This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

L2TP/IPSec Windows 7 - Error 789

Dear all,

we have a strange issue using L2TP/IPsec with Windows 7 and UTM 9.

Trying to connect using Certificates results in Error 789.
Additional following Errors are logged in Security Eventlog:

Event 4976

During Main Mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation.

Local Network Address: IP of Client
Remote Network Address: IP of Gateway
Keying Module Name: IKEv1

Event 4652

An IPsec Main Mode negotiation failed.

Local Endpoint:
   Principal Name:  Name of Client
    Network Address: IP of Client
    Keying Module Port: 4500
Local Certificate:
   SHA Thumbprint: xyz
    Issuing CA:  CA of UTM
    Root CA:  dn of CA
Remote Endpoint:
   Principal Name: -
    Network Address: IP of Gateway
    Keying Module Port: 4500

Remote Certificate:
   SHA thumbprint:  -
    Issuing CA:  -
    Root CA:  -

Additional Information:
   Keying Module Name: IKEv1
    Authentication Method: Certificate
    Role:   Initiator
    Impersonation State: Not enabled
    Main Mode Filter ID: 69620

Failure Information:
   Failure Point:  Local Computer
    Failure Reason:  new policy invalidated sas formed with old policy    State:   Sent third (ID-) Payload
    Initiator Cookie:  %21
    Responder Cookie: %22

The strange thing is when we are switching the Interface to an internal interface and use certificates and connect over the local network it works without any Problem.

Also connecting with L2TP/IPsec using PSK is working fine over WAN.

I hope someone of you can help.

Kind regards,

Andreas

This thread was automatically locked due to age.

Parents

0 Andreas_HP over 11 years ago

Hi BAlfson,

thanks for your help.
I asked our Internet Provider. They state that all traffice is passed through to our Firewall.

It only affects L2TP/IPsec using certificates. L2TP/IPsec with PSK is working. So I guess everything is okay with Routers and Firewalls.

On Client side i think i have tried everything already. Disabled Firewall, disabled anti-Virus, remove any 3rd Party Software, etc, etc.

Here is the log file (Debug enabled)

