Scribd
Upload
79 views

Console Output CLI Console

The document contains log output from a FortiGate firewall regarding IKE and IPsec VPN configuration and troubleshooting. It shows the configuration of an IKE phase 1 interface named "Israel-127.13" between the local gateway 192.8.202.121 and remote gateway 192.8.127.13. Debug messages indicate an IKE security association is being established between the gateways using AES-256 encryption and SHA-256 hashing.

Uploaded by

javed.rafik.1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
79 views

Console Output CLI Console

The document contains log output from a FortiGate firewall regarding IKE and IPsec VPN configuration and troubleshooting. It shows the configuration of an IKE phase 1 interface named "Israel-127.13" between the local gateway 192.8.202.121 and remote gateway 192.8.127.13. Debug messages indicate an IKE security association is being established between the gateways using AES-256 encryption and SHA-256 hashing.

Uploaded by

javed.rafik.1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 20

FortiGate-2601F # config vdom

FortiGate-2601F (vdom) # edit vsys3


current vf=vsys3:2

FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) # diag vpn ike gateway list
name List gateway by name.

FortiGate-2601F (vsys3) # diag vpn ike gateway list Israel-127.13

command parse error before 'Israel-127.13'


Command fail. Return code -61

FortiGate-2601F (vsys3) # diag vpn ike gateway list name Israel-127.13

FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) # get vpn ipsec tunnel name Israel-127.13

gateway
name: 'Israel-127.13'
local-gateway: 192.8.202.121:0 (static)
remote-gateway: 192.8.127.13:0 (static)
dpd-link: off
mode: ike-v2
interface: 'port1' (9) vrf:0
rx packets: 0 bytes: 0 errors: 0
tx packets: 0 bytes: 0 errors: 2
dpd: disabled
selectors
name: 'Blr_lab-to-Israel'
auto-negotiate: enable
mode: tunnel
src: 0:0.0.0.0/0.0.0.0:0
dst: 0:0.0.0.0/0.0.0.0:0

FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
Connection lost. Press Enter to start a new session.

FortiGate-2601F # config vdom

FortiGate-2601F (vdom) # edit vsys3


current vf=vsys3:2

FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) # sh full-configuration vpn ipsec phase1-interface Israel-
127.13
config vpn ipsec phase1-interface
edit "Israel-127.13"
set type static
set interface "port1"
set ip-version 4
set ike-version 2
set local-gw 192.8.202.121
set keylife 86400
set authmethod psk
unset authmethod-remote
set peertype any
set net-device disable
set passive-mode disable
set exchange-interface-ip disable
set aggregate-member disable
set mode-cfg disable
set proposal aes256-sha256
set localid ''
set localid-type auto
set auto-negotiate enable
set negotiate-timeout 30
set fragmentation enable
set ip-fragmentation post-encapsulation
set dpd disable
set forticlient-enforcement disable
set comments ''
set npu-offload enable
set dhgrp 20
set suite-b disable
set eap disable
set ppk disable
set wizard-type custom
set reauth disable
set idle-timeout disable
set ha-sync-esp-seqno enable
set fgsp-sync disable
set inbound-dscp-copy disable
set auto-discovery-sender disable
set auto-discovery-receiver disable
set auto-discovery-forwarder disable
set encapsulation none
set nattraversal disable
set esn disable
set fragmentation-mtu 1200
set childless-ike disable
set rekey enable
set fec-egress disable
set fec-ingress disable
set network-overlay disable
set remote-gw 192.8.127.13
set monitor ''
set add-gw-route disable
set psksecret ENC
6dRzXbdtiGRT50+o+q4cIRssW/PsbImgsnvImu2KgHh5ZqAcF3ceg+chP3Qa1oIggqNCJ4PsE4d6I7tFB7D
xO8U88uh6aszHpTJrpq5Fpvt9n+Tm
WFPKLOOsV0+mgS1JNRPJLdtXwQzeQG2JlP3FoOvRNvs+qK4IkhScwTCChsk4VWsYncVSNsFNzGTQWnY77MX
3aQ==
next
end

FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) # diag vpn ike log-filter dst-addr4 192.8.127.13

FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) # diag debug application ike -1
Debug messages will be on for 12 minutes.

FortiGate-2601F (vsys3) # diag debug enable

FortiGate-2601F (vsys3) # ike 2:Israel-127.13:Blr_lab-to-Israel: chosen to populate


