no outgoing phase 2 packet to retransmit. 528461768 QM_IDLE *Mar 3 02:12:21.292: ISAKMP (0:123): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:12:21.296: ISAKMP: set new node -1049573131 to QM_IDLE *Mar 3 02:12:21.296: ISAKMP (0:123): processing HASH payload. message ID = -1049573131 *Mar 3 02:12:21.296: ISAKMP (0:123): processing DELETE payload. message ID = -1049573131 *Mar 3 02:12:21.300: ISAKMP (0:123): peer does not do paranoid keepalives. *Mar 3 02:12:21.300: ISAKMP (0:123): deleting SA reason "P1 delete notify (in)" state (R) QM_IDLE (peer 192.168.8.223) input queue 0 *Mar 3 02:12:21.300: ISAKMP (0:123): deleting node -1049573131 error FALSE reason "informational (in) state 1" *Mar 3 02:12:21.300: ISAKMP (0:123): Input = IKE_MESG_FROM_PEER, IKE_INFO_DELETE *Mar 3 02:12:21.300: ISAKMP (0:123): Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Mar 3 02:12:21.304: ISAKMP (0:123): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Mar 3 02:12:21.304: ISAKMP (0:123): Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA *Mar 3 02:12:21.308: ISAKMP (0:123): deleting SA reason "" state (R) QM_IDLE (peer 192.168.8.223) input queue 0 *Mar 3 02:12:21.308: ISAKMP (0:123): deleting node 528461768 error FALSE reason "" *Mar 3 02:12:21.308: ISAKMP (0:123): deleting node -991660738 error FALSE reason "" *Mar 3 02:12:21.308: ISAKMP (0:123): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 3 02:12:21.312: ISAKMP (0:123): Old State = IKE_DEST_SA New State = IKE_DEST_SA *Mar 3 02:12:22.478: ISAKMP (0:123): received packet from 192.168.8.223 dport 500 sport 500 Global (R) MM_NO_STATE *Mar 3 02:12:23.740: ISAKMP (0:120): purging node 1559610025 *Mar 3 02:12:23.748: ISAKMP (0:120): purging node -1661623687 *Mar 3 02:12:23.748: ISAKMP (0:120): purging node 1600745458 *Mar 3 02:12:24.761: ISAKMP (0:0): received packet from 192.168.8.223 dport 500 sport 500 Global (N) NEW SA *Mar 3 02:12:24.761: ISAKMP: local port 500, remote port 500 *Mar 3 02:12:24.765: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 82EB5D7C *Mar 3 02:12:24.765: ISAKMP (0:124): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 3 02:12:24.765: ISAKMP (0:124): Old State = IKE_READY New State = IKE_R_MM1 *Mar 3 02:12:24.769: ISAKMP (0:124): processing SA payload. message ID = 0 *Mar 3 02:12:24.769: ISAKMP (0:124): processing vendor id payload *Mar 3 02:12:24.769: ISAKMP (0:124): vendor ID is DPD *Mar 3 02:12:24.769: ISAKMP (0:124): processing vendor id payload *Mar 3 02:12:24.769: ISAKMP (0:124): vendor ID seems Unity/DPD but major 69 mismatch *Mar 3 02:12:24.769: ISAKMP (0:124): processing vendor id payload *Mar 3 02:12:24.769: ISAKMP (0:124): vendor ID seems Unity/DPD but major 157 mismatch *Mar 3 02:12:24.773: ISAKMP (0:124): vendor ID is NAT-T v3 *Mar 3 02:12:24.773: ISAKMP (0:124): processing vendor id payload *Mar 3 02:12:24.773: ISAKMP (0:124): vendor ID seems Unity/DPD but major 123 mismatch *Mar 3 02:12:24.773: ISAKMP (0:124): vendor ID is NAT-T v2 *Mar 3 02:12:24.773: ISAKMP (0:124): processing vendor id payload *Mar 3 02:12:24.773: ISAKMP (0:124): vendor ID seems Unity/DPD but major 164 mismatch *Mar 3 02:12:24.773: ISAKMP (0:124): processing vendor id payload *Mar 3 02:12:24.777: ISAKMP (0:124): vendor ID seems Unity/DPD but major 221 mismatch *Mar 3 02:12:24.777: ISAKMP: Looking for a matching key for 192.168.8.223 in default : success *Mar 3 02:12:24.777: ISAKMP (0:124): found peer pre-shared key matching 192.168.8.223 *Mar 3 02:12:24.777: ISAKMP (0:124) local preshared key found *Mar 3 02:12:24.777: ISAKMP : Scanning profiles for xauth ... *Mar 3 02:12:24.777: ISAKMP (0:124): Checking ISAKMP transform 0 against priority 1 policy *Mar 3 02:12:24.777: ISAKMP: life type in seconds *Mar 3 02:12:24.777: ISAKMP: life duration (basic) of 28800 *Mar 3 02:12:24.781: ISAKMP: encryption DES-CBC *Mar 3 02:12:24.781: ISAKMP: hash MD5 *Mar 3 02:12:24.781: ISAKMP: auth pre-share *Mar 3 02:12:24.781: ISAKMP: default group 1 *Mar 3 02:12:24.781: ISAKMP (0:124): atts are acceptable. Next payload is 3 *Mar 3 02:12:24.950: ISAKMP (0:124): processing vendor id payload *Mar 3 02:12:24.950: ISAKMP (0:124): vendor ID is DPD *Mar 3 02:12:24.950: ISAKMP (0:124): processing vendor id payload *Mar 3 02:12:24.950: ISAKMP (0:124): vendor ID seems Unity/DPD but major 69 mismatch *Mar 3 02:12:24.950: ISAKMP (0:124): processing vendor id payload *Mar 3 02:12:24.950: ISAKMP (0:124): vendor ID seems Unity/DPD but major 157 mismatch *Mar 3 02:12:24.954: ISAKMP (0:124): vendor ID is NAT-T v3 *Mar 3 02:12:24.954: ISAKMP (0:124): processing vendor id payload *Mar 3 02:12:24.954: ISAKMP (0:124): vendor ID seems Unity/DPD but major 123 mismatch *Mar 3 02:12:24.954: ISAKMP (0:124): vendor ID is NAT-T v2 *Mar 3 02:12:24.954: ISAKMP (0:124): processing vendor id payload *Mar 3 02:12:24.954: ISAKMP (0:124): vendor ID seems Unity/DPD but major 164 mismatch *Mar 3 02:12:24.958: ISAKMP (0:124): processing vendor id payload *Mar 3 02:12:24.958: ISAKMP (0:124): vendor ID seems Unity/DPD but major 221 mismatch *Mar 3 02:12:24.958: ISAKMP (0:124): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Mar 3 02:12:24.958: ISAKMP (0:124): Old State = IKE_R_MM1 New State = IKE_R_MM1 *Mar 3 02:12:24.962: ISAKMP (0:124): constructed NAT-T vendor-03 ID *Mar 3 02:12:24.962: ISAKMP (0:124): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) MM_SA_SETUP *Mar 3 02:12:24.966: ISAKMP (0:124): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Mar 3 02:12:24.966: ISAKMP (0:124): Old State = IKE_R_MM1 New State = IKE_R_MM2 *Mar 3 02:12:24.994: ISAKMP (0:124): received packet from 192.168.8.223 dport 500 sport 500 Global (R) MM_SA_SETUP *Mar 3 02:12:24.998: ISAKMP (0:124): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 3 02:12:24.998: ISAKMP (0:124): Old State = IKE_R_MM2 New State = IKE_R_MM3 *Mar 3 02:12:24.998: ISAKMP (0:124): processing KE payload. message ID = 0 *Mar 3 02:12:25.202: ISAKMP (0:124): processing NONCE payload. message ID = 0 *Mar 3 02:12:25.202: ISAKMP: Looking for a matching key for 192.168.8.223 in default : success *Mar 3 02:12:25.202: ISAKMP (0:124): found peer pre-shared key matching 192.168.8.223 *Mar 3 02:12:25.206: ISAKMP (0:124): SKEYID state generated *Mar 3 02:12:25.206: ISAKMP:received payload type 17 *Mar 3 02:12:25.206: ISAKMP (0:124): Detected NAT-D payload *Mar 3 02:12:25.206: ISAKMP (0:124): NAT match MINE hash *Mar 3 02:12:25.206: ISAKMP:received payload type 17 *Mar 3 02:12:25.210: ISAKMP (0:124): Detected NAT-D payload *Mar 3 02:12:25.210: ISAKMP (0:124): NAT match HIS hash *Mar 3 02:12:25.210: ISAKMP (0:124): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Mar 3 02:12:25.210: ISAKMP (0:124): Old State = IKE_R_MM3 New State = IKE_R_MM3 *Mar 3 02:12:25.214: ISAKMP (0:124): constructed HIS NAT-D *Mar 3 02:12:25.214: ISAKMP (0:124): constructed MINE NAT-D *Mar 3 02:12:25.214: ISAKMP (0:124): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Mar 3 02:12:25.218: ISAKMP (0:124): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Mar 3 02:12:25.218: ISAKMP (0:124): Old State = IKE_R_MM3 New State = IKE_R_MM4 *Mar 3 02:12:25.270: ISAKMP (0:124): received packet from 192.168.8.223 dport 500 sport 500 Global (R) MM_KEY_EXCH *Mar 3 02:12:25.270: ISAKMP (0:124): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 3 02:12:25.274: ISAKMP (0:124): Old State = IKE_R_MM4 New State = IKE_R_MM5 *Mar 3 02:12:25.274: ISAKMP (0:124): processing ID payload. message ID = 0 *Mar 3 02:12:25.274: ISAKMP (0:124): peer matches *none* of the profiles *Mar 3 02:12:25.274: ISAKMP (0:124): processing HASH payload. message ID = 0 *Mar 3 02:12:25.278: ISAKMP (0:124): processing NOTIFY INITIAL_CONTACT protocol 1 spi 0, message ID = 0, sa = 82EB5D7C *Mar 3 02:12:25.278: ISAKMP (0:124): Process initial contact, bring down existing phase 1 and 2 SA's with local 192.168.8.254 remote 192.168.8.223 remote port 500 *Mar 3 02:12:25.278: ISAKMP (0:124): SA has been authenticated with 192.168.8.223 *Mar 3 02:12:25.278: ISAKMP (0:124): peer matches *none* of the profiles *Mar 3 02:12:25.282: ISAKMP (0:124): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Mar 3 02:12:25.282: ISAKMP (0:124): Old State = IKE_R_MM5 New State = IKE_R_MM5 *Mar 3 02:12:25.282: IPSEC(key_engine): got a queue event... *Mar 3 02:12:25.286: ISAKMP (0:124): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR *Mar 3 02:12:25.286: ISAKMP (124): ID payload next-payload : 8 type : 1 addr : 192.168.8.254 protocol : 17 port : 500 length : 8 *Mar 3 02:12:25.286: ISAKMP (124): Total payload length: 12 *Mar 3 02:12:25.290: ISAKMP (0:124): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Mar 3 02:12:25.290: ISAKMP: set new node -879061203 to QM_IDLE *Mar 3 02:12:25.294: ISAKMP (0:124): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Mar 3 02:12:25.294: ISAKMP (0:124): purging node -879061203 *Mar 3 02:12:25.294: ISAKMP: Sending phase 1 responder lifetime 3600 *Mar 3 02:12:25.298: ISAKMP (0:124): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Mar 3 02:12:25.298: ISAKMP (0:124): Old State = IKE_R_MM5 New State = IKE_P1_COMPLETE *Mar 3 02:12:25.302: ISAKMP (0:124): Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE *Mar 3 02:12:25.302: ISAKMP (0:124): Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Mar 3 02:12:25.302: ISAKMP (0:124): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:12:25.306: ISAKMP: set new node -408681677 to QM_IDLE *Mar 3 02:12:25.306: ISAKMP (0:124): processing HASH payload. message ID = -408681677 *Mar 3 02:12:25.310: ISAKMP (0:124): processing SA payload. message ID = -408681677 *Mar 3 02:12:25.310: ISAKMP (0:124): Checking IPSec proposal 0 *Mar 3 02:12:25.310: ISAKMP: transform 0, ESP_DES *Mar 3 02:12:25.310: ISAKMP: attributes in transform: *Mar 3 02:12:25.310: ISAKMP: encaps is 1 *Mar 3 02:12:25.310: ISAKMP: SA life type in seconds *Mar 3 02:12:25.310: ISAKMP: SA life duration (basic) of 3600 *Mar 3 02:12:25.310: ISAKMP: authenticator is HMAC-MD5 *Mar 3 02:12:25.314: ISAKMP (0:124): atts are acceptable. *Mar 3 02:12:25.314: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 192.168.8.254, remote= 192.168.8.223, local_proxy= 10.9.9.1/255.255.255.255/0/0 (type=4), remote_proxy= 10.9.9.2/255.255.255.255/0/0 (type=4), protocol= ESP, transform= esp-des esp-md5-hmac , lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Mar 3 02:12:25.314: IPSEC(kei_proxy): head = cm-cryptomap, map->ivrf = , kei->ivrf = *Mar 3 02:12:25.318: IPSEC(validate_transform_proposal): proxy identities not supported *Mar 3 02:12:25.318: ISAKMP (0:124): IPSec policy invalidated proposal *Mar 3 02:12:25.318: ISAKMP (0:124): phase 2 SA policy not acceptable! (local 192.168.8.254 remote 192.168.8.223) *Mar 3 02:12:25.318: ISAKMP: set new node 26485741 to QM_IDLE *Mar 3 02:12:25.322: ISAKMP (0:124): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) QM_IDLE *Mar 3 02:12:25.326: ISAKMP (0:124): purging node 26485741 *Mar 3 02:12:25.326: ISAKMP (0:124): Node -408681677, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Mar 3 02:12:25.326: ISAKMP (0:124): Old State = IKE_QM_READY New State = IKE_QM_READY *Mar 3 02:12:28.299: ISAKMP (0:124): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:12:28.303: ISAKMP (0:124): phase 2 packet is a duplicate of a previous packet. *Mar 3 02:12:28.303: ISAKMP (0:124): retransmitting due to retransmit phase 2 *Mar 3 02:12:28.303: ISAKMP (0:124): retransmitting phase 2 QM_IDLE -408681677 ... *Mar 3 02:12:28.303: ISAKMP (0:123): received packet from 192.168.8.223 dport 500 sport 500 Global (R) MM_NO_STATE *Mar 3 02:12:28.804: ISAKMP (0:124): retransmitting phase 2 QM_IDLE -408681677 ... *Mar 3 02:12:28.804: ISAKMP (0:124): incrementing error counter on sa: retransmit phase 2 *Mar 3 02:12:28.804: ISAKMP (0:124): incrementing error counter on sa: retransmit phase 2 *Mar 3 02:12:28.804: ISAKMP (0:124): no