2014:03:20-10:29:52 fw pluto[30454]: | *received 492 bytes from 80.226.0.2:42826 on eth1
2014:03:20-10:29:52 fw pluto[30454]: | **parse ISAKMP Message:
2014:03:20-10:29:52 fw pluto[30454]: | initiator cookie:
2014:03:20-10:29:52 fw pluto[30454]: | a0 22 e4 75 e8 58 4f cf
2014:03:20-10:29:52 fw pluto[30454]: | responder cookie:
2014:03:20-10:29:52 fw pluto[30454]: | 00 00 00 00 00 00 00 00
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_SA
2014:03:20-10:29:52 fw pluto[30454]: | ISAKMP version: ISAKMP Version 1.0
2014:03:20-10:29:52 fw pluto[30454]: | exchange type: ISAKMP_XCHG_IDPROT
2014:03:20-10:29:52 fw pluto[30454]: | flags: none
2014:03:20-10:29:52 fw pluto[30454]: | message ID: 00 00 00 00
2014:03:20-10:29:52 fw pluto[30454]: | length: 492
2014:03:20-10:29:52 fw pluto[30454]: | ***parse ISAKMP Security Association Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_VID
2014:03:20-10:29:52 fw pluto[30454]: | length: 320
2014:03:20-10:29:52 fw pluto[30454]: | DOI: ISAKMP_DOI_IPSEC
2014:03:20-10:29:52 fw pluto[30454]: | ***parse ISAKMP Vendor ID Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_VID
2014:03:20-10:29:52 fw pluto[30454]: | length: 24
2014:03:20-10:29:52 fw pluto[30454]: | ***parse ISAKMP Vendor ID Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_VID
2014:03:20-10:29:52 fw pluto[30454]: | length: 20
2014:03:20-10:29:52 fw pluto[30454]: | ***parse ISAKMP Vendor ID Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_VID
2014:03:20-10:29:52 fw pluto[30454]: | length: 20
2014:03:20-10:29:52 fw pluto[30454]: | ***parse ISAKMP Vendor ID Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_VID
2014:03:20-10:29:52 fw pluto[30454]: | length: 20
2014:03:20-10:29:52 fw pluto[30454]: | ***parse ISAKMP Vendor ID Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_VID
2014:03:20-10:29:52 fw pluto[30454]: | length: 20
2014:03:20-10:29:52 fw pluto[30454]: | ***parse ISAKMP Vendor ID Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_VID
2014:03:20-10:29:52 fw pluto[30454]: | length: 20
2014:03:20-10:29:52 fw pluto[30454]: | ***parse ISAKMP Vendor ID Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NONE
2014:03:20-10:29:52 fw pluto[30454]: | length: 20
2014:03:20-10:29:52 fw pluto[30454]: packet from 80.226.0.2:42826: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
2014:03:20-10:29:52 fw pluto[30454]: packet from 80.226.0.2:42826: received Vendor ID payload [RFC 3947]
2014:03:20-10:29:52 fw pluto[30454]: packet from 80.226.0.2:42826: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2014:03:20-10:29:52 fw pluto[30454]: packet from 80.226.0.2:42826: ignoring Vendor ID payload [FRAGMENTATION]
2014:03:20-10:29:52 fw pluto[30454]: packet from 80.226.0.2:42826: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
2014:03:20-10:29:52 fw pluto[30454]: packet from 80.226.0.2:42826: ignoring Vendor ID payload [Vid-Initial-Contact]
2014:03:20-10:29:52 fw pluto[30454]: packet from 80.226.0.2:42826: ignoring Vendor ID payload [IKE CGA version 1]
2014:03:20-10:29:52 fw pluto[30454]: | ****parse IPsec DOI SIT:
2014:03:20-10:29:52 fw pluto[30454]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
2014:03:20-10:29:52 fw pluto[30454]: | ****parse ISAKMP Proposal Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NONE
2014:03:20-10:29:52 fw pluto[30454]: | length: 308
2014:03:20-10:29:52 fw pluto[30454]: | proposal number: 1
2014:03:20-10:29:52 fw pluto[30454]: | protocol ID: PROTO_ISAKMP
2014:03:20-10:29:52 fw pluto[30454]: | SPI size: 0
2014:03:20-10:29:52 fw pluto[30454]: | number of transforms: 8
2014:03:20-10:29:52 fw pluto[30454]: | *****parse ISAKMP Transform Payload (ISAKMP):
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_T
2014:03:20-10:29:52 fw pluto[30454]: | length: 40
2014:03:20-10:29:52 fw pluto[30454]: | transform number: 1
2014:03:20-10:29:52 fw pluto[30454]: | transform ID: KEY_IKE
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 7
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_KEY_LENGTH
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 256
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_HASH_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 2
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_GROUP_DESCRIPTION
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 20
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 3
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_TYPE
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_DURATION (variable length)
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 4
2014:03:20-10:29:52 fw pluto[30454]: | *****parse ISAKMP Transform Payload (ISAKMP):
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_T
2014:03:20-10:29:52 fw pluto[30454]: | length: 40
2014:03:20-10:29:52 fw pluto[30454]: | transform number: 2
2014:03:20-10:29:52 fw pluto[30454]: | transform ID: KEY_IKE
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 7
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_KEY_LENGTH
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 128
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_HASH_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 2
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_GROUP_DESCRIPTION
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 19
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 3
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_TYPE
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_DURATION (variable length)
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 4
2014:03:20-10:29:52 fw pluto[30454]: | *****parse ISAKMP Transform Payload (ISAKMP):
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_T
2014:03:20-10:29:52 fw pluto[30454]: | length: 40
2014:03:20-10:29:52 fw pluto[30454]: | transform number: 3
2014:03:20-10:29:52 fw pluto[30454]: | transform ID: KEY_IKE
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 7
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_KEY_LENGTH
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 256
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_HASH_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 2
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_GROUP_DESCRIPTION
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 14
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 3
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_TYPE
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_DURATION (variable length)
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 4
2014:03:20-10:29:52 fw pluto[30454]: | *****parse ISAKMP Transform Payload (ISAKMP):
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_T
2014:03:20-10:29:52 fw pluto[30454]: | length: 36
2014:03:20-10:29:52 fw pluto[30454]: | transform number: 4
2014:03:20-10:29:52 fw pluto[30454]: | transform ID: KEY_IKE
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 5
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_HASH_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 2
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_GROUP_DESCRIPTION
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 14
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 3
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_TYPE
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_DURATION (variable length)
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 4
2014:03:20-10:29:52 fw pluto[30454]: | *****parse ISAKMP Transform Payload (ISAKMP):
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_T
2014:03:20-10:29:52 fw pluto[30454]: | length: 36
2014:03:20-10:29:52 fw pluto[30454]: | transform number: 5
2014:03:20-10:29:52 fw pluto[30454]: | transform ID: KEY_IKE
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 5
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_HASH_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 2
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_GROUP_DESCRIPTION
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 2
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 3
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_TYPE
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_DURATION (variable length)
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 4
2014:03:20-10:29:52 fw pluto[30454]: | *****parse ISAKMP Transform Payload (ISAKMP):
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_T
2014:03:20-10:29:52 fw pluto[30454]: | length: 36
2014:03:20-10:29:52 fw pluto[30454]: | transform number: 6
2014:03:20-10:29:52 fw pluto[30454]: | transform ID: KEY_IKE
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 5
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_HASH_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_GROUP_DESCRIPTION
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 2
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 3
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_TYPE
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_DURATION (variable length)
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 4
2014:03:20-10:29:52 fw pluto[30454]: | *****parse ISAKMP Transform Payload (ISAKMP):
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_T
2014:03:20-10:29:52 fw pluto[30454]: | length: 36
2014:03:20-10:29:52 fw pluto[30454]: | transform number: 7
2014:03:20-10:29:52 fw pluto[30454]: | transform ID: KEY_IKE