IKE_SA traffic-selectors
ike 2:Israel-127.13: no suitable IKE_SA, queuing CHILD_SA request and initiating
IKE_SA negotiation
ike 2:Israel-127.13:1796120: generate DH public value request queued
ike 2:Israel-127.13:1796120: out
FF4A0841F0A9731400000000000000002120220800000000000000E0220000300000002C01010004030
0000C0100000C800E01000
300000802000005030000080300000C00000008040000142800006800140000C88C047C04AE9151D298
8D2675B0A0845FAE8D9256D866CB5B7006FCDD302F519C21828F2F4
BA1B6C379F4744E42A79887B0554ABAFAF9C999A35BB46AC9107233CCABAB93DA1D872967AB1DD89E30
3B41A858E64B3DC53B37D9A6482B9F7C7C290000247BF6A7286824F
9E256D093F3A306A17ABB9E03842DF94CEF14E4C68E8F3F60E0000000080000402E
ike 2:Israel-127.13:1796120: sent IKE msg (SA_INIT): 192.8.202.121:500-
>192.8.127.13:500, len=224, vrf=0, id=ff4a0841f0a97314/000000000000
0000
ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
ike 2: IKEv2 exchange=SA_INIT_RESPONSE id=ff4a0841f0a97314/e52afeb335c38d87 len=216
ike 2: in
FF4A0841F0A97314E52AFEB335C38D872120222000000000000000D8220000300000002C01010004030
0000C0100000C800E0100030000080200000503000008
0300000C00000008040000142800006800140000B8A5CC4BCAC42792D404F38A9FBA5195F351EAF6A2D
E37658B45DFC2717BC7426C3476FF267FC3D855E9D04E41E4BC97BC
F75B2D24A5313B3F9B0C280676255EFE57110CDC49F4295D41929ECED3499591DDED846853CE6D708DB
61410C79C770000002401AD6370331604A34CF6FF9B4351C5B7CF26
C7546CFA11F745C40120EF84F9B1
ike 2:Israel-127.13:1796120: initiator received SA_INIT response
ike 2:Israel-127.13:1796120: incoming proposal:
ike 2:Israel-127.13:1796120: proposal id = 1:
ike 2:Israel-127.13:1796120: protocol = IKEv2:
ike 2:Israel-127.13:1796120: encapsulation = IKEv2/none
ike 2:Israel-127.13:1796120: type=ENCR, val=AES_CBC (key_len = 256)
ike 2:Israel-127.13:1796120: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
ike 2:Israel-127.13:1796120: type=PRF, val=PRF_HMAC_SHA2_256
ike 2:Israel-127.13:1796120: type=DH_GROUP, val=ECP384.
ike 2:Israel-127.13:1796120: matched proposal id 1
ike 2:Israel-127.13:1796120: proposal id = 1:
ike 2:Israel-127.13:1796120: protocol = IKEv2:
ike 2:Israel-127.13:1796120: encapsulation = IKEv2/none
ike 2:Israel-127.13:1796120: type=ENCR, val=AES_CBC (key_len = 256)
ike 2:Israel-127.13:1796120: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
ike 2:Israel-127.13:1796120: type=PRF, val=PRF_HMAC_SHA2_256
ike 2:Israel-127.13:1796120: type=DH_GROUP, val=ECP384.
ike 2:Israel-127.13:1796120: lifetime=86400
ike 2:Israel-127.13:1796120: compute DH shared secret request queued
ike 2:Israel-127.13:1796120: IKE SA ff4a0841f0a97314/e52afeb335c38d87 SK_ei
32:810945685B3123148037A698BCA39D5BC83CB1F84DFCCC5C96971B9774E
2819E
ike 2:Israel-127.13:1796120: IKE SA ff4a0841f0a97314/e52afeb335c38d87 SK
er 32:E0A830D46D76E562057E8C31B60BD50D7D856CE3BC9725A3CF453B54054ED938
ike 2:Israel-127.13:1796120: IKE SA ff4a0841f0a97314/e52afeb335c38d87 SK_ai
32:D95031D300E18601E0DC702A5CC4BAA041137FAF7B375AE032FE5778A15
D24DE
ike 2:Israel-127.13:1796120: IKE SA ff4a0841f0a97314/e52afeb335c38d87 SK_ar
32:49F29105305F1EE355E57F1A9729B5CE6DDDAB4F0E2D0B2FEF3286C330C
A3320
ike 2:Israel-127.13:1796120: initiator preparing AUTH msg
ike 2:Israel-127.13:1796120: sending INITIAL-CONTACT
ike 2:Israel-127.13:1796120: enc
2900000C01000000C008CA79270000080000400029000028020000006EBD44A726677696CD9BAF58864
FBE0202F68E08D719865BB
2867A3185172E5521000008000040242C00002C000000280103040357FD1A240300000C0100000C800E
0100030000080300000C00000008050000002D00001801000000070
000100000FFFF00000000FFFFFFFF0000001801000000070000100000FFFF00000000FFFFFFFF0F0E0D
0C0B0A0908070605040302010F
ike 2:Israel-127.13:1796120: out
FF4A0841F0A97314E52AFEB335C38D872E20230800000001000000F0230000D437FD4B6A17D1BB5EE92
03435179F350F0467AF98D
E5BA969BE408A89B54757FC23AFD0589069F88FFF2F0B42955260256F99B2C860D6C5732392B84A9811
11A3F144165BEDB59826732F0D4490E171094887D1FBC1DF9F1D959
7B5B4D1068B43288523D22A0525B68A2AF72558A2A447541EC8BEAB77FEE257D5252AC8C52D18900B47
59A81938BBAB8489B79AB417A58DA7FE5FEFEF803D7ABF8E0301972
8DA8DB6B23F444EC408551B40BBAC3F417979F248399122678FA8F20C2EA8FF03FD53A1AF1C5B92F440
51250BE1A014745C
ike 2:Israel-127.13:1796120: sent IKE msg (AUTH): 192.8.202.121:500-
>192.8.127.13:500, len=240, vrf=0, id=ff4a0841f0a97314/e52afeb335c38d8
7:00000001
ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
ike 2: IKEv2 exchange=AUTH_RESPONSE id=ff4a0841f0a97314/e52afeb335c38d87:00000001
len=80
ike 2: in
FF4A0841F0A97314E52AFEB335C38D872E2023200000000100000050290000346ED5EF6DD28F5E96138
1EC856776DB08E3E74F5A18C4B2555DF936097C01EC34
BAE26B34895C14291FDE72EC698D1D72
ike 2:Israel-127.13: HA state master(2)
ike 2:Israel-127.13:1796120: dec
FF4A0841F0A97314E52AFEB335C38D872E2023200000000100000028290000040000000800000018
ike 2:Israel-127.13:1796120: initiator received AUTH msg
ike 2:Israel-127.13:1796120: received notify type AUTHENTICATION_FAILED
ike 2:Israel-127.13:1796120: schedule delete of IKE SA
ff4a0841f0a97314/e52afeb335c38d87
ike 2:Israel-127.13:1796120: scheduled delete of IKE SA
ff4a0841f0a97314/e52afeb335c38d87
ike 2:Israel-127.13: connection expiring due to phase1 down
ike 2:Israel-127.13: deleting
ike 2:Israel-127.13: deleted
ike 2:Israel-127.13: schedule auto-negotiate
ike 2:Israel-127.13:Blr_lab-to-Israel: chosen to populate IKE_SA traffic-selectors
ike 2:Israel-127.13: no suitable IKE_SA, queuing CHILD_SA request and initiating
IKE_SA negotiation
ike 2:Israel-127.13:1796146: generate DH public value request queued
ike 2:Israel-127.13:1796146: out
FB52EB195B0D837C00000000000000002120220800000000000000E0220000300000002C01010004030
0000C0100000C800E01000
300000802000005030000080300000C00000008040000142800006800140000274C06683811048C0EFA
76D447562EBD1EFD65065DF6E625B2F002D33CCBFE2256177077B7C
145B962C225CADAEC6084CC2B0EFDEC00C827817E7E7AB8728ED084AA445B291B5467BABFE7446F31C2
87DB4D8A3045EB2FEA6B42CC7174C37602290000243B30266DEFC31
2D00F44E1B4DA5FF5C8D380620F135C953E4A2685E9ECEBFB00000000080000402E
ike 2:Israel-127.13:1796146: sent IKE msg (SA_INIT): 192.8.202.121:500-
>192.8.127.13:500, len=224, vrf=0, id=fb52eb195b0d837c/000000000000
0000
ike 2:Israel-127.13:Blr_lab-to-Israel: IPsec SA connect 9 192.8.202.121-
>192.8.127.13:0
ike 2:Israel-127.13:Blr_lab-to-Israel: using existing connection
ike 2:Israel-127.13:Blr_lab-to-Israel: config found
ike 2:Israel-127.13: request is on the queue
ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
ike 2: IKEv2 exchange=SA_INIT_RESPONSE id=fb52eb195b0d837c/b11857197ae255eb len=216
ike 2: in
FB52EB195B0D837CB11857197AE255EB2120222000000000000000D8220000300000002C01010004030
0000C0100000C800E0100030000080200000503000008
0300000C00000008040000142800006800140000D54E59675792B342FF809361323CDF5EE814ECEE4B4
F06D5B95991F23F64901D7C8F54BE4D1D813362C069EF63CE3AE39F
431D891067630B2FDE0189AF25F92AC0E15EE58CDEB7090FA35DA88AE9CD85A1C6C40C28AABA7042A7A
2C6FB6331A300000024ECFC506A5AF1345023B5AA19DC31FCFCBE7E
0D131641EF60839A34EAA736587F
ike 2:Israel-127.13:1796146: initiator received SA_INIT response
ike 2:Israel-127.13:1796146: incoming proposal:
ike 2:Israel-127.13:1796146: proposal id = 1:
ike 2:Israel-127.13:1796146: protocol = IKEv2:
ike 2:Israel-127.13:1796146: encapsulation = IKEv2/none
ike 2:Israel-127.13:1796146: type=ENCR, val=AES_CBC (key_len = 256)
ike 2:Israel-127.13:1796146: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
ike 2:Israel-127.13:1796146: type=PRF, val=PRF_HMAC_SHA2_256
ike 2:Israel-127.13:1796146: type=DH_GROUP, val=ECP384.
ike 2:Israel-127.13:1796146: matched proposal id 1
ike 2:Israel-127.13:1796146: proposal id = 1:
ike 2:Israel-127.13:1796146: protocol = IKEv2:
ike 2:Israel-127.13:1796146: encapsulation = IKEv2/none
ike 2:Israel-127.13:1796146: type=ENCR, val=AES_CBC (key_len = 256)
ike 2:Israel-127.13:1796146: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
ike 2:Israel-127.13:1796146: type=PRF, val=PRF_HMAC_SHA2_256
ike 2:Israel-127.13:1796146: type=DH_GROUP, val=ECP384.
ike 2:Israel-127.13:1796146: lifetime=86400
ike 2:Israel-127.13:1796146: compute DH shared secret request queued
ike 2:Israel-127.13:1796146: IKE SA fb52eb195b0d837c/b11857197ae255eb SK_ei
32:93DE06574B8A0ABFC4BED10A4E6FE1EB84741194796A364D5D7DB0218EF
B6FB4
ike 2:Israel-127.13:1796146: IKE SA fb52eb195b0d837c/b11857197ae255eb SK_er
32:2ED5C1879DC255615F000D1F20858F4C42EAE54B5FAB25EDAE1D8F30875
5E6FA
ike 2:Israel-127.13:1796146: IKE SA fb52eb195b0d837c/b11857197ae255eb SK_ai
32:21232DDA6BC0592D0FAC23B6C63755F405F7076B956AB42EC5CDF733408
9136C
ike 2:Israel-127.13:1796146: IKE SA fb52eb195b0d837c/b11857197ae255eb SK_ar
32:355BAD7641DAEF89B7FE52220D0780BBDE4F69E91AE6D1C89770328596E
D6C64
ike 2:Israel-127.13:1796146: initiator preparing AUTH msg
ike 2:Israel-127.13:1796146: sending INITIAL-CONTACT
ike 2:Israel-127.13:1796146: enc
2900000C01000000C008CA79270000080000400029000028020000005E111DD1F3FC2BB8C020E0770D2
384D232E1C525BA739BE1B
9DD51B4535B5F7821000008000040242C00002C000000280103040357FD1A270300000C0100000C800E
0100030000080300000C00000008050000002D00001801000000070
000100000FFFF00000000FFFFFFFF0000001801000000070000100000FFFF00000000FFFFFFFF0F0E0D
0C0B0A0908070605040302010F
ike 2:Israel-127.13:1796146: out
FB52EB195B0D837CB11857197AE255EB2E20230800000001000000F0230000D439863DD5655B16FE086
960ECFE8F0FD8E855F1C91
BF5D7099A1786B80A85A462D56D06DCF50A4B007B5B7DF083C15A9DD8C6B5CC5C2A8475B878B47A6615
DFCB75A24663E7B7B4105F1F670E0A24A97A43ACFFD573B7FA08310
D9F74470AA3068969EC919C03CE319FAE1D77152AA2AA53DD6BF004FB33965BD2EE8447427E04831C64
82298C404F3DF75857358285054072014898A93A2FF953267793939
0EF99B110EB31BA9EAE85755F935FD7036C40553CB0AF9E79CAD1C1B8025597785BDCA9A1C2BACBA223
C186D3824039F903
ike 2:Israel-127.13:1796146: sent IKE msg (AUTH): 192.8.202.121:500-
>192.8.127.13:500, len=240, vrf=0, id=fb52eb195b0d837c/b11857197ae255e
b:00000001
ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
ike 2: IKEv2 exchange=AUTH_RESPONSE id=fb52eb195b0d837c/b11857197ae255eb:00000001
len=80
ike 2: in
FB52EB195B0D837CB11857197AE255EB2E202320000000010000005029000034955DCEF2F06544F5AE6
16E0FFE9A346C7E75A2C23AF65DB9E0D1C07DE366CC52
10BF3166D4DE57971859A0B2AC96F7FF
ike 2:Israel-127.13: HA state master(2)
ike 2:Israel-127.13:1796146: dec
FB52EB195B0D837CB11857197AE255EB2E2023200000000100000028290000040000000800000018
ike 2:Israel-127.13:1796146: initiator received AUTH msg
ike 2:Israel-127.13:1796146: received notify type AUTHENTICATION_FAILED
ike 2:Israel-127.13:1796146: schedule delete of IKE SA
fb52eb195b0d837c/b11857197ae255eb
ike 2:Israel-127.13:1796146: scheduled delete of IKE SA
fb52eb195b0d837c/b11857197ae255eb
ike 2:Israel-127.13: connection expiring due to phase1 down
ike 2:Israel-127.13: deleting
ike 2:Israel-127.13: deleted
ike 2:Israel-127.13: schedule auto-negotiate
ike 2:Israel-127.13:Blr_lab-to-Israel: chosen to populate IKE_SA traffic-selectors
ike 2:Israel-127.13: no suitable IKE_SA, queuing CHILD_SA request and initiating
IKE_SA negotiation
ike 2:Israel-127.13:1796163: generate DH public value request queued
ike 2:Israel-127.13:1796163: out
047AEBCEFAAFA82D00000000000000002120220800000000000000E0220000300000002C01010004030
0000C0100000C800E01000
300000802000005030000080300000C0000000804000014280000680014000034BDD5F2A015D05E9137
94EA3006C1854778820FE525E2934E6AE7706A8286BB72304F8909B
201E1E956F5BDB7CD3FDABC8A5BE0CE124A03F48B7C029202450736D050E5B8D93E02FB72DE3D0618EF
14D1D952390003A2AA7922DBC11D03E8522900002440EF6DB317279
D4838A9574A1AD86B6DB0B770C6B68AAAEBFDD149FA9CB41CDE000000080000402E
ike 2:Israel-127.13:1796163: sent IKE msg (SA_INIT): 192.8.202.121:500-
>192.8.127.13:500, len=224, vrf=0, id=047aebcefaafa82d/000000000000
0000
ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
ike 2: IKEv2 exchange=SA_INIT_RESPONSE id=047aebcefaafa82d/62c80023d4cbb096 len=216
ike 2: in
047AEBCEFAAFA82D62C80023D4CBB0962120222000000000000000D8220000300000002C01010004030
0000C0100000C800E0100030000080200000503000008
0300000C000000080400001428000068001400008E9EBDDD2AB3AB3985D150C78A56A14633F383C53CF
84E05213D270BB10C30C2202608985FB056AF0841166F4858654988
D80F202DC97244CB61254F3FDCC41D6CF775691B2AEFD394EE4151497A9F1FB3F9FA47C56A164003D44
8A1D753F11A00000024C8227F4EF59F45C10954B38966D731F4E307
1C99C3BDCB86D60C9E885AEADC2A
ike 2:Israel-127.13:1796163: initiator received SA_INIT response
ike 2:Israel-127.13:1796163: incoming proposal:
ike 2:Israel-127.13:1796163: proposal id = 1:
ike 2:Israel-127.13:1796163: protocol = IKEv2:
ike 2:Israel-127.13:1796163: encapsulation = IKEv2/none
ike 2:Israel-127.13:1796163: type=ENCR, val=AES_CBC (key_len = 256)
ike 2:Israel-127.13:1796163: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
ike 2:Israel-127.13:1796163: type=PRF, val=PRF_HMAC_SHA2_256
ike 2:Israel-127.13:1796163: type=DH_GROUP, val=ECP384.
ike 2:Israel-127.13:1796163: matched proposal id 1
ike 2:Israel-127.13:1796163: proposal id = 1:
ike 2:Israel-127.13:1796163: protocol = IKEv2:
ike 2:Israel-127.13:1796163: encapsulation = IKEv2/none
ike 2:Israel-127.13:1796163: type=ENCR, val=AES_CBC (key_len = 256)
ike 2:Israel-127.13:1796163: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
ike 2:Israel-127.13:1796163: type=PRF, val=PRF_HMAC_SHA2_256
ike 2:Israel-127.13:1796163: type=DH_GROUP, val=ECP384.
ike 2:Israel-127.13:1796163: lifetime=86400
ike 2:Israel-127.13:1796163: compute DH shared secret request queued
ike 2:Israel-127.13:1796163: IKE SA 047aebcefaafa82d/62c80023d4cbb096 SK_ei
32:6BF65F061E613C12B51955574542FB6EE54EE4BC6EECF902E258FE77DFA
71BBB
ike 2:Israel-127.13:1796163: IKE SA 047aebcefaafa82d/62c80023d4cbb096 SK_er
32:42B5E88478CE49AC1267FED30DB9C64F675F277938C73B6CD93101B5BAF
87DD9
ike 2:Israel-127.13:1796163: IKE SA 047aebcefaafa82d/62c80023d4cbb096 SK_ai
32:3018040F51534CEE8C1CF6404AF12FEDBD888C11722F160E5FCEE2762D8
DB943
ike 2:Israel-127.13:1796163: IKE SA 047aebcefaafa82d/62c80023d4cbb096 SK_ar
32:D13C564653DA9A78010F40ADAE8188852E134E4739DFE2FB2A4626232B9
93C03
ike 2:Israel-127.13:1796163: initiator preparing AUTH msg
ike 2:Israel-127.13:1796163: sending INITIAL-CONTACT
ike 2:Israel-127.13:1796163: enc
2900000C01000000C008CA792700000800004000290000280200000039DD4E86B2CF6F1108368F6907A
55E82E5386543D8D56DE44
A191F2FABE69EA921000008000040242C00002C000000280103040357FD1A2A0300000C0100000C800E