outgoing phase 2 packet to retransmit. -408681677 QM_IDLE *Mar 3 02:12:33.748: ISAKMP (0:120): purging SA., sa=82E61FB8, delme=82E61FB8 *Mar 3 02:12:34.165: ISAKMP (0:124): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:12:34.165: ISAKMP (0:124): phase 2 packet is a duplicate of a previous packet. *Mar 3 02:12:34.165: ISAKMP (0:124): retransmitting due to retransmit phase 2 *Mar 3 02:12:34.165: ISAKMP (0:124): retransmitting phase 2 QM_IDLE -408681677 ... *Mar 3 02:12:34.662: ISAKMP (0:124): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:12:34.662: ISAKMP: set new node -2012690006 to QM_IDLE *Mar 3 02:12:34.666: ISAKMP (0:124): processing HASH payload. message ID = -2012690006 *Mar 3 02:12:34.666: ISAKMP (0:124): processing SA payload. message ID = -2012690006 *Mar 3 02:12:34.666: ISAKMP (0:124): Checking IPSec proposal 0 *Mar 3 02:12:34.666: ISAKMP: transform 0, ESP_DES *Mar 3 02:12:34.666: ISAKMP: attributes in transform: *Mar 3 02:12:34.666: ISAKMP: encaps is 1 *Mar 3 02:12:34.666: ISAKMP: SA life type in seconds *Mar 3 02:12:34.670: ISAKMP: SA life duration (basic) of 3600 *Mar 3 02:12:34.670: ISAKMP: authenticator is HMAC-MD5 *Mar 3 02:12:34.670: ISAKMP (0:124): atts are acceptable. *Mar 3 02:12:34.670: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 192.168.8.254, remote= 192.168.8.223, local_proxy= 10.9.9.1/255.255.255.255/0/0 (type=4), remote_proxy= 10.9.9.2/255.255.255.255/0/0 (type=4), protocol= ESP, transform= esp-des esp-md5-hmac , lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Mar 3 02:12:34.674: IPSEC(kei_proxy): head = cm-cryptomap, map->ivrf = , kei->ivrf = *Mar 3 02:12:34.674: IPSEC(validate_transform_proposal): proxy identities not supported *Mar 3 02:12:34.674: ISAKMP (0:124): IPSec policy invalidated proposal *Mar 3 02:12:34.674: ISAKMP (0:124): phase 2 SA policy not acceptable! (local 192.168.8.254 remote 192.168.8.223) *Mar 3 02:12:34.678: ISAKMP: set new node -1453423816 to QM_IDLE *Mar 3 02:12:34.678: ISAKMP (0:124): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) QM_IDLE *Mar 3 02:12:34.682: ISAKMP (0:124): purging node -1453423816 *Mar 3 02:12:34.682: ISAKMP (0:124): Node -2012690006, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Mar 3 02:12:34.682: ISAKMP (0:124): Old State = IKE_QM_READY New State = IKE_QM_READY *Mar 3 02:12:34.682: ISAKMP (0:124): retransmitting phase 2 QM_IDLE -408681677 ... *Mar 3 02:12:34.682: ISAKMP (0:124): incrementing error counter on sa: retransmit phase 2 *Mar 3 02:12:34.686: ISAKMP (0:124): incrementing error counter on sa: retransmit phase 2 *Mar 3 02:12:34.686: ISAKMP (0:124): no outgoing phase 2 packet to retransmit. -408681677 QM_IDLE *Mar 3 02:12:37.134: ISAKMP (0:124): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:12:37.134: ISAKMP: set new node -2053890975 to QM_IDLE *Mar 3 02:12:37.138: ISAKMP (0:124): processing HASH payload. message ID = -2053890975 *Mar 3 02:12:37.138: ISAKMP (0:124): processing DELETE payload. message ID = -2053890975 *Mar 3 02:12:37.138: ISAKMP (0:124): peer does not do paranoid keepalives. *Mar 3 02:12:37.138: ISAKMP (0:124): deleting SA reason "P1 delete notify (in)" state (R) QM_IDLE (peer 192.168.8.223) input queue 0 *Mar 3 02:12:37.142: ISAKMP (0:124): deleting node -2053890975 error FALSE reason "informational (in) state 1" *Mar 3 02:12:37.142: ISAKMP (0:124): Input = IKE_MESG_FROM_PEER, IKE_INFO_DELETE *Mar 3 02:12:37.142: ISAKMP (0:124): Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Mar 3 02:12:37.142: ISAKMP (0:124): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Mar 3 02:12:37.146: ISAKMP (0:124): Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA *Mar 3 02:12:37.146: ISAKMP (0:124): deleting SA reason "" state (R) QM_IDLE (peer 192.168.8.223) input queue 0 *Mar 3 02:12:37.150: ISAKMP (0:124): deleting node -408681677 error FALSE reason "" *Mar 3 02:12:37.150: ISAKMP (0:124): deleting node -2012690006 error FALSE reason "" *Mar 3 02:12:37.150: ISAKMP (0:124): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 3 02:12:37.150: ISAKMP (0:124): Old State = IKE_DEST_SA New State = IKE_DEST_SA *Mar 3 02:12:38.320: ISAKMP (0:124): received packet from 192.168.8.223 dport 500 sport 500 Global (R) MM_NO_STATE *Mar 3 02:12:39.602: ISAKMP (0:121): purging node 757144602 *Mar 3 02:12:39.610: ISAKMP (0:121): purging node -2043870740 *Mar 3 02:12:39.610: ISAKMP (0:121): purging node 815122530 *Mar 3 02:12:40.599: ISAKMP (0:0): received packet from 192.168.8.223 dport 500 sport 500 Global (N) NEW SA *Mar 3 02:12:40.603: ISAKMP: local port 500, remote port 500 *Mar 3 02:12:40.607: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 82E61FB8 *Mar 3 02:12:40.607: ISAKMP (0:125): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 3 02:12:40.607: ISAKMP (0:125): Old State = IKE_READY New State = IKE_R_MM1 *Mar 3 02:12:40.607: ISAKMP (0:125): processing SA payload. message ID = 0 *Mar 3 02:12:40.607: ISAKMP (0:125): processing vendor id payload *Mar 3 02:12:40.611: ISAKMP (0:125): vendor ID is DPD *Mar 3 02:12:40.611: ISAKMP (0:125): processing vendor id payload *Mar 3 02:12:40.611: ISAKMP (0:125): vendor ID seems Unity/DPD but major 69 mismatch *Mar 3 02:12:40.611: ISAKMP (0:125): processing vendor id payload *Mar 3 02:12:40.611: ISAKMP (0:125): vendor ID seems Unity/DPD but major 157 mismatch *Mar 3 02:12:40.611: ISAKMP (0:125): vendor ID is NAT-T v3 *Mar 3 02:12:40.611: ISAKMP (0:125): processing vendor id payload *Mar 3 02:12:40.615: ISAKMP (0:125): vendor ID seems Unity/DPD but major 123 mismatch *Mar 3 02:12:40.615: ISAKMP (0:125): vendor ID is NAT-T v2 *Mar 3 02:12:40.615: ISAKMP (0:125): processing vendor id payload *Mar 3 02:12:40.615: ISAKMP (0:125): vendor ID seems Unity/DPD but major 164 mismatch *Mar 3 02:12:40.615: ISAKMP (0:125): processing vendor id payload *Mar 3 02:12:40.615: ISAKMP (0:125): vendor ID seems Unity/DPD but major 221 mismatch *Mar 3 02:12:40.615: ISAKMP: Looking for a matching key for 192.168.8.223 in default : success *Mar 3 02:12:40.619: ISAKMP (0:125): found peer pre-shared key matching 192.168.8.223 *Mar 3 02:12:40.619: ISAKMP (0:125) local preshared key found *Mar 3 02:12:40.619: ISAKMP : Scanning profiles for xauth ... *Mar 3 02:12:40.619: ISAKMP (0:125): Checking ISAKMP transform 0 against priority 1 policy *Mar 3 02:12:40.619: ISAKMP: life type in seconds *Mar 3 02:12:40.619: ISAKMP: life duration (basic) of 28800 *Mar 3 02:12:40.619: ISAKMP: encryption DES-CBC *Mar 3 02:12:40.619: ISAKMP: hash MD5 *Mar 3 02:12:40.619: ISAKMP: auth pre-share *Mar 3 02:12:40.623: ISAKMP: default group 1 *Mar 3 02:12:40.623: ISAKMP (0:125): atts are acceptable. Next payload is 3 *Mar 3 02:12:40.784: ISAKMP (0:125): processing vendor id payload *Mar 3 02:12:40.788: ISAKMP (0:125): vendor ID is DPD *Mar 3 02:12:40.788: ISAKMP (0:125): processing vendor id payload *Mar 3 02:12:40.788: ISAKMP (0:125): vendor ID seems Unity/DPD but major 69 mismatch *Mar 3 02:12:40.788: ISAKMP (0:125): processing vendor id payload *Mar 3 02:12:40.788: ISAKMP (0:125): vendor ID seems Unity/DPD but major 157 mismatch *Mar 3 02:12:40.788: ISAKMP (0:125): vendor ID is NAT-T v3 *Mar 3 02:12:40.792: ISAKMP (0:125): processing vendor id payload *Mar 3 02:12:40.792: ISAKMP (0:125): vendor ID seems Unity/DPD but major 123 mismatch *Mar 3 02:12:40.792: ISAKMP (0:125): vendor ID is NAT-T v2 *Mar 3 02:12:40.792: ISAKMP (0:125): processing vendor id payload *Mar 3 02:12:40.792: ISAKMP (0:125): vendor ID seems Unity/DPD but major 164 mismatch *Mar 3 02:12:40.792: ISAKMP (0:125): processing vendor id payload *Mar 3 02:12:40.796: ISAKMP (0:125): vendor ID seems Unity/DPD but major 221 mismatch *Mar 3 02:12:40.796: ISAKMP (0:125): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Mar 3 02:12:40.796: ISAKMP (0:125): Old State = IKE_R_MM1 New State = IKE_R_MM1 *Mar 3 02:12:40.800: ISAKMP (0:125): constructed NAT-T vendor-03 ID *Mar 3 02:12:40.800: ISAKMP (0:125): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) MM_SA_SETUP *Mar 3 02:12:40.800: ISAKMP (0:125): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Mar 3 02:12:40.800: ISAKMP (0:125): Old State = IKE_R_MM1 New State = IKE_R_MM2 *Mar 3 02:12:40.832: ISAKMP (0:125): received packet from 192.168.8.223 dport 500 sport 500 Global (R) MM_SA_SETUP *Mar 3 02:12:40.832: ISAKMP (0:125): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 3 02:12:40.832: ISAKMP (0:125): Old State = IKE_R_MM2 New State = IKE_R_MM3 *Mar 3 02:12:40.836: ISAKMP (0:125): processing KE payload. message ID = 0 *Mar 3 02:12:41.036: ISAKMP (0:125): processing NONCE payload. message ID = 0 *Mar 3 02:12:41.040: ISAKMP: Looking for a matching key for 192.168.8.223 in default : success *Mar 3 02:12:41.040: ISAKMP (0:125): found peer pre-shared key matching 192.168.8.223 *Mar 3 02:12:41.040: ISAKMP (0:125): SKEYID state generated *Mar 3 02:12:41.044: ISAKMP:received payload type 17 *Mar 3 02:12:41.044: ISAKMP (0:125): Detected NAT-D payload *Mar 3 02:12:41.044: ISAKMP (0:125): NAT match MINE hash *Mar 3 02:12:41.044: ISAKMP:received payload type 17 *Mar 3 02:12:41.044: ISAKMP (0:125): Detected NAT-D payload *Mar 3 02:12:41.044: ISAKMP (0:125): NAT match HIS hash *Mar 3 02:12:41.044: ISAKMP (0:125): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Mar 3 02:12:41.044: ISAKMP (0:125): Old State = IKE_R_MM3 New State = IKE_R_MM3 *Mar 3 02:12:41.048: ISAKMP (0:125): constructed HIS NAT-D *Mar 3 02:12:41.048: ISAKMP (0:125): constructed MINE NAT-D *Mar 3 02:12:41.048: ISAKMP (0:125): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Mar 3 02:12:41.052: ISAKMP (0:125): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Mar 3 02:12:41.052: ISAKMP (0:125): Old State = IKE_R_MM3 New State = IKE_R_MM4 *Mar 3 02:12:41.096: ISAKMP (0:125): received packet from 192.168.8.223 dport 500 sport 500 Global (R) MM_KEY_EXCH *Mar 3 02:12:41.100: ISAKMP (0:125): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 3 02:12:41.100: ISAKMP (0:125): Old State = IKE_R_MM4 New State = IKE_R_MM5 *Mar 3 02:12:41.100: ISAKMP (0:125): processing ID payload. message ID = 0 *Mar 3 02:12:41.100: ISAKMP (0:125): peer matches *none* of the profiles *Mar 3 02:12:41.104: ISAKMP (0:125): processing HASH payload. message ID = 0 *Mar 3 02:12:41.104: ISAKMP (0:125): processing NOTIFY INITIAL_CONTACT protocol 1 spi 0, message ID = 0, sa = 82E61FB8 *Mar 3 02:12:41.104: ISAKMP (0:125): Process initial contact, bring down existing phase 1 and 2 SA's with local 192.168.8.254 remote 192.168.8.223 remote port 500 *Mar 3 02:12:41.108: ISAKMP (0:125): SA has been authenticated with 192.168.8.223 *Mar 3 02:12:41.108: ISAKMP (0:125): peer matches *none* of the profiles *Mar 3 02:12:41.108: ISAKMP (0:125): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Mar 3 02:12:41.108: ISAKMP (0:125): Old State = IKE_R_MM5 New State = IKE_R_MM5 *Mar 3 02:12:41.108: IPSEC(key_engine): got a queue event... *Mar 3 02:12:41.112: ISAKMP (0:125): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR *Mar 3 02:12:41.112: ISAKMP (125): ID payload next-payload : 8 type : 1 addr : 192.168.8.254 protocol : 17 port : 500 length : 8 *Mar 3 02:12:41.112: ISAKMP (125): Total payload length: 12 *Mar 3 02:12:41.116: ISAKMP (0:125): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Mar 3 02:12:41.116: ISAKMP: set new node 1465578826 to QM_IDLE *Mar 3 02:12:41.120: ISAKMP (0:125): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Mar 3 02:12:41.124: ISAKMP (0:125): purging node 1465578826 *Mar 3 02:12:41.124: ISAKMP: Sending phase 1 responder lifetime 3600 *Mar 3 02:12:41.124: ISAKMP (0:125): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Mar 3 02:12:41.124: ISAKMP (0:125): Old State = IKE_R_MM5 New State = IKE_P1_COMPLETE *Mar 3 02:12:41.128: ISAKMP (0:125): Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE *Mar 3 02:12:41.128: ISAKMP (0:125): Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Mar 3 02:12:41.132: ISAKMP (0:125): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:12:41.132: ISAKMP: set new node -1564191073 to QM_IDLE *Mar 3 02:12:41.136: ISAKMP (0:125): processing HASH payload. message ID = -1564191073 *Mar 3 02:12:41.136: ISAKMP (0:125): processing SA payload. message ID = -1564191073 *Mar 3 02:12:41.136: ISAKMP (0:125): Checking IPSec proposal 0 *Mar 3 02:12:41.136: ISAKMP: transform 0, ESP_DES *Mar 3 02:12:41.136: ISAKMP: attributes in transform: *Mar 3 02:12:41.136: ISAKMP: encaps is 1 *Mar 3 02:12:41.136: ISAKMP: SA life type in seconds *Mar 3 02:12:41.136: ISAKMP: SA life duration (basic) of 3600 *Mar 3 02:12:41.140: ISAKMP: authenticator is HMAC-MD5 *Mar 3 02:12:41.140: ISAKMP (0:125): atts are acceptable. *Mar 3 02:12:41.140: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 192.168.8.254, remote= 192.168.8.223, local_proxy= 10.9.9.1/255.255.255.255/0/0 (type=4), remote_proxy= 10.9.9.2/255.255.255.255/0/0 (type=4), protocol= ESP, transform= esp-des esp-md5-hmac , lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Mar 3 02:12:41.144: IPSEC(kei_proxy): head = cm-cryptomap, map->ivrf = , kei->ivrf = *Mar 3 02:12:41.144: IPSEC(validate_transform_proposal): proxy identities not supported *Mar 3 02:12:41.144: ISAKMP (0:125): IPSec policy invalidated proposal *Mar 3 02:12:41.144: ISAKMP (0:125): phase 2 SA policy not acceptable! (local 192.168.8.254 remote 192.168.8.223) *Mar 3 02:12:41.148: ISAKMP: set new node -831131849 to QM_IDLE *Mar 3 02:12:41.148: ISAKMP (0:125): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) QM_IDLE *Mar 3 02:12:41.152: ISAKMP (0:125): purging node -831131849 *Mar 3 02:12:41.152: ISAKMP (0:125): Node -1564191073, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Mar 3 02:12:41.152: ISAKMP (0:125): Old State = IKE_QM_READY New State = IKE_QM_READY *Mar 3 02:12:44.125: ISAKMP (0:125): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:12:44.125: ISAKMP (0:125): phase 2 packet is a duplicate of a previous packet. *Mar 3 02:12:44.125: ISAKMP (0:125): retransmitting due to retransmit phase 2 *Mar 3 02:12:44.125: ISAKMP (0:125): retransmitting phase 2 QM_IDLE -1564191073 ... *Mar 3 02:12:44.129: ISAKMP (0:124): received packet from 192.168.8.223 dport 500 sport 500 Global (R) MM_NO_STATE *Mar 3 02:12:44.626: ISAKMP (0:125): retransmitting phase 2 QM_IDLE -1564191073 ... *Mar 3 02:12:44.626: ISAKMP (0:125): incrementing error counter on sa: retransmit phase 2 *Mar 3 02:12:44.626: ISAKMP (0:125): incrementing error counter on sa: retransmit phase 2 *Mar 3 02:12:44.626: ISAKMP (0:125): no outgoing phase 2 packet to retransmit. -1564191073 QM_IDLE *Mar 3 02:12:49.610: ISAKMP (0:121): purging SA., sa=82F25044, delme=82F25044 *Mar 3 02:12:50.003: ISAKMP (0:125): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:12:50.003: ISAKMP (0:125): phase 2 packet is a duplicate of a previous packet. *Mar 3 02:12:50.007: ISAKMP (0:125): retransmitting due to retransmit phase 2 *Mar 3 02:12:50.007: ISAKMP (0:125): retransmitting phase 2 QM_IDLE -1564191073 ... *Mar 3 02:12:50.508: ISAKMP (0:125): retransmitting phase 2 QM_IDLE -1564191073 ... *Mar 3 02:12:50.512: ISAKMP (0:125): incrementing error counter on sa: retransmit phase 2 *Mar 3 02:12:50.512: ISAKMP (0:125): incrementing error counter on sa: retransmit phase 2 *Mar 3 02:12:50.512: ISAKMP (0:125): no outgoing phase 2 packet to retransmit. -1564191073 QM_IDLE *Mar 3 02:12:50.512: ISAKMP (0:125): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:12:50.512: ISAKMP: set new node 1277959446 to QM_IDLE *Mar 3 02:12:50.516: ISAKMP (0:125): processing HASH payload. message ID = 1277959446 *Mar 3 02:12:50.516: ISAKMP (0:125): processing SA payload. message ID = 1277959446 *Mar 3 02:12:50.520: ISAKMP (0:125): Checking IPSec proposal 0 *Mar 3 02:12:50.520: ISAKMP: transform 0, ESP_DES *Mar 3 02:12:50.520: ISAKMP: attributes in transform: *Mar 3 02:12:50.520: ISAKMP: encaps is 1 *Mar 3 02:12:50.520: ISAKMP: SA life type in seconds *Mar 3 02:12:50.520: ISAKMP: SA life duration (basic) of 3600 *Mar 3 02:12:50.520: ISAKMP: authenticator is HMAC-MD5 *Mar 3 02:12:50.520: ISAKMP (0:125): atts are acceptable. *Mar 3 02:12:50.524: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 192.168.8.254, remote= 192.168.8.223, local_proxy= 10.9.9.1/255.255.255.255/0/0 (type=4), remote_proxy= 10.9.9.2/255.255.255.255/0/0 (type=4), protocol= ESP, transform= esp-des esp-md5-hmac , lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Mar 3 02:12:50.524: IPSEC(kei_proxy): head = cm-cryptomap, map->ivrf = , kei->ivrf = *Mar 3 02:12:50.528: IPSEC(validate_transform_proposal): proxy identities not supported *Mar 3 02:12:50.528: ISAKMP (0:125): IPSec policy invalidated proposal *Mar 3 02:12:50.528: ISAKMP (0:125): phase 2 SA policy not acceptable! (local 192.168.8.254 remote 192.168.8.223) *Mar 3 02:12:50.528: ISAKMP: set new node 239957553 to QM_IDLE *Mar 3 02:12:50.532: ISAKMP (0:125): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) QM_IDLE *Mar 3 02:12:50.532: ISAKMP (0:125): purging node 239957553 *Mar 3 02:12:50.532: ISAKMP (0:125): Node 1277959446, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Mar 3 02:12:50.536: ISAKMP (0:125): Old State = IKE_QM_READY New State = IKE_QM_READY *Mar 3 02:12:52.976: ISAKMP (0:125): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:12:52.976: ISAKMP: set new node 1236824269 to QM_IDLE *Mar 3 02:12:52.980: ISAKMP (0:125): processing HASH payload. message ID = 1236824269 *Mar 3 02:12:52.980: ISAKMP (0:125): processing DELETE payload. message ID = 1236824269 *Mar 3 02:12:52.980: ISAKMP (0:125): peer does not do paranoid keepalives. *Mar 3 02:12:52.980: ISAKMP (0:125): deleting SA reason "P1 delete notify (in)" state (R) QM_IDLE (peer 192.168.8.223) input queue 0 *Mar 3 02:12:52.980: ISAKMP (0:125): deleting node 1236824269 error FALSE reason "informational (in) state 1" *Mar 3 02:12:52.980: ISAKMP (0:125): Input = IKE_MESG_FROM_PEER, IKE_INFO_DELETE *Mar 3 02:12:52.984: ISAKMP (0:125): Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Mar 3 02:12:52.984: ISAKMP (0:125): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Mar 3 02:12:52.984: ISAKMP (0:125): Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA *Mar 3 02:12:52.988: ISAKMP (0:125): deleting SA reason "" state (R) QM_IDLE (peer 192.168.8.223) input queue 0 *Mar 3 02:12:52.988: ISAKMP (0:125): deleting node -1564191073 error FALSE reason "" *Mar 3 02:12:52.992: ISAKMP (0:125): deleting node 1277959446 error FALSE reason "" *Mar 3 02:12:52.992: ISAKMP (0:125): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 3 02:12:52.992: ISAKMP (0:125): Old State = IKE_DEST_SA New State = IKE_DEST_SA *Mar 3 02:12:54.162: ISAKMP (0:125): received packet from 192.168.8.223 dport 500 sport 500 Global (R) MM_NO_STATE *Mar 3 02:12:55.440: ISAKMP (0:122): purging node -213421432 *Mar 3 02:12:55.448: ISAKMP (0:122): purging node -661030293 *Mar 3 02:12:55.452: ISAKMP (0:122): purging node -155509040 *Mar 3 02:12:56.441: ISAKMP (0:0): received packet from 192.168.8.223 dport 500 sport 500 Global (N) NEW SA *Mar 3 02:12:56.445: ISAKMP: local port 500, remote port 500 *Mar 3 02:12:56.445: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 82F25044 *Mar 3 02:12:56.449: ISAKMP (0:126): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 3 02:12:56.449: ISAKMP (0:126): Old State = IKE_READY New State = IKE_R_MM1 *Mar 3 02:12:56.449: ISAKMP (0:126): processing SA payload. message ID = 0 *Mar 3 02:12:56.449: ISAKMP (0:126): processing vendor id payload *Mar 3 02:12:56.449: ISAKMP (0:126): vendor ID is DPD *Mar 3 02:12:56.453: ISAKMP (0:126): processing vendor id payload *Mar 3 02:12:56.453: ISAKMP (0:126): vendor ID seems Unity/DPD but major 69 mismatch *Mar 3 02:12:56.453: ISAKMP (0:126): processing vendor id payload *Mar 3 02:12:56.453: ISAKMP (0:126): vendor ID seems Unity/DPD but major 157 mismatch *Mar 3 02:12:56.453: ISAKMP (0:126): vendor ID is NAT-T v3 *Mar 3 02:12:56.453: ISAKMP (0:126): processing vendor id payload *Mar 3 02:12:56.453: ISAKMP (0:126): vendor ID seems Unity/DPD but major 123 mismatch *Mar 3 02:12:56.457: ISAKMP (0:126): vendor ID is NAT-T v2 *Mar 3 02:12:56.457: ISAKMP (0:126): processing vendor id payload *Mar 3 02:12:56.457: ISAKMP (0:126): vendor ID seems Unity/DPD but major 164 mismatch *Mar 3 02:12:56.457: ISAKMP (0:126): processing vendor id payload *Mar 3 02:12:56.457: ISAKMP (0:126): vendor ID seems Unity/DPD but major 221 mismatch *Mar 3 02:12:56.457: ISAKMP: Looking for a matching key for 192.168.8.223 in default : success *Mar 3 02:12:56.457: ISAKMP (0:126): found peer pre-shared key matching 192.168.8.223 *Mar 3 02:12:56.461: ISAKMP (0:126) local preshared key found *Mar 3 02:12:56.461: ISAKMP : Scanning profiles for xauth ... *Mar 3 02:12:56.461: ISAKMP (0:126): Checking ISAKMP transform 0 against priority 1 policy *Mar 3 02:12:56.461: ISAKMP: life type in seconds *Mar 3 02:12:56.461: ISAKMP: life duration (basic) of 28800 *Mar 3 02:12:56.461: ISAKMP: encryption DES-CBC *Mar 3 02:12:56.461: ISAKMP: hash MD5 *Mar 3 02:12:56.461: ISAKMP: auth pre-share *Mar 3 02:12:56.461: ISAKMP: default group 1 *Mar 3 02:12:56.465: ISAKMP (0:126): atts are acceptable. Next payload is 3 *Mar 3 02:12:56.634: ISAKMP (0:126): processing vendor id payload *Mar 3 02:12:56.634: ISAKMP (0:126): vendor ID is DPD *Mar 3 02:12:56.634: ISAKMP (0:126): processing vendor id payload *Mar 3 02:12:56.638: ISAKMP (0:126): vendor ID seems Unity/DPD but major 69 mismatch *Mar 3 02:12:56.638: ISAKMP (0:126): processing vendor id payload *Mar 3 02:12:56.638: ISAKMP (0:126): vendor ID seems Unity/DPD but major 157 mismatch *Mar 3 02:12:56.638: ISAKMP (0:126): vendor ID is NAT-T v3 *Mar 3 02:12:56.638: ISAKMP (0:126): processing vendor id payload *Mar 3 02:12:56.638: ISAKMP (0:126): vendor ID seems Unity/DPD but major 123 mismatch *Mar 3 02:12:56.642: ISAKMP (0:126): vendor ID is NAT-T v2 *Mar 3 02:12:56.642: ISAKMP (0:126): processing vendor id payload *Mar 3 02:12:56.642: ISAKMP (0:126): vendor ID seems Unity/DPD but major 164 mismatch *Mar 3 02:12:56.642: ISAKMP (0:126): processing vendor id payload *Mar 3 02:12:56.642: ISAKMP (0:126): vendor ID seems Unity/DPD but major 221 mismatch *Mar 3 02:12:56.642: ISAKMP (0:126): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Mar 3 02:12:56.646: ISAKMP (0:126): Old State = IKE_R_MM1 New State = IKE_R_MM1 *Mar 3 02:12:56.658: ISAKMP (0:126): constructed NAT-T vendor-03 ID *Mar 3 02:12:56.658: ISAKMP (0:126): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) MM_SA_SETUP *Mar 3 02:12:56.658: ISAKMP (0:126): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Mar 3 02:12:56.662: ISAKMP (0:126): Old State = IKE_R_MM1 New State = IKE_R_MM2 *Mar 3 02:12:56.690: ISAKMP (0:126): received packet from 192.168.8.223 dport 500 sport 500 Global (R) MM_SA_SETUP *Mar 3 02:12:56.694: ISAKMP (0:126): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 3 02:12:56.694: ISAKMP (0:126): Old State = IKE_R_MM2 New State = IKE_R_MM3 *Mar 3 02:12:56.694: ISAKMP (0:126): processing KE payload. message ID = 0 *Mar 3 02:12:56.902: ISAKMP (0:126): processing NONCE payload. message ID = 0 *Mar 3 02:12:56.906: ISAKMP: Looking for a matching key for 192.168.8.223 in default : success *Mar 3 02:12:56.906: ISAKMP (0:126): found peer pre-shared key matching 192.168.8.223 *Mar 3 02:12:56.910: ISAKMP (0:126): SKEYID state generated *Mar 3 02:12:56.910: ISAKMP:received payload type 17 *Mar 3 02:12:56.910: ISAKMP (0:126): Detected NAT-D payload *Mar 3 02:12:56.910: ISAKMP (0:126): NAT match MINE hash *Mar 3 02:12:56.910: ISAKMP:received payload type 17 *Mar 3 02:12:56.910: ISAKMP (0:126): Detected NAT-D payload *Mar 3 02:12:56.910: ISAKMP (0:126): NAT match HIS hash *Mar 3 02:12:56.910: ISAKMP (0:126): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Mar 3 02:12:56.914: ISAKMP (0:126): Old State = IKE_R_MM3 New State = IKE_R_MM3 *Mar 3 02:12:56.914: ISAKMP (0:126): constructed HIS NAT-D *Mar 3 02:12:56.918: ISAKMP (0:126): constructed MINE NAT-D *Mar 3 02:12:56.918: ISAKMP (0:126): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Mar 3 02:12:56.918: ISAKMP (0:126): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Mar 3 02:12:56.918: ISAKMP (0:126): Old State = IKE_R_MM3 New State = IKE_R_MM4 *Mar 3 02:12:56.962: ISAKMP (0:126): received packet from 192.168.8.223 dport 500 sport 500 Global (R) MM_KEY_EXCH *Mar 3 02:12:56.966: ISAKMP (0:126): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 3 02:12:56.966: ISAKMP (0:126): Old State = IKE_R_MM4 New State = IKE_R_MM5 *Mar 3 02:12:56.966: ISAKMP (0:126): processing ID payload. message ID = 0 *Mar 3 02:12:56.970: ISAKMP (0:126): peer matches *none* of the profiles *Mar 3 02:12:56.970: ISAKMP (0:126): processing HASH payload. message ID = 0 *Mar 3 02:12:56.970: ISAKMP (0:126): processing NOTIFY INITIAL_CONTACT protocol 1 spi 0, message ID = 0, sa = 82F25044 *Mar 3 02:12:56.970: ISAKMP (0:126): Process initial contact, bring down existing phase 1 and 2 SA's with local 192.168.8.254 remote 192.168.8.223 remote port 500 *Mar 3 02:12:56.974: ISAKMP (0:126): SA has been authenticated with 192.168.8.223 *Mar 3 02:12:56.974: ISAKMP (0:126): peer matches *none* of the profiles *Mar 3 02:12:56.974: ISAKMP (0:126): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE *Mar 3 02:12:56.974: ISAKMP (0:126): Old State = IKE_R_MM5 New State = IKE_R_MM5 *Mar 3 02:12:56.974: IPSEC(key_engine): got a queue event... *Mar 3 02:12:56.978: ISAKMP (0:126): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR *Mar 3 02:12:56.978: ISAKMP (126): ID payload next-payload : 8 type : 1 addr : 192.168.8.254 protocol : 17 port : 500 length : 8 *Mar 3 02:12:56.978: ISAKMP (126): Total payload length: 12 *Mar 3 02:12:56.982: ISAKMP (0:126): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Mar 3 02:12:56.982: ISAKMP: set new node -1448127118 to QM_IDLE *Mar 3 02:12:56.986: ISAKMP (0:126): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) MM_KEY_EXCH *Mar 3 02:12:56.990: ISAKMP (0:126): purging node -1448127118 *Mar 3 02:12:56.990: ISAKMP: Sending phase 1 responder lifetime 3600 *Mar 3 02:12:56.990: ISAKMP (0:126): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE *Mar 3 02:12:56.990: ISAKMP (0:126): Old State = IKE_R_MM5 New State = IKE_P1_COMPLETE *Mar 3 02:12:56.994: ISAKMP (0:126): Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE *Mar 3 02:12:56.994: ISAKMP (0:126): Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Mar 3 02:12:56.998: ISAKMP (0:126): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:12:56.998: ISAKMP: set new node 1978707469 to QM_IDLE *Mar 3 02:12:57.002: ISAKMP (0:126): processing HASH payload. message ID = 1978707469 *Mar 3 02:12:57.002: ISAKMP (0:126): processing SA payload. message ID = 1978707469 *Mar 3 02:12:57.002: ISAKMP (0:126): Checking IPSec proposal 0 *Mar 3 02:12:57.002: ISAKMP: transform 0, ESP_DES *Mar 3 02:12:57.002: ISAKMP: attributes in transform: *Mar 3 02:12:57.002: ISAKMP: encaps is 1 *Mar 3 02:12:57.002: ISAKMP: SA life type in seconds *Mar 3 02:12:57.006: ISAKMP: SA life duration (basic) of 3600 *Mar 3 02:12:57.006: ISAKMP: authenticator is HMAC-MD5 *Mar 3 02:12:57.006: ISAKMP (0:126): atts are acceptable. *Mar 3 02:12:57.006: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 192.168.8.254, remote= 192.168.8.223, local_proxy= 10.9.9.1/255.255.255.255/0/0 (type=4), remote_proxy= 10.9.9.2/255.255.255.255/0/0 (type=4), protocol= ESP, transform= esp-des esp-md5-hmac , lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Mar 3 02:12:57.010: IPSEC(kei_proxy): head = cm-cryptomap, map->ivrf = , kei->ivrf = *Mar 3 02:12:57.010: IPSEC(validate_transform_proposal): proxy identities not supported *Mar 3 02:12:57.010: ISAKMP (0:126): IPSec policy invalidated proposal *Mar 3 02:12:57.010: ISAKMP (0:126): phase 2 SA policy not acceptable! (local 192.168.8.254 remote 192.168.8.223) *Mar 3 02:12:57.014: ISAKMP: set new node 2079367989 to QM_IDLE *Mar 3 02:12:57.018: ISAKMP (0:126): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) QM_IDLE *Mar 3 02:12:57.018: ISAKMP (0:126): purging node 2079367989 *Mar 3 02:12:57.018: ISAKMP (0:126): Node 1978707469, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Mar 3 02:12:57.018: ISAKMP (0:126): Old State = IKE_QM_READY New State = IKE_QM_READY *Mar 3 02:12:59.983: ISAKMP (0:126): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:12:59.987: ISAKMP (0:126): phase 2 packet is a duplicate of a previous packet. *Mar 3 02:12:59.987: ISAKMP (0:126): retransmitting due to retransmit phase 2 *Mar 3 02:12:59.987: ISAKMP (0:126): retransmitting phase 2 QM_IDLE 1978707469 ... *Mar 3 02:12:59.987: ISAKMP (0:125): received packet from 192.168.8.223 dport 500 sport 500 Global (R) MM_NO_STATE *Mar 3 02:13:00.488: ISAKMP (0:126): retransmitting phase 2 QM_IDLE 1978707469 ... *Mar 3 02:13:00.488: ISAKMP (0:126): incrementing error counter on sa: retransmit phase 2 *Mar 3 02:13:00.488: ISAKMP (0:126): incrementing error counter on sa: retransmit phase 2 *Mar 3 02:13:00.488: ISAKMP (0:126): no outgoing phase 2 packet to retransmit. 