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_HASH_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 2
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_GROUP_DESCRIPTION
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 3
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_TYPE
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_DURATION (variable length)
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 4
2014:03:20-10:29:52 fw pluto[30454]: | *****parse ISAKMP Transform Payload (ISAKMP):
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NONE
2014:03:20-10:29:52 fw pluto[30454]: | length: 36
2014:03:20-10:29:52 fw pluto[30454]: | transform number: 8
2014:03:20-10:29:52 fw pluto[30454]: | transform ID: KEY_IKE
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_HASH_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_GROUP_DESCRIPTION
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 3
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_TYPE
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_DURATION (variable length)
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 4
2014:03:20-10:29:52 fw pluto[30454]: | preparse_isakmp_policy: peer requests PUBKEY authentication
2014:03:20-10:29:52 fw pluto[30454]: "L_for sophos"[143] 80.226.0.2:42826 #14878: responding to Main Mode from unknown peer 80.226.0.2:42826
2014:03:20-10:29:52 fw pluto[30454]: | **emit ISAKMP Message:
2014:03:20-10:29:52 fw pluto[30454]: | initiator cookie:
2014:03:20-10:29:52 fw pluto[30454]: | a0 22 e4 75 e8 58 4f cf
2014:03:20-10:29:52 fw pluto[30454]: | responder cookie:
2014:03:20-10:29:52 fw pluto[30454]: | e4 a6 8f 83 2f 7c a1 d8
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_SA
2014:03:20-10:29:52 fw pluto[30454]: | ISAKMP version: ISAKMP Version 1.0
2014:03:20-10:29:52 fw pluto[30454]: | exchange type: ISAKMP_XCHG_IDPROT
2014:03:20-10:29:52 fw pluto[30454]: | flags: none
2014:03:20-10:29:52 fw pluto[30454]: | message ID: 00 00 00 00
2014:03:20-10:29:52 fw pluto[30454]: | ***emit ISAKMP Security Association Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_VID
2014:03:20-10:29:52 fw pluto[30454]: | DOI: ISAKMP_DOI_IPSEC
2014:03:20-10:29:52 fw pluto[30454]: | *****parse ISAKMP Transform Payload (ISAKMP):
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_T
2014:03:20-10:29:52 fw pluto[30454]: | length: 40
2014:03:20-10:29:52 fw pluto[30454]: | transform number: 1
2014:03:20-10:29:52 fw pluto[30454]: | transform ID: KEY_IKE
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 7
2014:03:20-10:29:52 fw pluto[30454]: | [7 is AES_CBC]
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_KEY_LENGTH
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 256
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_HASH_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 2
2014:03:20-10:29:52 fw pluto[30454]: | [2 is HMAC_SHA1]
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_GROUP_DESCRIPTION
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 20
2014:03:20-10:29:52 fw pluto[30454]: | [20 is ECP_384]
2014:03:20-10:29:52 fw pluto[30454]: "L_for sophos"[143] 80.226.0.2:42826 #14878: ECP_384 is not supported. Attribute OAKLEY_GROUP_DESCRIPTION
2014:03:20-10:29:52 fw pluto[30454]: | *****parse ISAKMP Transform Payload (ISAKMP):
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_T
2014:03:20-10:29:52 fw pluto[30454]: | length: 40
2014:03:20-10:29:52 fw pluto[30454]: | transform number: 2
2014:03:20-10:29:52 fw pluto[30454]: | transform ID: KEY_IKE
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 7
2014:03:20-10:29:52 fw pluto[30454]: | [7 is AES_CBC]
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_KEY_LENGTH
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 128
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_HASH_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 2
2014:03:20-10:29:52 fw pluto[30454]: | [2 is HMAC_SHA1]
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_GROUP_DESCRIPTION
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 19
2014:03:20-10:29:52 fw pluto[30454]: | [19 is ECP_256]
2014:03:20-10:29:52 fw pluto[30454]: "L_for sophos"[143] 80.226.0.2:42826 #14878: ECP_256 is not supported. Attribute OAKLEY_GROUP_DESCRIPTION
2014:03:20-10:29:52 fw pluto[30454]: | *****parse ISAKMP Transform Payload (ISAKMP):
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_T
2014:03:20-10:29:52 fw pluto[30454]: | length: 40
2014:03:20-10:29:52 fw pluto[30454]: | transform number: 3
2014:03:20-10:29:52 fw pluto[30454]: | transform ID: KEY_IKE
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 7
2014:03:20-10:29:52 fw pluto[30454]: | [7 is AES_CBC]
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_KEY_LENGTH
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 256
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_HASH_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 2
2014:03:20-10:29:52 fw pluto[30454]: | [2 is HMAC_SHA1]
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_GROUP_DESCRIPTION
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 14
2014:03:20-10:29:52 fw pluto[30454]: | [14 is MODP_2048]
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 3
2014:03:20-10:29:52 fw pluto[30454]: | [3 is RSA signature]
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_TYPE
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | [1 is OAKLEY_LIFE_SECONDS]
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_DURATION (variable length)
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 4
2014:03:20-10:29:52 fw pluto[30454]: | long duration: 28800
2014:03:20-10:29:52 fw pluto[30454]: | Oakley Transform 3 accepted
2014:03:20-10:29:52 fw pluto[30454]: | ****emit IPsec DOI SIT:
2014:03:20-10:29:52 fw pluto[30454]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
2014:03:20-10:29:52 fw pluto[30454]: | ****emit ISAKMP Proposal Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NONE
2014:03:20-10:29:52 fw pluto[30454]: | proposal number: 1
2014:03:20-10:29:52 fw pluto[30454]: | protocol ID: PROTO_ISAKMP
2014:03:20-10:29:52 fw pluto[30454]: | SPI size: 0
2014:03:20-10:29:52 fw pluto[30454]: | number of transforms: 1
2014:03:20-10:29:52 fw pluto[30454]: | *****emit ISAKMP Transform Payload (ISAKMP):
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NONE
2014:03:20-10:29:52 fw pluto[30454]: | transform number: 3
2014:03:20-10:29:52 fw pluto[30454]: | transform ID: KEY_IKE
2014:03:20-10:29:52 fw pluto[30454]: | emitting 32 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP)
2014:03:20-10:29:52 fw pluto[30454]: | attributes 80 01 00 07 80 0e 01 00 80 02 00 02 80 04 00 0e
2014:03:20-10:29:52 fw pluto[30454]: | 80 03 00 03 80 0b 00 01 00 0c 00 04 00 00 70 80
2014:03:20-10:29:52 fw pluto[30454]: | emitting length of ISAKMP Transform Payload (ISAKMP): 40
2014:03:20-10:29:52 fw pluto[30454]: | emitting length of ISAKMP Proposal Payload: 48
2014:03:20-10:29:52 fw pluto[30454]: | emitting length of ISAKMP Security Association Payload: 60
2014:03:20-10:29:52 fw pluto[30454]: | out_vendorid(): sending [strongSwan]
2014:03:20-10:29:52 fw pluto[30454]: | ***emit ISAKMP Vendor ID Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_VID
2014:03:20-10:29:52 fw pluto[30454]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
2014:03:20-10:29:52 fw pluto[30454]: | V_ID 88 2f e5 6d 6f d2 0d bc 22 51 61 3b 2e be 5b eb
2014:03:20-10:29:52 fw pluto[30454]: | emitting length of ISAKMP Vendor ID Payload: 20
2014:03:20-10:29:52 fw pluto[30454]: | out_vendorid(): sending [Cisco-Unity]
2014:03:20-10:29:52 fw pluto[30454]: | ***emit ISAKMP Vendor ID Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_VID
2014:03:20-10:29:52 fw pluto[30454]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
2014:03:20-10:29:52 fw pluto[30454]: | V_ID 12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 74 cc 01 00
2014:03:20-10:29:52 fw pluto[30454]: | emitting length of ISAKMP Vendor ID Payload: 20
2014:03:20-10:29:52 fw pluto[30454]: | out_vendorid(): sending [XAUTH]
2014:03:20-10:29:52 fw pluto[30454]: | ***emit ISAKMP Vendor ID Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_VID
2014:03:20-10:29:52 fw pluto[30454]: | emitting 8 raw bytes of V_ID into ISAKMP Vendor ID Payload
2014:03:20-10:29:52 fw pluto[30454]: | V_ID 09 00 26 89 df d6 b7 12
2014:03:20-10:29:52 fw pluto[30454]: | emitting length of ISAKMP Vendor ID Payload: 12
2014:03:20-10:29:52 fw pluto[30454]: | out_vendorid(): sending [Dead Peer Detection]
2014:03:20-10:29:52 fw pluto[30454]: | ***emit ISAKMP Vendor ID Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_VID
2014:03:20-10:29:52 fw pluto[30454]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
2014:03:20-10:29:52 fw pluto[30454]: | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
2014:03:20-10:29:52 fw pluto[30454]: | emitting length of ISAKMP Vendor ID Payload: 20
2014:03:20-10:29:52 fw pluto[30454]: | out_vendorid(): sending [RFC 3947]
2014:03:20-10:29:52 fw pluto[30454]: | ***emit ISAKMP Vendor ID Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NONE
2014:03:20-10:29:52 fw pluto[30454]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
2014:03:20-10:29:52 fw pluto[30454]: | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
2014:03:20-10:29:52 fw pluto[30454]: | emitting length of ISAKMP Vendor ID Payload: 20