0100030000080300000C00000008050000002D00001801000000070
000100000FFFF00000000FFFFFFFF0000001801000000070000100000FFFF00000000FFFFFFFF0F0E0D
0C0B0A0908070605040302010F
ike 2:Israel-127.13:1796163: out
047AEBCEFAAFA82D62C80023D4CBB0962E20230800000001000000F0230000D47F7D2B1486395DD9265
EAB1CC1CEE5FE356292A85
34BE13F0F3E324E8DF737ED8036691F2C8304BC91F93467A7750CD8F768B71A589A2E88DB2F00AD753F
7BA7CDC760C91595099B9802BADE059077C4E42976CEF96F162847E
0D7E801A6FC16BFAA1016AC915A882C512BCD4B228051CF398D92074B20C1373E555D89577B8FA1F34A
D2D1CB6B5720383ACECEAEF98E1E0AB62446E47DEF72E20D858C17C
1B0E9A9B016C624C16215535F7A9A3530FEF625503E6389FF87AB93D1C4B82ECF554C0D195A3CA79C60
5DFDB6AE034EDDD6
ike 2:Israel-127.13:1796163: sent IKE msg (AUTH): 192.8.202.121:500-
>192.8.127.13:500, len=240, vrf=0, id=047aebcefaafa82d/62c80023d4cbb09
6:00000001
ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
ike 2: IKEv2 exchange=AUTH_RESPONSE id=047aebcefaafa82d/62c80023d4cbb096:00000001
len=80
ike 2: in
047AEBCEFAAFA82D62C80023D4CBB0962E202320000000010000005029000034A98A05D015885222E6F
51471B222EE13A2DBC32F42243D2068F8C9ABC0C5EB81
CFA2A4080
9C5C7FCEE8FCEE23C72F12
ike 2:Israel-127.13: HA state master(2)
ike 2:Israel-127.13:1796163: dec
047AEBCEFAAFA82D62C80023D4CBB0962E2023200000000100000028290000040000000800000018
ike 2:Israel-127.13:1796163: initiator received AUTH msg
ike 2:Israel-127.13:1796163: received notify type AUTHENTICATION_FAILED
ike 2:Israel-127.13:1796163: schedule delete of IKE SA
047aebcefaafa82d/62c80023d4cbb096
ike 2:Israel-127.13:1796163: scheduled delete of IKE SA
047aebcefaafa82d/62c80023d4cbb096
ike 2:Israel-127.13: connection expiring due to phase1 down
ike 2:Israel-127.13: deleting
ike 2:Israel-127.13: deleted
ike 2:Israel-127.13: schedule auto-negotiate
ike 2:Israel-127.13:Blr_lab-to-Israel: chosen to populate IKE_SA traffic-selectors
ike 2:Israel-127.13: no suitable IKE_SA, queuing CHILD_SA request and initiating
IKE_SA negotiation
ike 2:Israel-127.13:1796192: generate DH public value request queued
ike 2:Israel-127.13:1796192: out
BA291CD08F32383E00000000000000002120220800000000000000E0220000300000002C01010004030
0000C0100000C800E01000
300000802000005030000080300000C00000008040000142800006800140000794886D3A5BB27FA3F38
ED514D531CA68C14CB031C95786ACB15636FF25E4BB5A398F5A8E91
3994757B75C09D4D52409D2554AF4412AD6EA3ECB57827B9F381956EFCFDEFD4FEBB69232F3F47EF43A
E4241D1932E4E9502358D561FA00CCFA3D29000024138314AAAB077
E8BAD1FA767CCD938CB914DE6A5F89B89908F157BBE43AAA67C000000080000402E
ike 2:Israel-127.13:1796192: sent IKE msg (SA_INIT): 192.8.202.121:500-
>192.8.127.13:500, len=224, vrf=0, id=ba291cd08f32383e/000000000000
0000
ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
ike 2: IKEv2 exchange=SA_INIT_RESPONSE id=ba291cd08f32383e/30542beaf843efb1 len=216
ike 2: in
BA291CD08F32383E30542BEAF843EFB12120222000000000000000D8220000300000002C01010004030
0000C0100000C800E0100030000080200000503000008
0300000C000000080400001428000068001400000615B95B7297C33734F5DAF14A95E594D8A8E661244
B8024F4BE04621E25473929C1B07032BA2252F1CE7D697BA86154D3
2C31D0E34E1FBC24F17ECE0431C958C746DDE56870D9764D3A514B3776829DB9E53681F0D50C813110A
0D20D9D530600000024A184016FB2AAAA978C7E29611B5914FF9A7B
1790AF1207F08CA478B15F413E3B
ike 2:Israel-127.13:1796192: initiator received SA_INIT response
ike 2:Israel-127.13:1796192: incoming proposal:
ike 2:Israel-127.13:1796192: proposal id = 1:
ike 2:Israel-127.13:1796192: protocol = IKEv2:
ike 2:Israel-127.13:1796192: encapsulation = IKEv2/none
ike 2:Israel-127.13:1796192: type=ENCR, val=AES_CBC (key_len = 256)
ike 2:Israel-127.13:1796192: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
ike 2:Israel-127.13:1796192: type=PRF, val=PRF_HMAC_SHA2_256
ike 2:Israel-127.13:1796192: type=DH_GROUP, val=ECP384.
ike 2:Israel-127.13:1796192: matched proposal id 1
ike 2:Israel-127.13:1796192: proposal id = 1:
ike 2:Israel-127.13:1796192: protocol = IKEv2:
ike 2:Israel-127.13:1796192: encapsulation = IKEv2/none
ike 2:Israel-127.13:1796192: type=ENCR, val=AES_CBC (key_len = 256)
ike 2:Israel-127.13:1796192: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
ike 2:Israel-127.13:1796192: type=PRF, val=PRF_HMAC_SHA2_256
ike 2:Israel-127.13:1796192: type=DH_GROUP, val=ECP384.
ike 2:Israel-127.13:1796192: lifetime=86400
ike 2:Israel-127.13:1796192: compute DH shared secret request queued
ike 2:Israel-127.13:1796192: IKE SA ba291cd08f32383e/30542beaf843efb1 SK_ei
32:E56E93BC6BED1DB61B0067CC3321D162EEF241EFCA8F5FB926DF790E004
98CD1
ike 2:Israel-127.13:1796192: IKE SA ba291cd08f32383e/30542beaf843efb1 SK_er
32:8C274E79E35BF11B313DDE0249B8B97825960A9B56AADF3BEBE9986E6D5
9CAB2
ike 2:Israel-127.13:1796192: IKE SA ba291cd08f32383e/30542beaf843efb1 SK_ai
32:55E2D05E3C5CD5EF2CCB8FE2D292225C16B13940FBDE0CA0316A4A76363
A88A2
ike 2:Israel-127.13:1796192: IKE SA ba291cd08f32383e/30542beaf843efb1 SK_ar
32:613C73B082C8AE93F2C477D4C819C0837302E774A56C5A04FCD4220D4CE
1508A
ike 2:Israel-127.13:1796192: initiator preparing AUTH msg
ike 2:Israel-127.13:1796192: sending INITIAL-CONTACT
ike 2:Israel-127.13:1796192: enc
2900000C01000000C008CA792700000800004000290000280200000051D157B138FE0E25F83CFA06D52
C919FCE60264BE34677DBB
C3E50FCD64137E421000008000040242C00002C000000280103040357FD1A2D0300000C0100000C800E
0100030000080300000C00000008050000002D00001801000000070
000100000FFFF00000000FFFFFFFF0000001801000000070000100000FFFF00000000FFFFFFFF0F0E0D
0C0B0A0908070605040302010F
ike 2:Israel-127.13:1796192: out
BA291CD08F32383E30542BEAF843EFB12E20230800000001000000F0230000D4EB422B9F7D2D5E83DA0
1AB671BCC2EC3B3827890F
18CB67A1134AAD316B3420CCC0F4797A3F12295BD8B0440378AD2D37264F51EC3B8FE79B49480426764
92FF8106DA4E88CEE3D8A7B1D76312BE89F384426338C25A95A6FDF
7810AA46AF253A7A9AB5938FB15592E317F6FBCDB8F722B1CCD8775ABF89CD30E86A7EA0607D57D079C
43C16DB048C1F76AD2B6AA5CD9451E5001CCDB3256AB1C31367CD09
047E4CC52F147F57470A619860A4ABD1ACA9FFA808133FB67FF212C832721C02E252F836C50CA5A8285
919A97AA621D39A7
ike 2:Israel-127.13:1796192: sent IKE msg (AUTH): 192.8.202.121:500-
>192.8.127.13:500, len=240, vrf=0, id=ba291cd08f32383e/30542beaf843efb
1:00000001
ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
ike 2: IKEv2 exchange=AUTH_RESPONSE id=ba291cd08f32383e/30542beaf843efb1:00000001
len=80
ike 2: in
BA291CD08F32383E30542BEAF843EFB12E202320000000010000005029000034771A30F3E301C423883
051D5FC6D78053B6EFE1D3BA8AC39ED0BB719886BA659
DBF78ADBD513FEB9F0C73931BE034A7B
ike 2:Israel-127.13: HA state master(2)
ike 2:Israel-127.13:1796192: dec
BA291CD08F32383E30542BEAF843EFB12E2023200000000100000028290000040000000800000018
ike 2:Israel-127.13:1796192: initiator received AUTH msg
ike 2:Israel-127.13:1796192: received notify type AUTHENTICATION_FAILED
ike 2:Israel-127.13:1796192: schedule delete of IKE SA
ba291cd08f32383e/30542beaf843efb1
ike 2:Israel-127.13:1796192: scheduled delete of IKE SA
ba291cd08f32383e/30542beaf843efb1
ike 2:Israel-127.13: connection expiring due to phase1 down
ike 2:Israel-127.13: deleting
ike 2:Israel-127.13: deleted
ike 2:Israel-127.13: schedule auto-negotiate
ike 2:Israel-127.13:Blr_lab-to-Israel: IPsec SA connect 9 192.8.202.121-
>192.8.127.13:0
ike 2:Israel-127.13:Blr_lab-to-Israel: config found
ike 2:Israel-127.13: created connection: 0x10d3db20 9 192.8.202.121-
>192.8.127.13:500.
ike 2:Israel-127.13: HA start as master
ike 2:Israel-127.13: IPsec SA connect 9 192.8.202.121->192.8.127.13:500 negotiating
ike 2:Israel-127.13: no suitable IKE_SA, queuing CHILD_SA request and initiating
IKE_SA negotiation
ike 2:Israel-127.13:1796202: generate DH public value request queued
ike 2:Israel-127.13:1796202: out
11B30AF4843E4FAF00000000000000002120220800000000000000E0220000300000002C01010004030
0000C0100000C800E01000
300000802000005030000080300000C000000080400001428000068001400006D37D5CF616F02E29778
383C595B526AF45997AF55BC3991B60FBCF1EF06604265E9BE7D587
658AE7D090728479C5F032EB0B1758407A33F8E679A7004F29E2D8CC878A0FC713E0172AD0F3144147E
CFE6D229450AF96657120A9D4DA7E0C49A2900002432CB67E1EBF0C
B1920153C5059CB392911E5257813EDE9114E96C9761D3844B5000000080000402E
ike 2:Israel-127.13:1796202: sent IKE msg (SA_INIT): 192.8.202.121:500-
>192.8.127.13:500, len=224, vrf=0, id=11b30af4843e4faf/000000000000
0000
ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
ike 2: IKEv2 exchange=SA_INIT_RESPONSE id=11b30af4843e4faf/1dc3133393d8f0e1 len=216
ike 2: in
11B30AF4843E4FAF1DC3133393D8F0E12120222000000000000000D8220000300000002C01010004030
0000C0100000C800E0100030000080200000503000008
0300000C00000008040000142800006800140000C235760E1559FDC343FF12574522A4DC8760237BAAF
FE634F4A96779B836DC273252F82B9A500D9ADAACA0F32326F644C2
306C5B9C33B559E310CD715583DC80A818597DD54DE7681B744ED4F0638E6E278ACC91A6935EF4C4844
BDE904D4204000000240C7A72D98DC4F583F93E00CDF8227D29DAF9
0A97C77BDAAFD118A81BD2FFC25D
ike 2:Israel-127.13:1796202: initiator received SA_INIT response
ike 2:Israel-127.13:1796202: incoming proposal:
ike 2:Israel-127.13:1796202: proposal id = 1:
ike 2:Israel-127.13:1796202: protocol = IKEv2:
ike 2:Israel-127.13:1796202: encapsulation = IKEv2/none
ike 2:Israel-127.13:1796202: type=ENCR, val=AES_CBC (key_len = 256)
ike 2:Israel-127.13:1796202: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
ike 2:Israel-127.13:1796202: type=PRF, val=PRF_HMAC_SHA2_256
ike 2:Israel-127.13:1796202: type=DH_GROUP, val=ECP384.
ike 2:Israel-127.13:1796202: matched proposal id 1
ike 2:Israel-127.13:1796202: proposal id = 1:
ike 2:Israel-127.13:1796202: protocol = IKEv2:
ike 2:Israel-127.13:1796202: encapsulation = IKEv2/none
ike 2:Israel-127.13:1796202: type=ENCR, val=AES_CBC (key_len = 256)
ike 2:Israel-127.13:1796202: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
ike 2:Israel-127.13:1796202: type=PRF, val=PRF_HMAC_SHA2_256
ike 2:Israel-127.13:1796202: type=DH_GROUP, val=ECP384.
ike 2:Israel-127.13:1796202: lifetime=86400
ike 2:Israel-127.13:1796202: compute DH shared secret request queued
ike 2:Israel-127.13:1796202: IKE SA 11b30af4843e4faf/1dc3133393d8f0e1 SK_ei
32:A649BA44837B6FB8A4952D73C948A7A978FD2C159B07F2143272CBA6E6D
B85D1
ike 2:Israel-127.13:1796202: IKE SA 11b30af4843e4faf/1dc3133393d8f0e1 SK_er
32:FB7CE18AFD4BF95B53F170FF4E11923B33D414CF2223CCFDB0229F19D8A
9707B
ike 2:Israel-127.13:1796202: IKE SA 11b30af4843e4faf/1dc3133393d8f0e1 SK_ai
32:77C0DA41F62B366649F03BF8C85AD927989750E9575F395C07D826C5B9D
79CA9
ike 2:Israel-127.13:1796202: IKE SA 11b30af4843e4faf/1dc3133393d8f0e1 SK_ar
32:113B8CAD7A4755154B17F51E474A378C2FF13238AC89FA7738813BAE3BD
10870
ike 2:Israel-127.13:1796202: initiator preparing AUTH msg
ike 2:Israel-127.13:1796202: sending INITIAL-CONTACT
ike 2:Israel-127.13:1796202: enc
2900000C01000000C008CA7927000008000040002900002802000000507403826402D9BDB821746F424
EDB3020403B799637C86E4
5201B4821D5230F21000008000040242C00002C000000280103040357FD1A2E0300000C0100000C800E
0100030000080300000C00000008050000002D00001801000000070
000100000FFFF00000000FFFFFFFF0000001801000000070000100000FFFF00000000FFFFFFFF0F0E0D
0C0B0A0908070605040302010F
ike 2:Israel-127.13:1796202: out
11B30AF4843E4FAF1DC3133393D8F0E12E20230800000001000000F0230000D4B117BA5E044AF01400D
B527A8584F52D4A67ADC9A
7109B87781D7347AC37B6D1A035B1B14FC406BED9CA88D4C7D441BED739988B632C17AC205D439D11C4
FC3133EBCA6E666DD650D9036556BF3201F700142D1DA5783A5560E
748015306308B483D44E3ECB3719A747B0AD29A8237E424D0C75DFA5033E7A8080CE0C1569290EEB95F
23BFF16C14740EBC0BB8EC47F5B5EF1DE220A2F28796D31B21E9411
5FDC4D6925C8DD7503CB31D9BAA682BFB4D0C1EB5D9D833C7F5C4F77588279C8F6E92E577F38986168C
45BE323B0650BC46
ike 2:Israel-127.13:1796202: sent IKE msg (AUTH): 192.8.202.121:500-
>192.8.127.13:500, len=240, vrf=0, id=11b30af4843e4faf/1dc3133393d8f0e
1:00000001
ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
ike 2: IKEv2 exchange=AUTH_RESPONSE id=11b30af4843e4faf/1dc3133393d8f0e1:00000001
len=80
ike 2: in
11B30AF4843E4FAF1DC3133393D8F0E12E2023200000000100000050290000348C93C20E603C7633A54
A7D69D9347767A9C24CF7AC49F61B5A77F1E93FC2AE59
8B35EE29B9B2E7426CEA3D69871E38D6
ike 2:Israel-127.13: HA state master(2)
ike 2:Israel-127.13:1796202: dec
11B30AF4843E4FAF1DC3133393D8F0E12E2023200000000100000028290000040000000800000018
ike 2:Israel-127.13:1796202: initiator received AUTH msg
ike 2:Israel-127.13:1796202: received notify type AUTHENTICATION_FAILED
ike 2:Israel-127.13:1796202: schedule delete of IKE SA
11b30af4843e4faf/1dc3133393d8f0e1
ike 2:Israel-127.13:1796202: scheduled delete of IKE SA
11b30af4843e4faf/1dc3133393d8f0e1
ike 2:Israel-127.13: connection expiring due to phase1 down
ike 2:Israel-127.13: deleting
ike 2:Israel-127.13: deleted
ike 2:Israel-127.13: set oper down
ike 2:Israel-127.13:Blr_lab-to-Israel: chosen to populate IKE_SA traffic-selectors
ike 2:Israel-127.13: no suitable IKE_SA, queuing CHILD_SA request and initiating
IKE_SA negotiation
ike 2:Israel-127.13:1796213: generate DH public value request queued
ike 2:Israel-127.13:1796213: out
FE5A8AECB8AA681700000000000000002120220800000000000000E0220000300000002C01010004030
0000C0100000C800E01000
300000802000005030000080300000C0000000804000014280000680014000070755D1F0B013977A844
78F69A8FB885D34E488EAE57A944421D8CF10B2E185B19FD5D1F225
FE325292C33DC23FF7E9E1BD7055068E1B38151AA4B476DDEB5BED256AE9166D9AAEEBFBCC429B325C7
4371F8D19B5BD800C7D9C4D5BB9599C3E42900002410481CAB5EA7F
540FDD8B71B3ED0F531DFC36362F6D799633DA25E1E711AFDFF000000080000402E
ike 2:Israel-127.13:1796213: sent IKE msg (SA_INIT): 192.8.202.121:500-
>192.8.127.13:500, len=224, vrf=0, id=fe5a8aecb8aa6817/000000000000
0000
ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
ike 2: IKEv2 exchange=SA_INIT_RESPONSE id=fe5a8aecb8aa6817/ceaaa7c0b3bee581 len=216
ike 2: in
FE5A8AECB8AA6817CEAAA7C0B3BEE5812120222000000000000000D8220000300000002C01010004030
0000C0100000C800E0100030000080200000503000008
0300000C000000080400001428000068001400006FC67B8ADAA69B26E71E75DA22FE024B83943A6FA80
A020300F95D442A3A7683D094CB7B5F56CE5829B0D99386792314CF
E7E2EF6C6223641148922B46230D2E5B173C503C7697F1C070AC47478676FA4AB1DCFF3A16F29D638EC
25AD029249400000024E8B6B670FCA221C40BB8E51E0F1FF014AA1E
EE3D3A11828C2C660FC65FAA0E10
ike 2:Israel-127.13:1796213: initiator received SA_INIT response
ike 2:Israel-127.13:1796213: incoming proposal:
ike 2:Israel-127.13:1796213: proposal id = 1:
ike 2:Israel-127.13:1796213: protocol = IKEv2:
ike 2:Israel-127.13:1796213: encapsulation = IKEv2/none
ike 2:Israel-127.13:1796213: type=ENCR, val=AES_CBC (key_len = 256)
ike 2:Israel-127.13:1796213: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
ike 2:Israel-127.13:1796213: type=PRF, val=PRF_HMAC_SHA2_256
ike 2:Israel-127.13:1796213: type=DH_GROUP, val=ECP384.
ike 2:Israel-127.13:1796213: matched proposal id 1
ike 2:Israel-127.13:1796213: proposal id = 1:
ike 2:Israel-127.13:1796213: protocol = IKEv2:
ike 2:Israel-127.13:1796213: encapsulation = IKEv2/none
ike 2:Israel-127.13:1796213: type=ENCR, val=AES_CBC (key_len = 256)
ike 2:Israel-127.13:1796213: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
ike 2:Israel-127.13:1796213: type=PRF, val=PRF_HMAC_SHA2_256
ike 2:Israel-127.13:1796213: type=DH_GROUP, val=ECP384.
ike 2:Israel-127.13:1796213: lifetime=86400
ike 2:Israel-127.13:1796213: compute DH shared secret request queued
ike 2:Israel-127.13:1796213: IKE SA fe5a8aecb8aa6817/ceaaa7c0b3bee581 SK_ei
32:258F1FCF3BC261858BF1331FA0779DE101C760446DC1F2DF85B60D5D20B
90F27
ike 2:Israel-127.13:1796213: IKE SA fe5a8aecb8aa6817/ceaaa7c0b3bee581 SK_er
32:84E270C83E4238404ED651A910BDE0A2DA489AC5F46B1CA5C20973E8D33
AEDD1
ike 2:Israel-127.13:1796213: IKE SA fe5a8aecb8aa6817/ceaaa7c0b3bee581 SK_ai
32:C333956A596DC6E0A5402157D3EA272FE50E2A0D7F5AAFBDDF4DA6CF204
5CE78
ike 2:Israel-127.13:1796213: IKE SA fe5a8aecb8aa6817/ceaaa7c0b3bee581 SK_ar
32:D22E17F796454EC2E88555C10E1209961E447C8CD85EBB665BC3CA5BC42
E4427
ike 2:Israel-127.13:1796213: initiator preparing AUTH msg
ike 2:Israel-127.13:1796213: sending INITIAL-CONTACT
ike 2:Israel-127.13:1796213: enc
2900000C01000000C008CA7927000008000040002900002802000000CDCB6EFFEFCF47F1A138AAB57F7
96B193D6F9D7E7F250F65E
9D55ED0058DA0A121000008000040242C00002C000000280103040357FD1A300300000C0100000C800E
0100030000080300000C00000008050000002D00001801000000070
000100000FFFF00000000FFFFFFFF0000001801000000070000100000FFFF00000000FFFFFFFF0F0E0D
0C0B0A0908070605040302010F
ike 2:Israel-127.13:1796213: out
FE5A8AECB8AA6817CEAAA7C0B3BEE5812E20230800000001000000F0230000D458F7BFE1B77778BA3DC
E226F26E6F8D8DE2C0F558
990FBE533A0BE913D959CD0F1B2209F1B5C56143D232E52D836F01EC34761B75A25D7287C20F1F37634
A40784D9C26FF62E2D0C2B4F805D80878580C1559505D61F0653FEA
602D3DF95C5AD74AA2746F5AD06BB9FD13EAC0AEB0ADCCC8C0311EE13E76DADB59D746EC9225B5A8B7C
DE770B4C7C545734F736DE35D2E47DA808A73D5EBA1578986712E90
91BF5572E50AC0D518F2FA844A60692D31B0226E97E619B7690AB17653A9581C062EDFE189F0DEA0814
B2CD08EE21B03597
ike 2:Israel-127.13:1796213: sent IKE msg (AUTH): 192.8.202.121:500-
>192.8.127.13:500, len=240, vrf=0, id=fe5a8aecb8aa6817/ceaaa7c0b3bee58
1:00000001
ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
ike 2: IKEv2 exchange=AUTH_RESPONSE id=fe5a8aecb8aa6817/ceaaa7c0b3bee581:00000001
len=80
ike 2: in
FE5A8AECB8AA6817CEAAA7C0B3BEE5812E2023200000000100000050290000341E2ECE63DEE11458639
E19EF0486667120182AF490902648641FE49D1C09D1F3
765EA026D8FCDA25C0A70238C7235AC2
ike 2:Israel-127.13: HA state master(2)
ike 2:Israel-127.13:1796213: dec
FE5A8AECB8AA6817CEAAA7C0B3BEE5812E2023200000000100000028290000040000000800000018
ike 2:Israel-127.13:1796213: initiator received AUTH msg
ike 2:Israel-127.13:1796213: received notify type AUTHENTICATION_FAILED
ike 2:Israel-127.13:1796213: schedule delete of IKE SA
fe5a8aecb8aa6817/ceaaa7c0b3bee581
ike 2:Israel-127.13:1796213: scheduled delete of IKE SA
fe5a8aecb8aa6817/ceaaa7c0b3bee581
ike 2:Israel-127.13: connection expiring due to phase1 down
ike 2:Israel-127.13: deleting
ike 2:Israel-127.13: deleted
ike 2:Israel-127.13: schedule auto-negotiate
ike 2:Israel-127.13:Blr_lab-to-Israel: chosen to populate IKE_SA traffic-selectors
ike 2:Israel-127.13: no suitable IKE_SA, queuing CHILD_SA request and initiating
IKE_SA negotiation
ike 2:Israel-127.13:1796233: generate DH public value request queued
ike 2:Israel-127.13:1796233: out
B5999FCE5A0E78EF00000000000000002120220800000000000000E0220000300000002C01010004030
0000C0100000C800E01000
300000802000005030000080300000C00000008040000142800006800140000500F73520F8A679CF985
C37E4F22AE327E5844EA35C3F8FCCE09E6F7A3A0A29FC8D9D864F52
DC468E6ACD521810340B81D9FE26B5CF351EB1286B0AED99E94B493324BC501657B71F3ABB3385B22CD
FF4F65E67069FB294A0C4BC4828E00DB55290000243FB58FA19B140
09F69BF9E15E48002E0AFBDA1957B7A317A2F2BD5DF3A073C35000000080000402E
ike 2:Israel-127.13:1796233: sent IKE msg (SA_INIT): 192.8.202.121:500-
>192.8.127.13:500, len=224, vrf=0, id=b5999fce5a0e78ef/000000000000
0000
ike shrank heap by 159744 bytes
ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
ike 2: IKEv2 exchange=SA_INIT_RESPONSE id=b5999fce5a0e78ef/2b2f7fd9bc3dedc1 len=216
ike 2: in
B5999FCE5A0E78EF2B2F7FD9BC3DEDC12120222000000000000000D8220000300000002C01010004030
0000C0100000C800E0100030000080200000503000008
0300000C0000000804000014280000680014000039DD82B053A9924EC1C39AE6A257426141C649C6B28
D5828CC19D8D62234B093428D5A56EA1D291337210D870FC04CBCB0
FCFE63B8CA66273896C5E3B6C6D1013A1059B9556D4D470636CAC121AE9C346AE2DC5DE199853AF20C7
C7828992E2E00000024E3BB95DB6521E73BE96355C9CF03A8527418
0D39F159BC6AE15E45E0BE07F9D8
ike 2:Israel-127.13:1796233: initiator received SA_INIT response
ike 2:Israel-127.13:1796233: incoming proposal:
ike 2:Israel-127.13:1796233: proposal id = 1:
ike 2:Israel-127.13:1796233: protocol = IKEv2:
ike 2:Israel-127.13:1796233: encapsulation = IKEv2/none
ike 2:Israel-127.13:1796233: type=ENCR, val=AES_CBC (key_len = 256)
ike 2:Israel-127.13:1796233: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
ike 2:Israel-127.13:1796233: type=PRF, val=PRF_HMAC_SHA2_256
ike 2:Israel-127.13:1796233: type=DH_GROUP, val=ECP384.
ike 2:Israel-127.13:1796233: matched proposal id 1
ike 2:Israel-127.13:1796233: proposal id = 1:
ike 2:Israel-127.13:1796233: protocol = IKEv2:
ike 2:Israel-127.13:1796233: encapsulation = IKEv2/none
ike 2:Israel-127.13:1796233: type=ENCR, val=AES_CBC (key_len = 256)
ike 2:Israel-127.13:1796233: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
ike 2:Israel-127.13:1796233: type=PRF, val=PRF_HMAC_SHA2_256
ike 2:Israel-127.13:1796233: type=DH_GROUP, val=ECP384.
ike 2:Israel-127.13:1796233: lifetime=86400
ike 2:Israel-127.13:1796233: compute DH shared secret request queued
ike 2:Israel-127.13:1796233: IKE SA b5999fce5a0e78ef/2b2f7fd9bc3dedc1 SK_ei
32:610F7DF5B3398EBD45D1BAB5BE47CD6786E7F8ED43A1743E15DF3C04AB8
CA653
ike 2:Israel-127.13:1796233: IKE SA b5999fce5a0e78ef/2b2f7fd9bc3dedc1 SK_er
32:D51B496ADEB4D3E54837A595D38709CD2CB95BE7A78FF156F8D24EDCDD6
860EE
ike 2:Israel-127.13:1796233: IKE SA b5999fce5a0e78ef/2b2f7fd9bc3dedc1 SK_ai
32:D7C9BCCBBD7058A967F50351C7FB473E6116BCE8BA725B45045A9DFA414
213A1
ike 2:Israel-127.13:1796233: IKE SA b5999fce5a0e78ef/2b2f7fd9bc3dedc1 SK_ar
32:F37AA8D637A3F158D6AAF3F4186BF24D9D38766FB47A06D9743D71C7BF6
0BF05
ike 2:Israel-127.13:1796233: initiator preparing AUTH msg
ike 2:Israel-127.13:1796233: sending INITIAL-CONTACT
ike 2:Israel-127.13:1796233: enc
2900000C01000000C008CA7927000008000040002900002802000000D0D5DA9C51C01B05BEF44284F3F
AE0E1BD26A2253B770B2A5
889DB224C119D7521000008000040242C00002C000000280103040357FD1A320300000C0100000C800E
0100030000080300000C00000008050000002D00001801000000070
000100000FFFF00000000FFFFFFFF0000001801000000070000100000FFFF00000000FFFFFFFF0F0E0D
0C0B0A0908070605040302010F
ike 2:Israel-127.13:1796233: out B5999FCE5A0E78EF2B2F7FD9BC3DEDC12E202308
0000001000000F0230000D4E6485977B4445A2DF0EFCE9F9DCBEB3F4D1118C30344B2E9E97B5157A7E8
6D5F3A78ADC50A7E50B17D1C60546951A2BB1533239BB53CD57FEC8
D729AA0DFAD4A555721218BB08E803C0872D598E1B3797441561A003BE0677E4CC42ADAEDAB31BB0343
F5EF928203FB80ECDFDDF7E1B044DE2667230872EF8A6F3F80A1E43
FD4BF34C95EFD2A995550AD71FF45298C0E5E7F9BD200EBEE9FCB44178C1048D592EC8D157F0CDE57E5
DA748307D548A22E9E641BC454F8F8BD98FBC08F02032A7E2CCD862
71AA8E0FB8F623EE610646AEB
ike 2:Israel-127.13:1796233: sent IKE msg (AUTH): 192.8.202.121:500-
>192.8.127.13:500, len=240, vrf=0, id=b5999fce5a0e78ef/2b2f7fd9bc3dedc
1:00000001
ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
ike 2: IKEv2 exchange=AUTH_RESPONSE id=b5999fce5a0e78ef/2b2f7fd9bc3dedc1:00000001
len=80
ike 2: in
B5999FCE5A0E78EF2B2F7FD9BC3DEDC12E202320000000010000005029000034A05232CA75949B796C9
FE7D7CD48C0CF6AE0F5C06DB74AEC1DB9385756C540A4
447D807B96073104127ABD8D5E90EF9D
ike 2:Israel-127.13: HA state master(2)
ike 2:Israel-127.13:1796233: dec
B5999FCE5A0E78EF2B2F7FD9BC3DEDC12E2023200000000100000028290000040000000800000018
ike 2:Israel-127.13:1796233: initiator received AUTH msg
ike 2:Israel-127.13:1796233: received notify type AUTHENTICATION_FAILED
ike 2:Israel-127.13:1796233: schedule delete of IKE SA
b5999fce5a0e78ef/2b2f7fd9bc3dedc1
ike 2:Israel-127.13:1796233: scheduled delete of IKE SA
b5999fce5a0e78ef/2b2f7fd9bc3dedc1
ike 2:Israel-127.13: connection expiring due to phase1 down
ike 2:Israel-127.13: deleting
ike 2:Israel-127.13: deleted
ike 2:Israel-127.13: schedule auto-negotiate
ike 2:Israel-127.13:Blr_lab-to-Israel: chosen to populate IKE_SA traffic-selectors
ike 2:Israel-127.13: no suitable IKE_SA, queuing CHILD_SA request and initiating
IKE_SA negotiation
ike 2:Israel-127.13:1796253: generate DH public value request queued
ike 2:Israel-127.13:1796253: out
4A0D0938BC749D5000000000000000002120220800000000000000E0220000300000002C01010004030
0000C0100000C800E01000
300000802000005030000080300000C00000008040000142800006800140000943FAF2A01D82E4A3B3C
1964DC9459B51B49DC7A8BFF46A444C52CAD97ADD61B8DA3BB39E1D
9F3AD2283AEC426A3C912AE252E7C0186596B0BF08D329D775A3F4A2C75A8212F7AB90E8796F9292300
DC83235974469F3B4AB66C02CD73CF9C4729000024954413198F477
50CBD118994CF395B34D8436C2D94104F66FF0DAF7371B9AA45000000080000402E
ike 2:Israel-127.13:1796253: sent IKE msg (SA_INIT): 192.8.202.121:500-
>192.8.127.13:500, len=224, vrf=0, id=4a0d0938bc749d50/000000000000
0000
ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
ike 2: IKEv2 exchange=SA_INIT_RESPONSE id=4a0d0938bc749d50/fb3a209de1c88106 len=216
ike 2: in
4A0D0938BC749D50FB3A209DE1C881062120222000000000000000D8220000300000002C01010004030
0000C0100000C800E0100030000080200000503000008
0300000C00000008040000142800006800140000DFAEAF3676103D22174114AE4D2112DF27579F5EA68
06587180D8871E32B9E14CA907BF3004C7940320D72AF3DE821C984
02072EA584AB8E03A5150B10B278400696FC9EC2A9AF0151BCE2CC74388D2F56D0CA954E7FDF81AC496
AD8637E9B4E0000002409C18D2A43C04DE455BE1AF0E38AAD66EF8C
754349AEE3E2163737FABA23FDBA
ike 2:Israel-127.13:1796253: initiator received SA_INIT response
ike 2:Israel-127.13:1796253: incoming proposal:
ike 2:Israel-127.13:1796253: proposal id = 1:
ike 2:Israel-127.13:1796253: protocol = IKEv2:
ike 2:Israel-127.13:1796253: encapsulation = IKEv2/none
ike 2:Israel-127.13:1796253: type=ENCR, val=AES_CBC (key_len = 256)
ike 2:Israel-127.13:1796253: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
ike 2:Israel-127.13:1796253: type=PRF, val=PRF_HMAC_SHA2_256
ike 2:Israel-127.13:1796253: type=DH_GROUP, val=ECP384.
ike 2:Israel-127.13:1796253: matched proposal id 1
ike 2:Israel-127.13:1796253: proposal id = 1:
ike 2:Israel-127.13:1796253: protocol = IKEv2:
ike 2:Israel-127.13:1796253: encapsulation = IKEv2/none
ike 2:Israel-127.13:1796253: type=ENCR, val=AES_CBC (key_len = 256)
ike 2:Israel-127.13:1796253: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
ike 2:Israel-127.13:1796253: type=PRF, val=PRF_HMAC_SHA2_256
ike 2:Israel-127.13:1796253: type=DH_GROUP, val=ECP384.
ike 2:Israel-127.13:1796253: lifetime=86400
ike 2:Israel-127.13:1796253: compute DH shared secret request queued
ike 2:Israel-127.13:1796253: IKE SA 4a0d0938bc749d50/fb3a209de1c88106 SK_ei
32:3007A24FC395AE31347976B04365230493CB3FEE83DBBF1A9E4366E8054
4CEC5
ike 2:Israel-127.13:1796253: IKE SA 4a0d0938bc749d50/fb3a209de1c88106 SK_er
32:5B008F8113846290C59C5A74D53FDC3C5867D4DE7F00D93CD85F4D2AA4A
91C16
ike 2:Israel-127.13:1796253: IKE SA 4a0d0938bc749d50/fb3a209de1c88106 SK_ai
32:12345637739A87643AC6E72886124906FDD2D981D30CA69EC7D64D7D221
C7865
ike 2:Israel-127.13:1796253: IKE SA 4a0d0938bc749d50/fb3a209de1c88106 SK_ar
32:82E0CC10AD1F1513EF5E599A22144FE41FD665118949BE8D0B619B01CEB
79229
ike 2:Israel-127.13:1796253: initiator preparing AUTH msg
ike 2:Israel-127.13:1796253: sending INITIAL-CONTACT
ike 2:Israel-127.13:1796253: enc
2900000C01000000C008CA7927000008000040002900002802000000312DE1CFD328C3E3DCF37887F0E
91101DDC57593F425736F7
DD168823CCFD1D621000008000040242C00002C000000280103040357FD1A360300000C0100000C800E
0100030000080300000C00000008050000002D00001801000000070
000100000FFFF00000000FFFFFFFF0000001801000000070000100000FFFF00000000FFFFFFFF0F0E0D
0C0B0A0908070605040302010F
ike 2:Israel-127.13:1796253: out
4A0D0938BC749D50FB3A209DE1C881062E20230800000001000000F0230000D470301E08838F35FA634
6CF9535302C95C55FF50EA
458A52C02CD7149592A443CA48138C5675CE0FCC40761CB3ED6AA516B39FCE18882F86807F095DFA2D6
B5BFE3D0A297EF5E221B240CF3A41A734FEA9DB5FA0A8DF1CBAFCDB
4B5470E7E202F06154A1ED2D6EDD546AD01258C1F3640D03D4522B4D1187236D3CC10765AD1F8408563
1EC10A1CFAC4E61E09482C39D6096C4DA5C622A05875E34FC55591A
5190A02EC352FA0029A4E261C639BBE319C6C434BB6FB984D9586C9C5E62EEE285A8C74ECAD0DE76312
8FC8200388AB96FA
ike 2:Israel-127.13:1796253: sent IKE msg (AUTH): 192.8.202.121:500-
>192.8.127.13:500, len=240, vrf=0, id=4a0d0938bc749d50/fb3a209de1c8810
6:00000001
ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
ike 2: IKEv2 exchange=AUTH_RESPONSE id=4a0d0938bc749d50/fb3a209de1c88106:00000001
len=80
ike 2: in
4A0D0938BC749D50FB3A209DE1C881062E202320000000010000005029000034E7D6684CF8FD5C53E1F
1B076312021D4F38CD4BF3A59A01D82DC24408C753AEA
9B926DE7611B4922C6A265B57BED4CB7
ike 2:Israel-127.13: HA state master(2)
ike 2:Israel-127.13:1796253: dec
4A0D0938BC749D50FB3A209DE1C881062E2023200000000100000028290000040000000800000018
ike 2:Israel-127.13:1796253: initiator received AUTH msg
ike 2:Israel-127.13:1796253: received notify type AUTHENTICATION_FAILED
ike 2:Israel-127.13:1796253: schedule delete of IKE SA
4a0d0938bc749d50/fb3a209de1c88106
ike 2:Israel-127.13:1796253: scheduled delete of IKE SA
4a0d0938bc749d50/fb3a209de1c88106
ike 2:Israel-127.13: connection expiring due to phase1 down
ike 2:Israel-127.13: deleting
ike 2:Israel-127.13: deleted
ike 2:Israel-127.13: schedule auto-negotiate

FortiGate-2601F (vsys3) # ike 2:Israel-127.13:Blr_lab-to-Israel: chosen to populate


IKE_SA traffic-selectors
ike 2:Israel-127.13: no suitable IKE_SA, queuing CHILD_SA request and initiating
IKE_SA negotiation
ike 2:Israel-127.13:1796272: generate DH public value request queued
ike 2:Israel-127.13:1796272: out
E47684B97E80F7E500000000000000002120220800000000000000E0220000300000002C01010004030
0000C0100000C800E01000
300000802000005030000080300000C00000008040000142800006800140000E8CDF1D9E3C78AFAD8D2
D78317A7617BDAAD664E9DE1CA083ACED48BCCEF04C3926FD0CEE80
7B979D155625FDF8E686926BF5E5BA3FE867C7DB09DCF7333076D29818272E9241C884D2477DC4CD08A
805F968B6424E8022DD691FA78297ED6C429000024C370668775480
BDFB2A2E62D889E318D30E64AB7E7DE40024D42168C8123671A000000080000402E
ike 2:Israel-127.13:1796272: sent IKE msg (SA_INIT): 192.8.202.121:500-
>192.8.127.13:500, len=224, vrf=0, id=e47684b97e80f7e5/000000000000
0000
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) # ike 2:Israel-127.13:Blr_lab-to-Israel: IPsec SA connect 9
192.8.202.121->192.8.127.13:0
ike 2:Israel-127.13:Blr_lab-to-Israel: using existing connection
ike 2:Israel-127.13:Blr_lab-to-Israel: config found
ike 2:Israel-127.13: request is on the queue
ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
ike 2: IKEv2 exchange=SA_INIT_RESPONSE id=e47684b97e80f7e5/c822b7dad6f398bb len=216
ike 2: in
E47684B97E80F7E5C822B7DAD6F398BB2120222000000000000000D8220000300000002C01010004030
0000C0100000C800E0100030000080200000503000008
0300000C000000080400001428000068001400008B8AF84AF8B29E3887D08AAA3BDA49D4DFFCBD3C3C4
91CC02032AFA67EEE5645299D0D2F6531EAFBC8E1D7B9A301E1F8E3
D5979E803691139CB322198BAB00DE697F80E0DE1D9132E2F0418B5BC2F8E6EA3631AC7AFAB56D284AC
57C9905471100000024AFBCDD79FC48687887FBBBAC4A38FD7B9C8A
A3A8FCAB050539920AD713202A30
ike 2:Israel-127.13:1796272: initiator received SA_INIT response
ike 2:Israel-127.13:1796272: incoming proposal:
ike 2:Israel-127.13:1796272: proposal id = 1:
ike 2:Israel-127.13:1796272: protocol = IKEv2:
ike 2:Israel-127.13:1796272: encapsulation = IKEv2/none
ike 2:Israel-127.13:1796272: type=ENCR, val=AES_CBC (key_len = 256)
ike 2:Israel-127.13:1796272: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
ike 2:Israel-127.13:1796272: type=PRF, val=PRF_HMAC_SHA2_256
ike 2:Israel-127.13:1796272: type=DH_GROUP, val=ECP384.
ike 2:Israel-127.13:1796272: matched proposal id 1
ike 2:Israel-127.13:1796272: proposal id = 1:
ike 2:Israel-127.13:1796272: protocol = IKEv2:
ike 2:Israel-127.13:1796272: encapsulation = IKEv2/none
ike 2:Israel-127.13:1796272: type=ENCR, val=AES_CBC (key_len = 256)
ike 2:Israel-127.13:1796272: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
ike 2:Israel-127.13:1796272: type=PRF, val=PRF_HMAC_SHA2_256
ike 2:Israel-127.13:1796272: type=DH_GROUP, val=ECP384.
ike 2:Israel-127.13:1796272: lifetime=86400
ike 2:Israel-127.13:1796272: compute DH shared secret request queued
ike 2:Israel-127.13:1796272: IKE SA e47684b97e80f7e5/c822b7dad6f398bb SK_ei
32:9A5792DF0ECF9CA666F3B8F4868D921DEFC18B57CE53D19BFF1371C58A2
6FDEB
ike 2:Israel-127.13:1796272: IKE SA e47684b97e80f7e5/c822b7dad6f398bb SK_er
32:F2F206A0FCBD46E5BAAA8958263B2944C23E3E96B9A4209FC213FFCE866
37336
ike 2:Israel-127.13:1796272: IKE SA e47684b97e80f7e5/c822b7dad6f398bb SK_ai
32:589ECBDA7732F0761233470DE2ED9253A6AE0856DBF8301F2897ADE7CAD
B7C18
ike 2:Israel-127.13:1796272: IKE SA e47684b97e80f7e5/c822b7dad6f398bb SK_ar
32:7D301D16555206CBE40DF59B87690036096F36100D98C47B6E4FF85BCB6
66013
ike 2:Israel-127.13:1796272: initiator preparing AUTH msg
ike 2:Israel-127.13:1796272: sending INITIAL-CONTACT
ike 2:Israel-127.13:1796272: enc
2900000C01000000C008CA7927000008000040002900002802000000F455890C850798B5B85354AB3F3
C48A63695729197B13D6DD
503FDBECFA68F1121000008000040242C00002C000000280103040357FD1A390300000C0100000C800E
0100030000080300000C00000008050000002D00001801000000070
000100000FFFF00000000FFFFFFFF0000001801000000070000100000FFFF00000000FFFFFFFF0F0E0D
0C0B0A0908070605040302010F
ike 2:Israel-127.13:1796272: out
E47684B97E80F7E5C822B7DAD6F398BB2E20230800000001000000F0230000D450C754C92C4E8BDA5B5
E080C0235417A25B6E25AA
C19321594F2216D1F99E85A62227ACD1DF0BDC40992C3D09B76EAFCCF8F696E8A09336EA33AE07C146E
4C07D32E83D56417C148C9513DAB97DA16614979DA07A4393F50B4A
1560ED9D46E5A73ECC681EE56B8ADB0A01D6FF51509CB2C18120C290AFC72DD38FCDA725C71710ECB95
4DEF9C7CE668F9A4D64958AA1913C5E14AE0C218EA52A2258E3C4F4
CFFF8AD57A978F807B6C41E61EBCC0F7ECE3BD5FD660EBB706386FDD7CD170BDCD419A69C898057411F
C5F5C8FAC474A482
ike 2:Israel-127.13:1796272: sent IKE msg (AUTH): 192.8.202.121:500-
>192.8.127.13:500, len=240, vrf=0, id=e47684b97e80f7e5/c822b7dad6f398b
b:00000001
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) # ike 2: comes 192.8.127.13:500-
>192.8.202.121:500,ifindex=9,vrf=0....
ike 2: IKEv2 exchange=AUTH_RESPONSE id=e47684b97e80f7e5/c822b7dad6f398bb:00000001
len=80
ike 2: in
E47684B97E80F7E5C822B7DAD6F398BB2E202320000000010000005029000034E0C25A66F7D931B018E
FAC580A448FC0E592B454FA9F3BFFD99573C37A23F76A
3C9B9EBCBA5340CC63A4A787E1C6E9DA
ike 2:Israel-127.13: HA state master(2)
ike 2:Israel-127.13:1796272: dec
E47684B97E80F7E5C822B7DAD6F398BB2E2023200000000100000028290000040000000800000018
ike 2:Israel-127.13:1796272: initiator received AUTH msg
ike 2:Israel-127.13:1796272: received notify type AUTHENTICATION_FAILED
ike 2:Israel-127.13:1796272: schedule delete of IKE SA
e47684b97e80f7e5/c822b7dad6f398bb
ike 2:Israel-127.13:1796272: scheduled delete of IKE SA
e47684b97e80f7e5/c822b7dad6f398bb
ike 2:Israel-127.13: connection expiring due to phase1 down
ike 2:Israel-127.13: deleting
ike 2:Israel-127.13: deleted
ike 2:Israel-127.13: schedule auto-negotiate
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) # dike 2:Israel-127.13:Blr_lab-to-Israel: chosen to
populate IKE_SA traffic-selectors
ike 2:Israel-127.13: no suitable IKE_SA, queuing CHILD_SA request and initiating
IKE_SA negotiation
ike 2:Israel-127.13:1796295: generate DH public value request queued
ike 2:Israel-127.13:1796295: out
70582F741BC732E300000000000000002120220800000000000000E0220000300000002C01010004030
0000C0100000C800E01000
300000802000005030000080300000C000000080400001428000068001400000FE881A0E2A1CE677C0D
115B0D9126D9161B52772493ADCF7DB263E2DC1161630764AD22B13
D44C4CB736395AF1EBA47C411C9F7A30FD94B98C7F3647AA0B5B5DA9332C9B75EEE4DA6EE97C5C280DD
5BA86D3D9882B2470FE136CA872AE6DAAA2900002452495B700A20F
C77F78644771003C2B25E5415E44AC286FB6AB409E0E0D1720D000000080000402E
ike 2:Israel-127.13:1796295: sent IKE msg (SA_INIT): 192.8.202.121:500-
>192.8.127.13:500, len=224, vrf=0, id=70582f741bc732e3/000000000000
0000
iike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
ike 2: IKEv2 exchange=SA_INIT_RESPONSE id=70582f741bc732e3/8039b6c0b6fde8e9 len=216
ike 2: in
70582F741BC732E38039B6C0B6FDE8E92120222000000000000000D8220000300000002C01010004030
0000C0100000C800E0100030000080200000503000008
0300000C00000008040000142800006800140000E627AD6A983D5ACC8D54341CE7C2F5CB8668EF7D129
2847B74E8520921AE0BCF87D74FBFCA2D5FD0D4D9D394E5AB437719
510A9A7CD280789B1A555A768FC53FF2A60C893483FF04C52CF60B5E00965DF774E0D6B5A9138826F2B
1A6FA2194D80000002441CA5DA7E9C0D6675606CB5459E67123325A
CE72799FA42ED49A46696ADE97CE
ike 2:Israel-127.13:1796295: initiator received SA_INIT response
ike 2:Israel-127.13:1796295: incoming proposal:
ike 2:Israel-127.13:1796295: proposal id = 1:
ike 2:Israel-127.13:1796295: protocol = IKEv2:
ike 2:Israel-127.13:1796295: encapsulation = IKEv2/none
ike 2:Israel-127.13:1796295: type=ENCR, val=AES_CBC (key_len = 256)
ike 2:Israel-127.13:1796295: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
ike 2:Israel-127.13:1796295: type=PRF, val=PRF_HMAC_SHA2_256
ike 2:Israel-127.13:1796295: type=DH_GROUP, val=ECP384.
ike 2:Israel-127.13:1796295: matched proposal id 1
ike 2:Israel-127.13:1796295: proposal id = 1:
ike 2:Israel-127.13:1796295: protocol = IKEv2:
ike 2:Israel-127.13:1796295: encapsulation = IKEv2/none
ike 2:Israel-127.13:1796295: type=ENCR, val=AES_CBC (key_len = 256)
ike 2:Israel-127.13:1796295: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
ike 2:Israel-127.13:1796295: type=PRF, val=PRF_HMAC_SHA2_256
ike 2:Israel-127.13:1796295: type=DH_GROUP, val=ECP384.
ike 2:Israel-127.13:1796295: lifetime=86400
ike 2:Israel-127.13:1796295: compute DH shared secret request queued
ike 2:Israel-127.13:1796295: IKE SA 70582f741bc732e3/8039b6c0b6fde8e9 SK_ei
32:908B708797126D611105FECD295236F0DBF0452DB7D7DD4710D17423575
57728
ike 2:Israel-127.13:1796295: IKE SA 70582f741bc732e3/8039b6c0b6fde8e9 SK_er
32:8DEF37056E445BE3ECACDCD6EB6101A024A314D9AD57C69DEDE17DAB3E4
F85D5
ike 2:Israel-127.13:1796295: IKE SA 70582f741bc732e3/8039b6c0b6fde8e9 SK_ai
32:687EA2CAAA684ADFFB8C7818FBC538C21B975DCE96702D218B58B719B80
6A24A
ike 2:Israel-127.13:1796295: IKE SA 70582f741bc732e3/8039b6c0b6fde8e9 SK_ar
32:7CBC3440D562F1ACBFAFB13E8981CECD3B54FCCAA6942B6FD98881F9311
C2EE8
ike 2:Israel-127.13:1796295: initiator preparing AUTH msg
ike 2:Israel-127.13:1796295: sending INITIAL-CONTACT
ike 2:Israel-127.13:1796295: enc
2900000C01000000C008CA7927000008000040002900002802000000BEE7BC8A28E485BE74AECC31299
DB076A53903AD9D39E01BA
6600954D2747BF321000008000040242C00002C000000280103040357FD1A3C0300000C0100000C800E
0100030000080300000C00000008050000002D00001801000000070
000100000FFFF00000000FFFFFFFF0000001801000000070000100000FFFF00000000FFFFFFFF0F0E0D
0C0B0A0908070605040302010F
ike 2:Israel-127.13:1796295: out
70582F741BC732E38039B6C0B6FDE8E92E20230800000001000000F0230
00D4999C09BE588CAF767AD3078DF2F78E637B8C41EB3C020644EDAC8F4CA194B8D6F6B67290C5C74E5
2A6D11E2851BC2926858A5D3B5ABA9BB20B0E06CE5C5EBE4A128A08
0A5D20A007C0122609671031ED19D88CCBF423ABF9D4ACBF054DBB85921243D84EA0A3287CDF83AAA9A
5EB6BA0193AEBD5F2D03DA3AA86E89166661B5C87B6F53D056A82A7
5E33456B6DD6C26ED2A617F0A3FF6B49918DA13D5A15DD76A668985BDC9CC12AF886D1F3268A1F8493C
453B2828E14FC2080F7FF120B4D0E188C204BCD3250637B73BF9970
221F4A
ike 2:Israel-127.13:1796295: sent IKE msg (AUTH): 192.8.202.121:500-
>192.8.127.13:500, len=240, vrf=0, id=70582f741bc732e3/8039b6c0b6fde8e
9:00000001
deike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
ike 2: IKEv2 exchange=AUTH_RESPONSE id=70582f741bc732e3/8039b6c0b6fde8e9:00000001
len=80
ike 2: in
70582F741BC732E38039B6C0B6FDE8E92E202320000000010000005029000034570C1E8890585FCCC31
02DEFE5A838246C7B447B722210C90E8D545C6F1F3393
BA48D982BD89DD47E49A64E27C220C9D
ike 2:Israel-127.13: HA state master(2)
ike 2:Israel-127.13:1796295: dec
70582F741BC732E38039B6C0B6FDE8E92E2023200000000100000028290000040000000800000018
ike 2:Israel-127.13:1796295: initiator received AUTH msg
ike 2:Israel-127.13:1796295: received notify type AUTHENTICATION_FAILED
ike 2:Israel-127.13:1796295: schedule delete of IKE SA
70582f741bc732e3/8039b6c0b6fde8e9
ike 2:Israel-127.13:1796295: scheduled delete of IKE SA
70582f741bc732e3/8039b6c0b6fde8e9
ike 2:Israel-127.13: connection expiring due to phase1 down
ike 2:Israel-127.13: deleting
ike 2:Israel-127.13: deleted
ike 2:Israel-127.13: schedule auto-negotiate
di

FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #
FortiGate-2601F (vsys3) #

You might also like