1970-01-01 01:11:23 avmike:<<< identity protection mode[10.2.0.1] ???: V1.0 196 IC 571384ec2fd93cb2 RC 00000000 0000 SA flags=1970-01-01 01:11:23 avmike:no phase1ss for cert users configured1970-01-01 01:11:23 avmike:10.2.0.1:500: new_neighbour_template failed
vpncfg { vpncfg_version = 1; connections { enabled = yes; editable = no; conn_type = conntype_lan; name = "C-Test_neu12"; boxuser_id = 0; always_renew = no; reject_not_encrypted = no; dont_filter_netbios = yes; localip = 0.0.0.0; local_virtualip = 0.0.0.0; remoteip = 0.0.0.0; remote_virtualip = 0.0.0.0; remotehostname = ""; keepalive_ip = 0.0.0.0; localid { fqdn = "SECRET"; } remoteid { fqdn = "SECRET"; } mode = phase1_mode_idp; phase1ss = "dh14/aes/sha"; keytype = connkeytype_pre_shared; key = "SECRET"; cert_do_server_auth = no; use_nat_t = no; use_xauth = no; use_cfgmode = no; phase2localid { ipnet { ipaddr = 192.168.10.0; mask = 255.255.255.0; } } phase2remoteid { ipnet { ipaddr = 10.100.0.0; mask = 255.255.255.0; } } phase2ss = "esp-aes-sha/ah-all/comp-lzjh-no/pfs"; accesslist = "permit ip 192.168.10.0 255.255.255.0 10.100.0.0 255.255.255.0"; app_id = 0; }}
Internet Security Association and Key Management Protocol Initiator SPI: b7ddbf282036d4cc Responder SPI: 0000000000000000 Next payload: Security Association (1) Version: 1.0 0001 .... = MjVer: 0x1 .... 0000 = MnVer: 0x0 Exchange type: Identity Protection (Main Mode) (2) Flags: 0x00 .... ...0 = Encryption: Not encrypted .... ..0. = Commit: No commit .... .0.. = Authentication: No authentication Message ID: 0x00000000 Length: 196 Payload: Security Association (1) Next payload: Vendor ID (13) Reserved: 00 Payload length: 52 Domain of interpretation: IPSEC (1) Situation: 00000001 .... .... .... .... .... .... .... ...1 = Identity Only: True .... .... .... .... .... .... .... ..0. = Secrecy: False .... .... .... .... .... .... .... .0.. = Integrity: False Payload: Proposal (2) # 0 Next payload: NONE / No Next Payload (0) Reserved: 00 Payload length: 40 Proposal number: 0 Protocol ID: ISAKMP (1) SPI Size: 0 Proposal transforms: 1 Payload: Transform (3) # 1 Next payload: NONE / No Next Payload (0) Reserved: 00 Payload length: 32 Transform number: 1 Transform ID: KEY_IKE (1) Reserved: 0000 IKE Attribute (t=1,l=2): Encryption-Algorithm: 3DES-CBC IKE Attribute (t=2,l=2): Hash-Algorithm: SHA IKE Attribute (t=4,l=2): Group-Description: 2048 bit MODP group IKE Attribute (t=3,l=2): Authentication-Method: Pre-shared key IKE Attribute (t=11,l=2): Life-Type: Seconds IKE Attribute (t=12,l=2): Life-Duration: 3600 Payload: Vendor ID (13) : XAUTH Next payload: Vendor ID (13) Reserved: 00 Payload length: 12 Vendor ID: 09002689dfd6b712 Vendor ID: XAUTH Payload: Vendor ID (13) : RFC 3706 DPD (Dead Peer Detection) Next payload: Vendor ID (13) Reserved: 00 Payload length: 20 Vendor ID: afcad71368a1f1c96b8696fc77570100 Vendor ID: RFC 3706 DPD (Dead Peer Detection) Payload: Vendor ID (13) : CISCO-UNITY 1.0 Next payload: Vendor ID (13) Reserved: 00 Payload length: 20 Vendor ID: 12f5f28c457168a9702d9fe274cc0100 Vendor ID: CISCO-UNITY CISCO-UNITY Major version: 1 CISCO-UNITY Minor version: 0 Payload: Vendor ID (13) : Cisco Fragmentation Next payload: Vendor ID (13) Reserved: 00 Payload length: 24 Vendor ID: 4048b7d56ebce88525e7de7f00d6c2d380000000 Vendor ID: Cisco Fragmentation Payload: Vendor ID (13) : RFC 3947 Negotiation of NAT-Traversal in the IKE Next payload: Vendor ID (13) Reserved: 00 Payload length: 20 Vendor ID: 4a131c81070358455c5728f20e95452f Vendor ID: RFC 3947 Negotiation of NAT-Traversal in the IKE Payload: Vendor ID (13) : draft-ietf-ipsec-nat-t-ike-02\n Next payload: NONE / No Next Payload (0) Reserved: 00 Payload length: 20 Vendor ID: 90cb80913ebb696e086381b5ec427b1f Vendor ID: draft-ietf-ipsec-nat-t-ike-02\n