2014:03:20-10:29:52 fw pluto[30454]: | emitting length of ISAKMP Message: 180
2014:03:20-10:29:52 fw pluto[30454]: |
2014:03:20-10:29:52 fw pluto[30454]: | *received 388 bytes from 80.226.0.2:42826 on eth1
2014:03:20-10:29:52 fw pluto[30454]: | **parse ISAKMP Message:
2014:03:20-10:29:52 fw pluto[30454]: | initiator cookie:
2014:03:20-10:29:52 fw pluto[30454]: | a0 22 e4 75 e8 58 4f cf
2014:03:20-10:29:52 fw pluto[30454]: | responder cookie:
2014:03:20-10:29:52 fw pluto[30454]: | e4 a6 8f 83 2f 7c a1 d8
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_KE
2014:03:20-10:29:52 fw pluto[30454]: | ISAKMP version: ISAKMP Version 1.0
2014:03:20-10:29:52 fw pluto[30454]: | exchange type: ISAKMP_XCHG_IDPROT
2014:03:20-10:29:52 fw pluto[30454]: | flags: none
2014:03:20-10:29:52 fw pluto[30454]: | message ID: 00 00 00 00
2014:03:20-10:29:52 fw pluto[30454]: | length: 388
2014:03:20-10:29:52 fw pluto[30454]: | ***parse ISAKMP Key Exchange Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NONCE
2014:03:20-10:29:52 fw pluto[30454]: | length: 260
2014:03:20-10:29:52 fw pluto[30454]: | ***parse ISAKMP Nonce Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NAT-D
2014:03:20-10:29:52 fw pluto[30454]: | length: 52
2014:03:20-10:29:52 fw pluto[30454]: | ***parse ISAKMP NAT-D Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NAT-D
2014:03:20-10:29:52 fw pluto[30454]: | length: 24
2014:03:20-10:29:52 fw pluto[30454]: | ***parse ISAKMP NAT-D Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NONE
2014:03:20-10:29:52 fw pluto[30454]: | length: 24
2014:03:20-10:29:52 fw pluto[30454]: | **emit ISAKMP Message:
2014:03:20-10:29:52 fw pluto[30454]: | initiator cookie:
2014:03:20-10:29:52 fw pluto[30454]: | a0 22 e4 75 e8 58 4f cf
2014:03:20-10:29:52 fw pluto[30454]: | responder cookie:
2014:03:20-10:29:52 fw pluto[30454]: | e4 a6 8f 83 2f 7c a1 d8
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_KE
2014:03:20-10:29:52 fw pluto[30454]: | ISAKMP version: ISAKMP Version 1.0
2014:03:20-10:29:52 fw pluto[30454]: | exchange type: ISAKMP_XCHG_IDPROT
2014:03:20-10:29:52 fw pluto[30454]: | flags: none
2014:03:20-10:29:52 fw pluto[30454]: | message ID: 00 00 00 00
2014:03:20-10:29:52 fw pluto[30454]: "L_for sophos"[143] 80.226.0.2:42826 #14878: NAT-Traversal: Result using RFC 3947: peer is NATed
2014:03:20-10:29:52 fw pluto[30454]: | size of DH secret exponent: 2047 bits
2014:03:20-10:29:52 fw pluto[30454]: | ***emit ISAKMP Key Exchange Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NONCE
2014:03:20-10:29:52 fw pluto[30454]: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload
2014:03:20-10:29:52 fw pluto[30454]: | keyex value 5c 43 52 a9 47 00 b0 ab 56 63 7f 10 35 c9 27 ac
2014:03:20-10:29:52 fw pluto[30454]: | a2 37 7f 1a 8e e8 9f a4 e3 1c 9c dc 19 24 f4 7a
2014:03:20-10:29:52 fw pluto[30454]: | 6f 56 ee 52 b2 16 61 76 40 d7 31 7c f9 e5 f8 29
2014:03:20-10:29:52 fw pluto[30454]: | 53 bb a3 d7 78 d8 a2 12 1d e3 5e bb 36 2f 68 42
2014:03:20-10:29:52 fw pluto[30454]: | 6a eb e9 53 0c fc 65 3f 1e db 84 21 e3 b4 2b ae
2014:03:20-10:29:52 fw pluto[30454]: | 20 55 f4 92 b6 e2 0e b1 55 bd 00 1a 51 bf 5a e9
2014:03:20-10:29:52 fw pluto[30454]: | 4b ea 5d 10 51 74 5d ce 2d b9 4f 5e 7a bb f8 f4
2014:03:20-10:29:52 fw pluto[30454]: | 43 6d b4 62 03 8e ec 4a 5d 26 74 e9 bd b2 a3 c5
2014:03:20-10:29:52 fw pluto[30454]: | 9c fe 0a 2b a7 a1 d1 b7 97 d7 de c7 f5 ae 52 a2
2014:03:20-10:29:52 fw pluto[30454]: | 41 55 f4 51 ff 49 5c 2f 48 59 51 c0 0a 56 ac 4d
2014:03:20-10:29:52 fw pluto[30454]: | 17 fb 65 2a 25 fe 0d c0 ba 6c 34 a1 d5 ce 4c 79
2014:03:20-10:29:52 fw pluto[30454]: | ee bb 60 a4 28 92 fe 87 c0 ee d6 90 81 04 5f 35
2014:03:20-10:29:52 fw pluto[30454]: | 07 de 1d c0 8e 5d b8 42 05 2c e8 9e 0c d2 41 d4
2014:03:20-10:29:52 fw pluto[30454]: | cd b7 63 bb 07 35 ab 58 2e df 5f 27 42 6f 90 d9
2014:03:20-10:29:52 fw pluto[30454]: | ea fe 6a 24 d0 bc 4b 51 d0 cc a2 f8 13 6a 26 b4
2014:03:20-10:29:52 fw pluto[30454]: | 6e b8 a6 ed d9 02 70 5d 33 0a 68 0c 63 78 c4 88
2014:03:20-10:29:52 fw pluto[30454]: | emitting length of ISAKMP Key Exchange Payload: 260
2014:03:20-10:29:52 fw pluto[30454]: | ***emit ISAKMP Nonce Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NAT-D
2014:03:20-10:29:52 fw pluto[30454]: | emitting 16 raw bytes of Nr into ISAKMP Nonce Payload
2014:03:20-10:29:52 fw pluto[30454]: | Nr 71 14 a7 e8 cd c4 f8 59 da ea 1d 3b b3 06 34 e2
2014:03:20-10:29:52 fw pluto[30454]: | emitting length of ISAKMP Nonce Payload: 20
2014:03:20-10:29:52 fw pluto[30454]: | sending NATD payloads
2014:03:20-10:29:52 fw pluto[30454]: | ***emit ISAKMP NAT-D Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NAT-D
2014:03:20-10:29:52 fw pluto[30454]: | emitting 20 raw bytes of NAT-D into ISAKMP NAT-D Payload
2014:03:20-10:29:52 fw pluto[30454]: | NAT-D dc e0 fe 0b fa 71 ef f1 79 64 f8 03 00 df 04 87
2014:03:20-10:29:52 fw pluto[30454]: | 42 a4 51 d5
2014:03:20-10:29:52 fw pluto[30454]: | emitting length of ISAKMP NAT-D Payload: 24
2014:03:20-10:29:52 fw pluto[30454]: | ***emit ISAKMP NAT-D Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NONE
2014:03:20-10:29:52 fw pluto[30454]: | emitting 20 raw bytes of NAT-D into ISAKMP NAT-D Payload
2014:03:20-10:29:52 fw pluto[30454]: | NAT-D b9 48 45 95 d1 aa 13 b9 f9 93 e5 8d 96 05 00 d5
2014:03:20-10:29:52 fw pluto[30454]: | ec 57 32 3b
2014:03:20-10:29:52 fw pluto[30454]: | emitting length of ISAKMP NAT-D Payload: 24
2014:03:20-10:29:52 fw pluto[30454]: | emitting length of ISAKMP Message: 356
2014:03:20-10:29:54 fw pluto[30454]: |
2014:03:20-10:29:54 fw pluto[30454]: | *received 92 bytes from 80.238.229.176:500 on eth1
2014:03:20-10:29:54 fw pluto[30454]: | **parse ISAKMP Message:
2014:03:20-10:29:54 fw pluto[30454]: | initiator cookie:
2014:03:20-10:29:54 fw pluto[30454]: | fb 90 f7 5b c6 d3 c9 ed
2014:03:20-10:29:54 fw pluto[30454]: | responder cookie:
2014:03:20-10:29:54 fw pluto[30454]: | 0e 58 aa 14 a7 51 4b a2
2014:03:20-10:29:54 fw pluto[30454]: | next payload type: ISAKMP_NEXT_HASH
2014:03:20-10:29:54 fw pluto[30454]: | ISAKMP version: ISAKMP Version 1.0
2014:03:20-10:29:54 fw pluto[30454]: | exchange type: ISAKMP_XCHG_INFO
2014:03:20-10:29:54 fw pluto[30454]: | flags: ISAKMP_FLAG_ENCRYPTION
2014:03:20-10:29:54 fw pluto[30454]: | message ID: 8b b7 5a ad
2014:03:20-10:29:54 fw pluto[30454]: | length: 92
2014:03:20-10:29:54 fw pluto[30454]: | ***parse ISAKMP Hash Payload:
2014:03:20-10:29:54 fw pluto[30454]: | next payload type: ISAKMP_NEXT_N
2014:03:20-10:29:54 fw pluto[30454]: | length: 20
2014:03:20-10:29:54 fw pluto[30454]: | ***parse ISAKMP Notification Payload:
2014:03:20-10:29:54 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NONE
2014:03:20-10:29:54 fw pluto[30454]: | length: 32
2014:03:20-10:29:54 fw pluto[30454]: | DOI: ISAKMP_DOI_IPSEC
2014:03:20-10:29:54 fw pluto[30454]: | protocol ID: 1
2014:03:20-10:29:54 fw pluto[30454]: | SPI size: 16
2014:03:20-10:29:54 fw pluto[30454]: | Notify Message Type: R_U_THERE
2014:03:20-10:29:54 fw pluto[30454]: | removing 12 bytes of padding
2014:03:20-10:29:54 fw pluto[30454]: | info: fb 90 f7 5b c6 d3 c9 ed 0e 58 aa 14 a7 51 4b a2
2014:03:20-10:29:54 fw pluto[30454]: | 00 00 42 3f
2014:03:20-10:29:54 fw pluto[30454]: | **emit ISAKMP Message:
2014:03:20-10:29:54 fw pluto[30454]: | initiator cookie:
2014:03:20-10:29:54 fw pluto[30454]: | fb 90 f7 5b c6 d3 c9 ed
2014:03:20-10:29:54 fw pluto[30454]: | responder cookie:
2014:03:20-10:29:54 fw pluto[30454]: | 0e 58 aa 14 a7 51 4b a2
2014:03:20-10:29:54 fw pluto[30454]: | next payload type: ISAKMP_NEXT_HASH
2014:03:20-10:29:54 fw pluto[30454]: | ISAKMP version: ISAKMP Version 1.0
2014:03:20-10:29:54 fw pluto[30454]: | exchange type: ISAKMP_XCHG_INFO
2014:03:20-10:29:54 fw pluto[30454]: | flags: ISAKMP_FLAG_ENCRYPTION
2014:03:20-10:29:54 fw pluto[30454]: | message ID: 53 88 95 6f
2014:03:20-10:29:54 fw pluto[30454]: | ***emit ISAKMP Hash Payload:
2014:03:20-10:29:54 fw pluto[30454]: | next payload type: ISAKMP_NEXT_N
2014:03:20-10:29:54 fw pluto[30454]: | emitting 16 zero bytes of HASH into ISAKMP Hash Payload
2014:03:20-10:29:54 fw pluto[30454]: | emitting length of ISAKMP Hash Payload: 20
2014:03:20-10:29:54 fw pluto[30454]: | ***emit ISAKMP Notification Payload:
2014:03:20-10:29:54 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NONE
2014:03:20-10:29:54 fw pluto[30454]: | DOI: ISAKMP_DOI_IPSEC
2014:03:20-10:29:54 fw pluto[30454]: | protocol ID: 1
2014:03:20-10:29:54 fw pluto[30454]: | SPI size: 16
2014:03:20-10:29:54 fw pluto[30454]: | Notify Message Type: R_U_THERE_ACK
2014:03:20-10:29:54 fw pluto[30454]: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload
2014:03:20-10:29:54 fw pluto[30454]: | notify icookie fb 90 f7 5b c6 d3 c9 ed
2014:03:20-10:29:54 fw pluto[30454]: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload
2014:03:20-10:29:54 fw pluto[30454]: | notify rcookie 0e 58 aa 14 a7 51 4b a2
2014:03:20-10:29:54 fw pluto[30454]: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload
2014:03:20-10:29:54 fw pluto[30454]: | notify data 00 00 42 3f
2014:03:20-10:29:54 fw pluto[30454]: | emitting length of ISAKMP Notification Payload: 32
2014:03:20-10:29:54 fw pluto[30454]: | emitting 12 zero bytes of encryption padding into ISAKMP Message
2014:03:20-10:29:54 fw pluto[30454]: | emitting length of ISAKMP Message: 92

Debug is enabled, because there is also a Support call open at sophos. But at the Moment they also have no clue.

I have no idea if the Problem is on utm or Client side.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Andreas_HP over 11 years ago

Hi BAlfson,

thanks for your help.
I asked our Internet Provider. They state that all traffice is passed through to our Firewall.

It only affects L2TP/IPsec using certificates. L2TP/IPsec with PSK is working. So I guess everything is okay with Routers and Firewalls.

On Client side i think i have tried everything already. Disabled Firewall, disabled anti-Virus, remove any 3rd Party Software, etc, etc.

Here is the log file (Debug enabled)

2014:03:20-10:29:52 fw pluto[30454]: | *received 492 bytes from 80.226.0.2:42826 on eth1
2014:03:20-10:29:52 fw pluto[30454]: | **parse ISAKMP Message:
2014:03:20-10:29:52 fw pluto[30454]: | initiator cookie:
2014:03:20-10:29:52 fw pluto[30454]: | a0 22 e4 75 e8 58 4f cf
2014:03:20-10:29:52 fw pluto[30454]: | responder cookie:
2014:03:20-10:29:52 fw pluto[30454]: | 00 00 00 00 00 00 00 00
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_SA
2014:03:20-10:29:52 fw pluto[30454]: | ISAKMP version: ISAKMP Version 1.0
2014:03:20-10:29:52 fw pluto[30454]: | exchange type: ISAKMP_XCHG_IDPROT
2014:03:20-10:29:52 fw pluto[30454]: | flags: none
2014:03:20-10:29:52 fw pluto[30454]: | message ID: 00 00 00 00
2014:03:20-10:29:52 fw pluto[30454]: | length: 492
2014:03:20-10:29:52 fw pluto[30454]: | ***parse ISAKMP Security Association Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_VID
2014:03:20-10:29:52 fw pluto[30454]: | length: 320
2014:03:20-10:29:52 fw pluto[30454]: | DOI: ISAKMP_DOI_IPSEC
2014:03:20-10:29:52 fw pluto[30454]: | ***parse ISAKMP Vendor ID Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_VID
2014:03:20-10:29:52 fw pluto[30454]: | length: 24
2014:03:20-10:29:52 fw pluto[30454]: | ***parse ISAKMP Vendor ID Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_VID
2014:03:20-10:29:52 fw pluto[30454]: | length: 20
2014:03:20-10:29:52 fw pluto[30454]: | ***parse ISAKMP Vendor ID Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_VID
2014:03:20-10:29:52 fw pluto[30454]: | length: 20
2014:03:20-10:29:52 fw pluto[30454]: | ***parse ISAKMP Vendor ID Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_VID
2014:03:20-10:29:52 fw pluto[30454]: | length: 20
2014:03:20-10:29:52 fw pluto[30454]: | ***parse ISAKMP Vendor ID Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_VID
2014:03:20-10:29:52 fw pluto[30454]: | length: 20
2014:03:20-10:29:52 fw pluto[30454]: | ***parse ISAKMP Vendor ID Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_VID
2014:03:20-10:29:52 fw pluto[30454]: | length: 20
2014:03:20-10:29:52 fw pluto[30454]: | ***parse ISAKMP Vendor ID Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NONE
2014:03:20-10:29:52 fw pluto[30454]: | length: 20
2014:03:20-10:29:52 fw pluto[30454]: packet from 80.226.0.2:42826: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
2014:03:20-10:29:52 fw pluto[30454]: packet from 80.226.0.2:42826: received Vendor ID payload [RFC 3947]
2014:03:20-10:29:52 fw pluto[30454]: packet from 80.226.0.2:42826: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2014:03:20-10:29:52 fw pluto[30454]: packet from 80.226.0.2:42826: ignoring Vendor ID payload [FRAGMENTATION]
2014:03:20-10:29:52 fw pluto[30454]: packet from 80.226.0.2:42826: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
2014:03:20-10:29:52 fw pluto[30454]: packet from 80.226.0.2:42826: ignoring Vendor ID payload [Vid-Initial-Contact]
2014:03:20-10:29:52 fw pluto[30454]: packet from 80.226.0.2:42826: ignoring Vendor ID payload [IKE CGA version 1]
2014:03:20-10:29:52 fw pluto[30454]: | ****parse IPsec DOI SIT:
2014:03:20-10:29:52 fw pluto[30454]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
2014:03:20-10:29:52 fw pluto[30454]: | ****parse ISAKMP Proposal Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NONE
2014:03:20-10:29:52 fw pluto[30454]: | length: 308
2014:03:20-10:29:52 fw pluto[30454]: | proposal number: 1
2014:03:20-10:29:52 fw pluto[30454]: | protocol ID: PROTO_ISAKMP
2014:03:20-10:29:52 fw pluto[30454]: | SPI size: 0
2014:03:20-10:29:52 fw pluto[30454]: | number of transforms: 8
2014:03:20-10:29:52 fw pluto[30454]: | *****parse ISAKMP Transform Payload (ISAKMP):
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_T
2014:03:20-10:29:52 fw pluto[30454]: | length: 40
2014:03:20-10:29:52 fw pluto[30454]: | transform number: 1
2014:03:20-10:29:52 fw pluto[30454]: | transform ID: KEY_IKE
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 7
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_KEY_LENGTH
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 256
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_HASH_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 2
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_GROUP_DESCRIPTION
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 20
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 3
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_TYPE
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_DURATION (variable length)
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 4
2014:03:20-10:29:52 fw pluto[30454]: | *****parse ISAKMP Transform Payload (ISAKMP):
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_T
2014:03:20-10:29:52 fw pluto[30454]: | length: 40
2014:03:20-10:29:52 fw pluto[30454]: | transform number: 2
2014:03:20-10:29:52 fw pluto[30454]: | transform ID: KEY_IKE
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 7
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_KEY_LENGTH
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 128
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_HASH_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 2
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_GROUP_DESCRIPTION
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 19
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 3
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_TYPE
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_DURATION (variable length)
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 4
2014:03:20-10:29:52 fw pluto[30454]: | *****parse ISAKMP Transform Payload (ISAKMP):
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_T
2014:03:20-10:29:52 fw pluto[30454]: | length: 40
2014:03:20-10:29:52 fw pluto[30454]: | transform number: 3
2014:03:20-10:29:52 fw pluto[30454]: | transform ID: KEY_IKE
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 7
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_KEY_LENGTH
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 256
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_HASH_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 2
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_GROUP_DESCRIPTION
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 14
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 3
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_TYPE
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_DURATION (variable length)
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 4
2014:03:20-10:29:52 fw pluto[30454]: | *****parse ISAKMP Transform Payload (ISAKMP):
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_T
2014:03:20-10:29:52 fw pluto[30454]: | length: 36
2014:03:20-10:29:52 fw pluto[30454]: | transform number: 4
2014:03:20-10:29:52 fw pluto[30454]: | transform ID: KEY_IKE
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 5
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_HASH_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 2
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_GROUP_DESCRIPTION
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 14
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 3
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_TYPE
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_DURATION (variable length)
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 4
2014:03:20-10:29:52 fw pluto[30454]: | *****parse ISAKMP Transform Payload (ISAKMP):
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_T
2014:03:20-10:29:52 fw pluto[30454]: | length: 36
2014:03:20-10:29:52 fw pluto[30454]: | transform number: 5
2014:03:20-10:29:52 fw pluto[30454]: | transform ID: KEY_IKE
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 5
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_HASH_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 2
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_GROUP_DESCRIPTION
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 2
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 3
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_TYPE
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_DURATION (variable length)
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 4
2014:03:20-10:29:52 fw pluto[30454]: | *****parse ISAKMP Transform Payload (ISAKMP):
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_T
2014:03:20-10:29:52 fw pluto[30454]: | length: 36
2014:03:20-10:29:52 fw pluto[30454]: | transform number: 6
2014:03:20-10:29:52 fw pluto[30454]: | transform ID: KEY_IKE
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 5
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_HASH_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_GROUP_DESCRIPTION
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 2
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 3
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_TYPE
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_DURATION (variable length)
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 4
2014:03:20-10:29:52 fw pluto[30454]: | *****parse ISAKMP Transform Payload (ISAKMP):
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_T
2014:03:20-10:29:52 fw pluto[30454]: | length: 36
2014:03:20-10:29:52 fw pluto[30454]: | transform number: 7
2014:03:20-10:29:52 fw pluto[30454]: | transform ID: KEY_IKE
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_HASH_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 2
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_GROUP_DESCRIPTION
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 3
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_TYPE
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_DURATION (variable length)
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 4
2014:03:20-10:29:52 fw pluto[30454]: | *****parse ISAKMP Transform Payload (ISAKMP):
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NONE
2014:03:20-10:29:52 fw pluto[30454]: | length: 36
2014:03:20-10:29:52 fw pluto[30454]: | transform number: 8
2014:03:20-10:29:52 fw pluto[30454]: | transform ID: KEY_IKE
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_HASH_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_GROUP_DESCRIPTION
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 3
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_TYPE
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_DURATION (variable length)
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 4
2014:03:20-10:29:52 fw pluto[30454]: | preparse_isakmp_policy: peer requests PUBKEY authentication
2014:03:20-10:29:52 fw pluto[30454]: "L_for sophos"[143] 80.226.0.2:42826 #14878: responding to Main Mode from unknown peer 80.226.0.2:42826
2014:03:20-10:29:52 fw pluto[30454]: | **emit ISAKMP Message:
2014:03:20-10:29:52 fw pluto[30454]: | initiator cookie:
2014:03:20-10:29:52 fw pluto[30454]: | a0 22 e4 75 e8 58 4f cf
2014:03:20-10:29:52 fw pluto[30454]: | responder cookie:
2014:03:20-10:29:52 fw pluto[30454]: | e4 a6 8f 83 2f 7c a1 d8
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_SA
2014:03:20-10:29:52 fw pluto[30454]: | ISAKMP version: ISAKMP Version 1.0
2014:03:20-10:29:52 fw pluto[30454]: | exchange type: ISAKMP_XCHG_IDPROT
2014:03:20-10:29:52 fw pluto[30454]: | flags: none
2014:03:20-10:29:52 fw pluto[30454]: | message ID: 00 00 00 00
2014:03:20-10:29:52 fw pluto[30454]: | ***emit ISAKMP Security Association Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_VID
2014:03:20-10:29:52 fw pluto[30454]: | DOI: ISAKMP_DOI_IPSEC
2014:03:20-10:29:52 fw pluto[30454]: | *****parse ISAKMP Transform Payload (ISAKMP):
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_T
2014:03:20-10:29:52 fw pluto[30454]: | length: 40
2014:03:20-10:29:52 fw pluto[30454]: | transform number: 1
2014:03:20-10:29:52 fw pluto[30454]: | transform ID: KEY_IKE
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 7
2014:03:20-10:29:52 fw pluto[30454]: | [7 is AES_CBC]
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_KEY_LENGTH
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 256
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_HASH_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 2
2014:03:20-10:29:52 fw pluto[30454]: | [2 is HMAC_SHA1]
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_GROUP_DESCRIPTION
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 20
2014:03:20-10:29:52 fw pluto[30454]: | [20 is ECP_384]
2014:03:20-10:29:52 fw pluto[30454]: "L_for sophos"[143] 80.226.0.2:42826 #14878: ECP_384 is not supported. Attribute OAKLEY_GROUP_DESCRIPTION
2014:03:20-10:29:52 fw pluto[30454]: | *****parse ISAKMP Transform Payload (ISAKMP):
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_T
2014:03:20-10:29:52 fw pluto[30454]: | length: 40
2014:03:20-10:29:52 fw pluto[30454]: | transform number: 2
2014:03:20-10:29:52 fw pluto[30454]: | transform ID: KEY_IKE
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 7
2014:03:20-10:29:52 fw pluto[30454]: | [7 is AES_CBC]
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_KEY_LENGTH
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 128
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_HASH_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 2
2014:03:20-10:29:52 fw pluto[30454]: | [2 is HMAC_SHA1]
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_GROUP_DESCRIPTION
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 19
2014:03:20-10:29:52 fw pluto[30454]: | [19 is ECP_256]
2014:03:20-10:29:52 fw pluto[30454]: "L_for sophos"[143] 80.226.0.2:42826 #14878: ECP_256 is not supported. Attribute OAKLEY_GROUP_DESCRIPTION
2014:03:20-10:29:52 fw pluto[30454]: | *****parse ISAKMP Transform Payload (ISAKMP):
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_T
2014:03:20-10:29:52 fw pluto[30454]: | length: 40
2014:03:20-10:29:52 fw pluto[30454]: | transform number: 3
2014:03:20-10:29:52 fw pluto[30454]: | transform ID: KEY_IKE
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 7
2014:03:20-10:29:52 fw pluto[30454]: | [7 is AES_CBC]
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_KEY_LENGTH
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 256
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_HASH_ALGORITHM
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 2
2014:03:20-10:29:52 fw pluto[30454]: | [2 is HMAC_SHA1]
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_GROUP_DESCRIPTION
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 14
2014:03:20-10:29:52 fw pluto[30454]: | [14 is MODP_2048]
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_AUTHENTICATION_METHOD
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 3
2014:03:20-10:29:52 fw pluto[30454]: | [3 is RSA signature]
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_TYPE
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 1
2014:03:20-10:29:52 fw pluto[30454]: | [1 is OAKLEY_LIFE_SECONDS]
2014:03:20-10:29:52 fw pluto[30454]: | ******parse ISAKMP Oakley attribute:
2014:03:20-10:29:52 fw pluto[30454]: | af+type: OAKLEY_LIFE_DURATION (variable length)
2014:03:20-10:29:52 fw pluto[30454]: | length/value: 4
2014:03:20-10:29:52 fw pluto[30454]: | long duration: 28800
2014:03:20-10:29:52 fw pluto[30454]: | Oakley Transform 3 accepted
2014:03:20-10:29:52 fw pluto[30454]: | ****emit IPsec DOI SIT:
2014:03:20-10:29:52 fw pluto[30454]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
2014:03:20-10:29:52 fw pluto[30454]: | ****emit ISAKMP Proposal Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NONE
2014:03:20-10:29:52 fw pluto[30454]: | proposal number: 1
2014:03:20-10:29:52 fw pluto[30454]: | protocol ID: PROTO_ISAKMP
2014:03:20-10:29:52 fw pluto[30454]: | SPI size: 0
2014:03:20-10:29:52 fw pluto[30454]: | number of transforms: 1
2014:03:20-10:29:52 fw pluto[30454]: | *****emit ISAKMP Transform Payload (ISAKMP):
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NONE
2014:03:20-10:29:52 fw pluto[30454]: | transform number: 3
2014:03:20-10:29:52 fw pluto[30454]: | transform ID: KEY_IKE
2014:03:20-10:29:52 fw pluto[30454]: | emitting 32 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP)
2014:03:20-10:29:52 fw pluto[30454]: | attributes 80 01 00 07 80 0e 01 00 80 02 00 02 80 04 00 0e
2014:03:20-10:29:52 fw pluto[30454]: | 80 03 00 03 80 0b 00 01 00 0c 00 04 00 00 70 80
2014:03:20-10:29:52 fw pluto[30454]: | emitting length of ISAKMP Transform Payload (ISAKMP): 40
2014:03:20-10:29:52 fw pluto[30454]: | emitting length of ISAKMP Proposal Payload: 48
2014:03:20-10:29:52 fw pluto[30454]: | emitting length of ISAKMP Security Association Payload: 60
2014:03:20-10:29:52 fw pluto[30454]: | out_vendorid(): sending [strongSwan]
2014:03:20-10:29:52 fw pluto[30454]: | ***emit ISAKMP Vendor ID Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_VID
2014:03:20-10:29:52 fw pluto[30454]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
2014:03:20-10:29:52 fw pluto[30454]: | V_ID 88 2f e5 6d 6f d2 0d bc 22 51 61 3b 2e be 5b eb
2014:03:20-10:29:52 fw pluto[30454]: | emitting length of ISAKMP Vendor ID Payload: 20
2014:03:20-10:29:52 fw pluto[30454]: | out_vendorid(): sending [Cisco-Unity]
2014:03:20-10:29:52 fw pluto[30454]: | ***emit ISAKMP Vendor ID Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_VID
2014:03:20-10:29:52 fw pluto[30454]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
2014:03:20-10:29:52 fw pluto[30454]: | V_ID 12 f5 f2 8c 45 71 68 a9 70 2d 9f e2 74 cc 01 00
2014:03:20-10:29:52 fw pluto[30454]: | emitting length of ISAKMP Vendor ID Payload: 20
2014:03:20-10:29:52 fw pluto[30454]: | out_vendorid(): sending [XAUTH]
2014:03:20-10:29:52 fw pluto[30454]: | ***emit ISAKMP Vendor ID Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_VID
2014:03:20-10:29:52 fw pluto[30454]: | emitting 8 raw bytes of V_ID into ISAKMP Vendor ID Payload
2014:03:20-10:29:52 fw pluto[30454]: | V_ID 09 00 26 89 df d6 b7 12
2014:03:20-10:29:52 fw pluto[30454]: | emitting length of ISAKMP Vendor ID Payload: 12
2014:03:20-10:29:52 fw pluto[30454]: | out_vendorid(): sending [Dead Peer Detection]
2014:03:20-10:29:52 fw pluto[30454]: | ***emit ISAKMP Vendor ID Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_VID
2014:03:20-10:29:52 fw pluto[30454]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
2014:03:20-10:29:52 fw pluto[30454]: | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
2014:03:20-10:29:52 fw pluto[30454]: | emitting length of ISAKMP Vendor ID Payload: 20
2014:03:20-10:29:52 fw pluto[30454]: | out_vendorid(): sending [RFC 3947]
2014:03:20-10:29:52 fw pluto[30454]: | ***emit ISAKMP Vendor ID Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NONE
2014:03:20-10:29:52 fw pluto[30454]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
2014:03:20-10:29:52 fw pluto[30454]: | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
2014:03:20-10:29:52 fw pluto[30454]: | emitting length of ISAKMP Vendor ID Payload: 20
2014:03:20-10:29:52 fw pluto[30454]: | emitting length of ISAKMP Message: 180
2014:03:20-10:29:52 fw pluto[30454]: |
2014:03:20-10:29:52 fw pluto[30454]: | *received 388 bytes from 80.226.0.2:42826 on eth1
2014:03:20-10:29:52 fw pluto[30454]: | **parse ISAKMP Message:
2014:03:20-10:29:52 fw pluto[30454]: | initiator cookie:
2014:03:20-10:29:52 fw pluto[30454]: | a0 22 e4 75 e8 58 4f cf
2014:03:20-10:29:52 fw pluto[30454]: | responder cookie:
2014:03:20-10:29:52 fw pluto[30454]: | e4 a6 8f 83 2f 7c a1 d8
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_KE
2014:03:20-10:29:52 fw pluto[30454]: | ISAKMP version: ISAKMP Version 1.0
2014:03:20-10:29:52 fw pluto[30454]: | exchange type: ISAKMP_XCHG_IDPROT
2014:03:20-10:29:52 fw pluto[30454]: | flags: none
2014:03:20-10:29:52 fw pluto[30454]: | message ID: 00 00 00 00
2014:03:20-10:29:52 fw pluto[30454]: | length: 388
2014:03:20-10:29:52 fw pluto[30454]: | ***parse ISAKMP Key Exchange Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NONCE
2014:03:20-10:29:52 fw pluto[30454]: | length: 260
2014:03:20-10:29:52 fw pluto[30454]: | ***parse ISAKMP Nonce Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NAT-D
2014:03:20-10:29:52 fw pluto[30454]: | length: 52
2014:03:20-10:29:52 fw pluto[30454]: | ***parse ISAKMP NAT-D Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NAT-D
2014:03:20-10:29:52 fw pluto[30454]: | length: 24
2014:03:20-10:29:52 fw pluto[30454]: | ***parse ISAKMP NAT-D Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NONE
2014:03:20-10:29:52 fw pluto[30454]: | length: 24
2014:03:20-10:29:52 fw pluto[30454]: | **emit ISAKMP Message:
2014:03:20-10:29:52 fw pluto[30454]: | initiator cookie:
2014:03:20-10:29:52 fw pluto[30454]: | a0 22 e4 75 e8 58 4f cf
2014:03:20-10:29:52 fw pluto[30454]: | responder cookie:
2014:03:20-10:29:52 fw pluto[30454]: | e4 a6 8f 83 2f 7c a1 d8
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_KE
2014:03:20-10:29:52 fw pluto[30454]: | ISAKMP version: ISAKMP Version 1.0
2014:03:20-10:29:52 fw pluto[30454]: | exchange type: ISAKMP_XCHG_IDPROT
2014:03:20-10:29:52 fw pluto[30454]: | flags: none
2014:03:20-10:29:52 fw pluto[30454]: | message ID: 00 00 00 00
2014:03:20-10:29:52 fw pluto[30454]: "L_for sophos"[143] 80.226.0.2:42826 #14878: NAT-Traversal: Result using RFC 3947: peer is NATed
2014:03:20-10:29:52 fw pluto[30454]: | size of DH secret exponent: 2047 bits
2014:03:20-10:29:52 fw pluto[30454]: | ***emit ISAKMP Key Exchange Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NONCE
2014:03:20-10:29:52 fw pluto[30454]: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload
2014:03:20-10:29:52 fw pluto[30454]: | keyex value 5c 43 52 a9 47 00 b0 ab 56 63 7f 10 35 c9 27 ac
2014:03:20-10:29:52 fw pluto[30454]: | a2 37 7f 1a 8e e8 9f a4 e3 1c 9c dc 19 24 f4 7a
2014:03:20-10:29:52 fw pluto[30454]: | 6f 56 ee 52 b2 16 61 76 40 d7 31 7c f9 e5 f8 29
2014:03:20-10:29:52 fw pluto[30454]: | 53 bb a3 d7 78 d8 a2 12 1d e3 5e bb 36 2f 68 42
2014:03:20-10:29:52 fw pluto[30454]: | 6a eb e9 53 0c fc 65 3f 1e db 84 21 e3 b4 2b ae
2014:03:20-10:29:52 fw pluto[30454]: | 20 55 f4 92 b6 e2 0e b1 55 bd 00 1a 51 bf 5a e9
2014:03:20-10:29:52 fw pluto[30454]: | 4b ea 5d 10 51 74 5d ce 2d b9 4f 5e 7a bb f8 f4
2014:03:20-10:29:52 fw pluto[30454]: | 43 6d b4 62 03 8e ec 4a 5d 26 74 e9 bd b2 a3 c5
2014:03:20-10:29:52 fw pluto[30454]: | 9c fe 0a 2b a7 a1 d1 b7 97 d7 de c7 f5 ae 52 a2
2014:03:20-10:29:52 fw pluto[30454]: | 41 55 f4 51 ff 49 5c 2f 48 59 51 c0 0a 56 ac 4d
2014:03:20-10:29:52 fw pluto[30454]: | 17 fb 65 2a 25 fe 0d c0 ba 6c 34 a1 d5 ce 4c 79
2014:03:20-10:29:52 fw pluto[30454]: | ee bb 60 a4 28 92 fe 87 c0 ee d6 90 81 04 5f 35
2014:03:20-10:29:52 fw pluto[30454]: | 07 de 1d c0 8e 5d b8 42 05 2c e8 9e 0c d2 41 d4
2014:03:20-10:29:52 fw pluto[30454]: | cd b7 63 bb 07 35 ab 58 2e df 5f 27 42 6f 90 d9
2014:03:20-10:29:52 fw pluto[30454]: | ea fe 6a 24 d0 bc 4b 51 d0 cc a2 f8 13 6a 26 b4
2014:03:20-10:29:52 fw pluto[30454]: | 6e b8 a6 ed d9 02 70 5d 33 0a 68 0c 63 78 c4 88
2014:03:20-10:29:52 fw pluto[30454]: | emitting length of ISAKMP Key Exchange Payload: 260
2014:03:20-10:29:52 fw pluto[30454]: | ***emit ISAKMP Nonce Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NAT-D
2014:03:20-10:29:52 fw pluto[30454]: | emitting 16 raw bytes of Nr into ISAKMP Nonce Payload
2014:03:20-10:29:52 fw pluto[30454]: | Nr 71 14 a7 e8 cd c4 f8 59 da ea 1d 3b b3 06 34 e2
2014:03:20-10:29:52 fw pluto[30454]: | emitting length of ISAKMP Nonce Payload: 20
2014:03:20-10:29:52 fw pluto[30454]: | sending NATD payloads
2014:03:20-10:29:52 fw pluto[30454]: | ***emit ISAKMP NAT-D Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NAT-D
2014:03:20-10:29:52 fw pluto[30454]: | emitting 20 raw bytes of NAT-D into ISAKMP NAT-D Payload
2014:03:20-10:29:52 fw pluto[30454]: | NAT-D dc e0 fe 0b fa 71 ef f1 79 64 f8 03 00 df 04 87
2014:03:20-10:29:52 fw pluto[30454]: | 42 a4 51 d5
2014:03:20-10:29:52 fw pluto[30454]: | emitting length of ISAKMP NAT-D Payload: 24
2014:03:20-10:29:52 fw pluto[30454]: | ***emit ISAKMP NAT-D Payload:
2014:03:20-10:29:52 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NONE
2014:03:20-10:29:52 fw pluto[30454]: | emitting 20 raw bytes of NAT-D into ISAKMP NAT-D Payload
2014:03:20-10:29:52 fw pluto[30454]: | NAT-D b9 48 45 95 d1 aa 13 b9 f9 93 e5 8d 96 05 00 d5
2014:03:20-10:29:52 fw pluto[30454]: | ec 57 32 3b
2014:03:20-10:29:52 fw pluto[30454]: | emitting length of ISAKMP NAT-D Payload: 24
2014:03:20-10:29:52 fw pluto[30454]: | emitting length of ISAKMP Message: 356
2014:03:20-10:29:54 fw pluto[30454]: |
2014:03:20-10:29:54 fw pluto[30454]: | *received 92 bytes from 80.238.229.176:500 on eth1
2014:03:20-10:29:54 fw pluto[30454]: | **parse ISAKMP Message:
2014:03:20-10:29:54 fw pluto[30454]: | initiator cookie:
2014:03:20-10:29:54 fw pluto[30454]: | fb 90 f7 5b c6 d3 c9 ed
2014:03:20-10:29:54 fw pluto[30454]: | responder cookie:
2014:03:20-10:29:54 fw pluto[30454]: | 0e 58 aa 14 a7 51 4b a2
2014:03:20-10:29:54 fw pluto[30454]: | next payload type: ISAKMP_NEXT_HASH
2014:03:20-10:29:54 fw pluto[30454]: | ISAKMP version: ISAKMP Version 1.0
2014:03:20-10:29:54 fw pluto[30454]: | exchange type: ISAKMP_XCHG_INFO
2014:03:20-10:29:54 fw pluto[30454]: | flags: ISAKMP_FLAG_ENCRYPTION
2014:03:20-10:29:54 fw pluto[30454]: | message ID: 8b b7 5a ad
2014:03:20-10:29:54 fw pluto[30454]: | length: 92
2014:03:20-10:29:54 fw pluto[30454]: | ***parse ISAKMP Hash Payload:
2014:03:20-10:29:54 fw pluto[30454]: | next payload type: ISAKMP_NEXT_N
2014:03:20-10:29:54 fw pluto[30454]: | length: 20
2014:03:20-10:29:54 fw pluto[30454]: | ***parse ISAKMP Notification Payload:
2014:03:20-10:29:54 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NONE
2014:03:20-10:29:54 fw pluto[30454]: | length: 32
2014:03:20-10:29:54 fw pluto[30454]: | DOI: ISAKMP_DOI_IPSEC
2014:03:20-10:29:54 fw pluto[30454]: | protocol ID: 1
2014:03:20-10:29:54 fw pluto[30454]: | SPI size: 16
2014:03:20-10:29:54 fw pluto[30454]: | Notify Message Type: R_U_THERE
2014:03:20-10:29:54 fw pluto[30454]: | removing 12 bytes of padding
2014:03:20-10:29:54 fw pluto[30454]: | info: fb 90 f7 5b c6 d3 c9 ed 0e 58 aa 14 a7 51 4b a2
2014:03:20-10:29:54 fw pluto[30454]: | 00 00 42 3f
2014:03:20-10:29:54 fw pluto[30454]: | **emit ISAKMP Message:
2014:03:20-10:29:54 fw pluto[30454]: | initiator cookie:
2014:03:20-10:29:54 fw pluto[30454]: | fb 90 f7 5b c6 d3 c9 ed
2014:03:20-10:29:54 fw pluto[30454]: | responder cookie:
2014:03:20-10:29:54 fw pluto[30454]: | 0e 58 aa 14 a7 51 4b a2
2014:03:20-10:29:54 fw pluto[30454]: | next payload type: ISAKMP_NEXT_HASH
2014:03:20-10:29:54 fw pluto[30454]: | ISAKMP version: ISAKMP Version 1.0
2014:03:20-10:29:54 fw pluto[30454]: | exchange type: ISAKMP_XCHG_INFO
2014:03:20-10:29:54 fw pluto[30454]: | flags: ISAKMP_FLAG_ENCRYPTION
2014:03:20-10:29:54 fw pluto[30454]: | message ID: 53 88 95 6f
2014:03:20-10:29:54 fw pluto[30454]: | ***emit ISAKMP Hash Payload:
2014:03:20-10:29:54 fw pluto[30454]: | next payload type: ISAKMP_NEXT_N
2014:03:20-10:29:54 fw pluto[30454]: | emitting 16 zero bytes of HASH into ISAKMP Hash Payload
2014:03:20-10:29:54 fw pluto[30454]: | emitting length of ISAKMP Hash Payload: 20
2014:03:20-10:29:54 fw pluto[30454]: | ***emit ISAKMP Notification Payload:
2014:03:20-10:29:54 fw pluto[30454]: | next payload type: ISAKMP_NEXT_NONE
2014:03:20-10:29:54 fw pluto[30454]: | DOI: ISAKMP_DOI_IPSEC
2014:03:20-10:29:54 fw pluto[30454]: | protocol ID: 1
2014:03:20-10:29:54 fw pluto[30454]: | SPI size: 16
2014:03:20-10:29:54 fw pluto[30454]: | Notify Message Type: R_U_THERE_ACK
2014:03:20-10:29:54 fw pluto[30454]: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload
2014:03:20-10:29:54 fw pluto[30454]: | notify icookie fb 90 f7 5b c6 d3 c9 ed
2014:03:20-10:29:54 fw pluto[30454]: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload
2014:03:20-10:29:54 fw pluto[30454]: | notify rcookie 0e 58 aa 14 a7 51 4b a2
2014:03:20-10:29:54 fw pluto[30454]: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload
2014:03:20-10:29:54 fw pluto[30454]: | notify data 00 00 42 3f
2014:03:20-10:29:54 fw pluto[30454]: | emitting length of ISAKMP Notification Payload: 32
2014:03:20-10:29:54 fw pluto[30454]: | emitting 12 zero bytes of encryption padding into ISAKMP Message
2014:03:20-10:29:54 fw pluto[30454]: | emitting length of ISAKMP Message: 92

Debug is enabled, because there is also a Support call open at sophos. But at the Moment they also have no clue.

I have no idea if the Problem is on utm or Client side.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data