1978707469 QM_IDLE *Mar 3 02:13:05.452: ISAKMP (0:122): purging SA., sa=82EADC60, delme=82EADC60 *Mar 3 02:13:05.865: ISAKMP (0:126): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:13:05.865: ISAKMP (0:126): phase 2 packet is a duplicate of a previous packet. *Mar 3 02:13:05.865: ISAKMP (0:126): retransmitting due to retransmit phase 2 *Mar 3 02:13:05.865: ISAKMP (0:126): retransmitting phase 2 QM_IDLE 1978707469 ... *Mar 3 02:13:06.362: ISAKMP (0:126): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:13:06.362: ISAKMP: set new node 458650756 to QM_IDLE *Mar 3 02:13:06.366: ISAKMP (0:126): processing HASH payload. message ID = 458650756 *Mar 3 02:13:06.366: ISAKMP (0:126): processing SA payload. message ID = 458650756 *Mar 3 02:13:06.366: ISAKMP (0:126): Checking IPSec proposal 0 *Mar 3 02:13:06.370: ISAKMP: transform 0, ESP_DES *Mar 3 02:13:06.370: ISAKMP: attributes in transform: *Mar 3 02:13:06.370: ISAKMP: encaps is 1 *Mar 3 02:13:06.370: ISAKMP: SA life type in seconds *Mar 3 02:13:06.370: ISAKMP: SA life duration (basic) of 3600 *Mar 3 02:13:06.370: ISAKMP: authenticator is HMAC-MD5 *Mar 3 02:13:06.370: ISAKMP (0:126): atts are acceptable. *Mar 3 02:13:06.374: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 192.168.8.254, remote= 192.168.8.223, local_proxy= 10.9.9.1/255.255.255.255/0/0 (type=4), remote_proxy= 10.9.9.2/255.255.255.255/0/0 (type=4), protocol= ESP, transform= esp-des esp-md5-hmac , lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 *Mar 3 02:13:06.374: IPSEC(kei_proxy): head = cm-cryptomap, map->ivrf = , kei->ivrf = *Mar 3 02:13:06.374: IPSEC(validate_transform_proposal): proxy identities not supported *Mar 3 02:13:06.378: ISAKMP (0:126): IPSec policy invalidated proposal *Mar 3 02:13:06.378: ISAKMP (0:126): phase 2 SA policy not acceptable! (local 192.168.8.254 remote 192.168.8.223) *Mar 3 02:13:06.378: ISAKMP: set new node 351245094 to QM_IDLE *Mar 3 02:13:06.382: ISAKMP (0:126): sending packet to 192.168.8.223 my_port 500 peer_port 500 (R) QM_IDLE *Mar 3 02:13:06.382: ISAKMP (0:126): purging node 351245094 *Mar 3 02:13:06.382: ISAKMP (0:126): Node 458650756, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Mar 3 02:13:06.382: ISAKMP (0:126): Old State = IKE_QM_READY New State = IKE_QM_READY *Mar 3 02:13:06.386: ISAKMP (0:126): retransmitting phase 2 QM_IDLE 1978707469 ... *Mar 3 02:13:06.386: ISAKMP (0:126): incrementing error counter on sa: retransmit phase 2 *Mar 3 02:13:06.386: ISAKMP (0:126): incrementing error counter on sa: retransmit phase 2 *Mar 3 02:13:06.386: ISAKMP (0:126): no outgoing phase 2 packet to retransmit. 1978707469 QM_IDLE *Mar 3 02:13:08.834: ISAKMP (0:126): received packet from 192.168.8.223 dport 500 sport 500 Global (R) QM_IDLE *Mar 3 02:13:08.834: ISAKMP: set new node 417515579 to QM_IDLE *Mar 3 02:13:08.838: ISAKMP (0:126): processing HASH payload. message ID = 417515579 *Mar 3 02:13:08.838: ISAKMP (0:126): processing DELETE payload. message ID = 417515579 *Mar 3 02:13:08.838: ISAKMP (0:126): peer does not do paranoid keepalives. *Mar 3 02:13:08.842: ISAKMP (0:126): deleting SA reason "P1 delete notify (in)" state (R) QM_IDLE (peer 192.168.8.223) input queue 0 *Mar 3 02:13:08.842: ISAKMP (0:126): deleting node 417515579 error FALSE reason "informational (in) state 1" *Mar 3 02:13:08.842: ISAKMP (0:126): Input = IKE_MESG_FROM_PEER, IKE_INFO_DELETE *Mar 3 02:13:08.842: ISAKMP (0:126): Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Mar 3 02:13:08.846: ISAKMP (0:126): Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Mar 3 02:13:08.846: ISAKMP (0:126): Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA *Mar 3 02:13:08.846: ISAKMP (0:126): deleting SA reason "" state (R) QM_IDLE (peer 192.168.8.223) input queue 0 *Mar 3 02:13:08.850: ISAKMP (0:126): deleting node 1978707469 error FALSE reason "" *Mar 3 02:13:08.850: ISAKMP (0:126): deleting node 458650756 error FALSE reason "" *Mar 3 02:13:08.850: ISAKMP (0:126): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 3 02:13:08.850: ISAKMP (0:126): Old State = IKE_DEST_SA New State = IKE_DEST_SA *Mar 3 02:13:10.020: ISAKMP (0:126): received packet from 192.168.8.223 dport 500 sport 500 Global (R) MM_NO_STATE *Mar 3 02:13:11.302: ISAKMP (0:123): purging node -1049573131 *Mar 3 02:13:11.310: ISAKMP (0:123): purging node 528461768 *Mar 3 02:13:11.310: ISAKMP (0:123): purging node -991660738 *Mar 3 02:13:12.303: ISAKMP (0:0): received packet from 192.168.8.223 dport 500 sport 500 Global (N) NEW SA *Mar 3 02:13:12.303: ISAKMP: local port 500, remote port 500 *Mar 3 02:13:12.307: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 82EADAA8 *Mar 3 02:13:12.307: ISAKMP (0:127): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 3 02:13:12.307: ISAKMP (0:127): Old State = IKE_READY New State = IKE_R_MM1 *Mar 3 02:13:12.307: ISAKMP (0:127): processing SA payload. message ID = 0 *Mar 3 02:13:12.311: ISAKMP (0:127): processing vendor id payload *Mar 3 02:13:12.311: ISAKMP (0:127): vendor ID is DPD *Mar 3 02:13:12.311: ISAKMP (0:127): processing vendor id payload *Mar 3 02:13:12.311: ISAKMP (0:127): vendor ID seems Unity/DPD but major 69 mismatch *Mar 3 02:13:12.311: ISAKMP (0:127): processing vendor id payload *Mar 3 02:13:12.311: ISAKMP (0:127): vendor ID seems Unity/DPD but major 157 mismatch *Mar 3 02:13:12.311: ISAKMP (0:127): vendor ID is NAT-T v3 *Mar 3 02:13:12.315: ISAKMP (0:127): processing vendor id payload *Mar 3 02:13:12.315: ISAKMP (0:127): vendor ID seems Unity/DPD but major 123 mismatch *Mar 3 02:13:12.315: ISAKMP (0:127): vendor ID is NAT-T v2 *Mar 3 02:13:12.315: ISAKMP (0:127): processing vendor id payload *Mar 3 02:13:12.315: ISAKMP (0:127): vendor ID seems Unity/DPD but major 164 mismatch *Mar 3 02:13:12.315: ISAKMP (0:127): processing vendor id payload *Mar 3 02:13:12.315: ISAKMP (0:127): vendor ID seems Unity/DPD but major 221 mismatch *Mar 3 02:13:12.319: ISAKMP: Looking for a matching key for 192.168.8.223 in default : success *Mar 3 02:13:12.319: ISAKMP (0:127): found peer pre-shared key matching 192.168.8.223 *Mar 3 02:13:12.319: ISAKMP (0:127) local preshared key found *Mar 3 02:13:12.319: ISAKMP : Scanning profiles for xauth ... *Mar 3 02:13:12.319: ISAKMP (0:127): Checking ISAKMP transform 0 against priority 1 policy *Mar 3 02:13:12.319: ISAKMP: life type in seconds *Mar 3 02:13:12.319: ISAKMP: life duration (basic) of 28800 *Mar 3 02:13:12.319: ISAKMP: encryption DES-CBC *Mar 3 02:13:12.323: ISAKMP: hash MD5 *Mar 3 02:13:12.323: ISAKMP: auth pre-share *Mar 3 02:13:12.323: ISAKMP: