Hi
I have a Fortigate 91G and created an IPSEC site to site tunnel to a firewall of an external partner with preshared key (I think Cisco Firewall but info is not disclosed). The tunnel drops from time to time - there is no pattern why. It reconnects immediately but the session for users is lost and they need to turn off and on their LAN / VPN connection to be able to reconnect to the partner's systems. I checked the configuration multiple time and it's exactly the same as the partner uses (IKEv2, preshared key, Phase1: SHA256, AES256, Diffie-Hellman 14, Key-Lifetime 43200, Phase2 Lifetime: 3600s).
I tried turning on and off the Phase2 Auto-negotiate and Auto Key Keepalive options but the tunnel keeps going down. I can't really tell why it goes down because I don't see anything in the logs - maybe I am looking at the wrong place. I can tell that this is only happening during work time, the tunnel is stable outside of working hours.
Solved! Go to Solution.
It is resolved by now! After I tried many things to resolve this, one of these have fixed it:
1. My best guess is I disabled NAT-T on the IPSEC tunnel's network settings as there was also a SNAT configured in Central SNAT and I think it interfered.
2. I removed some of the partner networks IPs of allowed IPs in the settings of another OpenVPN service that did not work. It might have interfered with the traffic resulting in packages being dropped.
Hi it_admin_icongroup,
Check if the issue affects one VPN or all configured VPNs.
If all VPN tunnels are affected, check the internet connection and run the following commands to find errors/logs associated with the firewall/interface:
- diagnose debug crashlog read
- diagnose sys top 2 50 (press Ctrl + C to stop after running for 5 iterations)
- get system performance status
- diagnose hardware sysinfo conserve
- diagnose hardware deviceinfo nic <interface-name>
- execute tac report
If only one tunnel is flapping, collect the 'VPN Events' log.
Please refer to the Point7 of the below document:
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Troubleshooting-IPsec-Site-to-Site-T...
Additionally, we need to collect the IKE debug logs to diagnose the issue.
diagnose vpn ike gateway list (or diagnose vpn ike gateway list name <tunnel-name>)
diagnose vpn ike log-filter dst-addr4 10.10.100.109 ---> 10.10.100.109 is the remote gateway
diagnose debug console timestamp enable
diagnose debug application ike -1
diagnose debug enable
Regards,
Aman
Thanks for your reply, kaman.
Attached are debug logs and VPN Event logs, one time filtered what happens before and after the tunnel drops. Debug logs says:
eceived informational request
processing notify type INVALID_SPI
malformed payload (spi_size=0 != 4)
Do you know what to make out of that?
 
  
Hi it_admin_icongroup,
"processing notify type INVALID_SPI"
Here are some of the most common causes of the "processing notify type INVALID_SPI" error:
> Incorrect IPSec configuration: If the IPSec configuration on either the Fortigate device or the IPSec peer is incorrect, the SPI values may not match, causing the error.
> Network connectivity issues: If there are network connectivity issues between the IPSec peers, the IPSec packets may not be able to reach the destination, causing the error.
> Problems with the IPSec peer: If the IPSec peer is experiencing problems, it may not be able to initiate the SA correctly, resulting in the error.
" malformed payload (spi_size=0 != 4)"
> The message indicates that there is a problem with the payload of an IPSec packet.
> The part "spi_size=0 != 4" of the error message refers to the size of the Security Parameter Index (SPI) field in the IPSec packet. The SPI is a value that identifies the security association (SA) for a particular IPSec connection. In IPSec, the SPI is always 4 bytes in size.
> The error message indicates that the SPI size received in an IPSec packet is 0, which is not the expected size of 4 bytes. This means that the IPSec packet is malformed and cannot be processed correctly.
Kindly change the dpd settings to 'on-idle' on the ipsec vpn tunnel phase1 setting:
config vpn ipsec phase1-interface
edit <tunnel-name>
set dpd on-idle
end
Once you have made the change to the configuration, if you have the same issue, run the debug below:
diagnose debug console timestamp enable
diagnose debug application ike -1
diagnose debug enable
Collect the logs.....
diagnose debug dis
If you have found a solution, please like and accept it to make it easily accessible to others.
Regards,
Aman
Hi kaman
I changed the dpd settings to "on-idle" in phase1 and collected another log.
I think there is an SPI mismatch, but our technical contact for the other side's firewall insists that the settings we did (Replay Detection, PFS, auto-negotiate, autokey keep alive) are correct.
Firewall # diagnose debug console timestamp enable
Firewall # diagnose debug application ike -1
Debug messages will be on for 2 minutes.
Firewall # diagnose debug enable
Firewall # 2025-01-15 10:44:33.369387 ike 0:XXXXXXXXX: link is idle 3 XXXXXXXXX->XXXXXXXXX:0 dpd=1 seqno=89310 rr=0
2025-01-15 10:44:33.369427 ike 0:XXXXXXXXX:120308: send IKEv2 DPD probe, seqno 89310
2025-01-15 10:44:33.369438 ike 0:XXXXXXXXX:277381: sending NOTIFY msg
2025-01-15 10:44:33.369446 ike 0:XXXXXXXXX:120308:277381: send informational
2025-01-15 10:44:33.369463 ike 0:XXXXXXXXX:120308: enc 0F0E0D0C0B0A0908070605040302010F
2025-01-15 10:44:33.369514 ike 0:XXXXXXXXX:120308: out 01179DF404DEC7CC500C51F1457569B32E20250000000001000000500000003488FA33DB72D81BE6E9894604579DB7EA14875D9C5E3B930EB210CDBA85EFD
44812AC7EF2E22B44A6627C499988DAA209
2025-01-15 10:44:33.369547 ike 0:XXXXXXXXX:120308: sent IKE msg (INFORMATIONAL): XXXXXXXXX:500->XXXXXXXXX:500, len=80, vrf=0, id=01179df404dec7cc/500c51f1457569b3:00000001
2025-01-15 10:44:36.363061 ike 0:XXXXXXXXX:120308: out 01179DF404DEC7CC500C51F1457569B32E20250000000001000000500000003488FA33DB72D81BE6E9894604579DB7EA14875D9C5E3B930EB210CDBA85EFD
44812AC7EF2E22B44A6627C499988DAA209
2025-01-15 10:44:36.363129 ike 0:XXXXXXXXX:120308: sent IKE msg (RETRANSMIT_INFORMATIONAL): XXXXXXXXX:500->XXXXXXXXX:500, len=80, vrf=0, id=01179df404dec7cc/500c51f1457569
b3:00000001
2025-01-15 10:44:39.804697 ike 0: comes XXXXXXXXX:500->XXXXXXXXX:500,ifindex=3,vrf=0....
2025-01-15 10:44:39.804739 ike 0: IKEv2 exchange=SA_INIT id=3c5faf9a7ecd25f6/0000000000000000 len=1234
2025-01-15 10:44:39.804755 ike 0: in 3C5FAF9A7ECD25F600000000000000002120220800000000000004D2220002C40200004C010100080300000C0100000C800E01000300000802000007030000080200000603000
00802000005030000080300000E030000080300000D030000080300000C000000080400000E0200005C0201000A0300000C0100000C800E0100030000080200000703000008020000060300000802000005030000080300000
E030000080300000D030000080300000C0300000804000010030000080400000F000000080400000E0200005C0301000A0300000C0100000C800E0100030000080200000703000008020000060300000802000005030000080
300000E030000080300000D030000080300000C0300000804000010030000080400000F000000080400000E0200004C040100080300000C01000014800E0100030000080200000703000008020000060300000802000005030
000080400001F0300000804000015030000080400001400000008040000130200005C0501000A0300000C0100000C800E0100030000080200000703000008020000060300000802000005030000080300000E0300000803000
00D030000080300000C0300000804000010030000080400000F000000080400000E0200005C0601000A0300000C0100000C800E0100030000080200000703000008020000060300000802000005030000080300000E0300000
80300000D030000080300000C0300000804000015030000080400001400000008040000130200005C0701000A0300000C0100000C800E0100030000080200000703000008020000060300000802000005030000080300000E0
30000080300000D030000080300000C0300000804000015030000080400001400000008040000130000005C0801000A0300000C0100000C800E010003000008020000070300000802000006030000080200000503000008030
0000E030000080300000D030000080300000C03000008040000150300000804000014000000080400001328000108000E000030BC6FD54B95B5893A22811D257715852D33356C72BBE59136ECA4493FFF58089DAEFC1E23F70
811C83B975835A44B5DE074D0F656494063E76DE34AB0A097563ED75D198443FF07755ABC83EED36C8FD4F307E1251B3157C1D80A1B56BA92083A629032D72FC12F87C8D1B51446A5B000DAB6AE2A8C0204951AB8304C280ED
1D13BFF4764B7646B72AADBF31E6023E3225B50F6CBCC071029A4967137400E1F08EE7877D75ECC65A5622A29E37357965CED3FB9C3710B0E19E2B756EDB717DA2E9C93A7B3A36BE0F0773A8B00954B2FBC2EFDDA00C6A7220
CBF675120D47634AE1881805CCEAF5B0D35344DAFA31877C0F20E47D673021CBD479E963555F9862B00004409C26D841A764AD765A5C302853A94D56885B5B001B5AE4A1DB150594941B727B8BAADEB3AB5EFDDFE2063E2D4C
24F18073D78DA2AA1C870B96705DB9808F9342B000017434953434F2D44454C4554452D524541534F4E2900003B434953434F28434F505952494748542926436F7079726967687420286329203230303920436973636F20537
97374656D732C20496E632E2900001C010040048D694D88F95A7260C091BE571D0B16E5E9573F9F2900001C01004005ACE4385F8FB4E1D7C1E6C5B9CEB00FB35B84519D2B0000080000402E000000144048B7D56EBCE88525E
7DE7F00D6C2D3
2025-01-15 10:44:39.804818 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: responder received SA_INIT msg
2025-01-15 10:44:39.804831 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: VID unknown (19): CISCO-DELETE-REASON
2025-01-15 10:44:39.804840 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: VID unknown (55): CISCO(COPYRIGHT)&Copyright (c) 2009 Cisco Systems, Inc.
2025-01-15 10:44:39.804850 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: received notify type NAT_DETECTION_SOURCE_IP
2025-01-15 10:44:39.804860 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: received notify type NAT_DETECTION_DESTINATION_IP
2025-01-15 10:44:39.804869 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: received notify type FRAGMENTATION_SUPPORTED
2025-01-15 10:44:39.804879 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3
2025-01-15 10:44:39.804908 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: incoming proposal:
2025-01-15 10:44:39.804917 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: proposal id = 1:
2025-01-15 10:44:39.804923 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: protocol = IKEv2:
2025-01-15 10:44:39.804929 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: encapsulation = IKEv2/none
2025-01-15 10:44:39.804935 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=ENCR, val=AES_CBC (key_len = 256)
2025-01-15 10:44:39.804942 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2025-01-15 10:44:39.804952 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=INTEGR, val=AUTH_HMAC_SHA2_384_192
2025-01-15 10:44:39.804959 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=INTEGR, val=AUTH_HMAC_SHA2_512_256
2025-01-15 10:44:39.804964 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=PRF, val=PRF_HMAC_SHA2_256
2025-01-15 10:44:39.804969 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=PRF, val=PRF_HMAC_SHA2_384
2025-01-15 10:44:39.804974 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=PRF, val=PRF_HMAC_SHA2_512
2025-01-15 10:44:39.804979 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=DH_GROUP, val=MODP2048.
2025-01-15 10:44:39.804986 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: proposal id = 2:
2025-01-15 10:44:39.804991 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: protocol = IKEv2:
2025-01-15 10:44:39.804995 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: encapsulation = IKEv2/none
2025-01-15 10:44:39.805001 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=ENCR, val=AES_CBC (key_len = 256)
2025-01-15 10:44:39.805005 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2025-01-15 10:44:39.805010 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=INTEGR, val=AUTH_HMAC_SHA2_384_192
2025-01-15 10:44:39.805014 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=INTEGR, val=AUTH_HMAC_SHA2_512_256
2025-01-15 10:44:39.805019 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=PRF, val=PRF_HMAC_SHA2_256
2025-01-15 10:44:39.805024 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=PRF, val=PRF_HMAC_SHA2_384
2025-01-15 10:44:39.805028 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=PRF, val=PRF_HMAC_SHA2_512
2025-01-15 10:44:39.805033 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=DH_GROUP, val=MODP2048.
2025-01-15 10:44:39.805038 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=DH_GROUP, val=MODP3072.
2025-01-15 10:44:39.805043 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=DH_GROUP, val=MODP4096.
2025-01-15 10:44:39.805050 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: proposal id = 3:
2025-01-15 10:44:39.805055 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: protocol = IKEv2:
2025-01-15 10:44:39.805060 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: encapsulation = IKEv2/none
2025-01-15 10:44:39.805064 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=ENCR, val=AES_CBC (key_len = 256)
2025-01-15 10:44:39.805069 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2025-01-15 10:44:39.805073 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=INTEGR, val=AUTH_HMAC_SHA2_384_192
2025-01-15 10:44:39.805078 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=INTEGR, val=AUTH_HMAC_SHA2_512_256
2025-01-15 10:44:39.805083 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=PRF, val=PRF_HMAC_SHA2_256
2025-01-15 10:44:39.805088 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=PRF, val=PRF_HMAC_SHA2_384
2025-01-15 10:44:39.805093 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=PRF, val=PRF_HMAC_SHA2_512
2025-01-15 10:44:39.805097 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=DH_GROUP, val=MODP2048.
2025-01-15 10:44:39.805102 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=DH_GROUP, val=MODP3072.
2025-01-15 10:44:39.805107 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=DH_GROUP, val=MODP4096.
2025-01-15 10:44:39.805114 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: proposal id = 4:
2025-01-15 10:44:39.805118 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: protocol = IKEv2:
2025-01-15 10:44:39.805123 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: encapsulation = IKEv2/none
2025-01-15 10:44:39.805128 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=ENCR, val=AES_GCM_16 (key_len = 256)
2025-01-15 10:44:39.805133 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=PRF, val=PRF_HMAC_SHA2_256
2025-01-15 10:44:39.805138 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=PRF, val=PRF_HMAC_SHA2_384
2025-01-15 10:44:39.805142 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=PRF, val=PRF_HMAC_SHA2_512
2025-01-15 10:44:39.805147 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=DH_GROUP, val=ECP256.
2025-01-15 10:44:39.805152 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=DH_GROUP, val=ECP384.
2025-01-15 10:44:39.805156 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=DH_GROUP, val=ECP521.
2025-01-15 10:44:39.805161 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=DH_GROUP, val=CURVE25519.
2025-01-15 10:44:39.805169 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: proposal id = 5:
2025-01-15 10:44:39.805174 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: protocol = IKEv2:
2025-01-15 10:44:39.805178 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: encapsulation = IKEv2/none
2025-01-15 10:44:39.805183 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=ENCR, val=AES_CBC (key_len = 256)
2025-01-15 10:44:39.805188 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2025-01-15 10:44:39.805192 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=INTEGR, val=AUTH_HMAC_SHA2_384_192
2025-01-15 10:44:39.805197 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=INTEGR, val=AUTH_HMAC_SHA2_512_256
2025-01-15 10:44:39.805201 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=PRF, val=PRF_HMAC_SHA2_256
2025-01-15 10:44:39.805206 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=PRF, val=PRF_HMAC_SHA2_384
2025-01-15 10:44:39.805211 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=PRF, val=PRF_HMAC_SHA2_512
2025-01-15 10:44:39.805216 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=DH_GROUP, val=MODP2048.
2025-01-15 10:44:39.805220 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=DH_GROUP, val=MODP3072.
2025-01-15 10:44:39.805225 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=DH_GROUP, val=MODP4096.
2025-01-15 10:44:39.805232 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: proposal id = 6:
2025-01-15 10:44:39.805237 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: protocol = IKEv2:
2025-01-15 10:44:39.805241 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: encapsulation = IKEv2/none
2025-01-15 10:44:39.805246 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=ENCR, val=AES_CBC (key_len = 256)
2025-01-15 10:44:39.805251 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2025-01-15 10:44:39.805256 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=INTEGR, val=AUTH_HMAC_SHA2_384_192
2025-01-15 10:44:39.805260 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=INTEGR, val=AUTH_HMAC_SHA2_512_256
2025-01-15 10:44:39.805265 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=PRF, val=PRF_HMAC_SHA2_256
2025-01-15 10:44:39.805269 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=PRF, val=PRF_HMAC_SHA2_384
2025-01-15 10:44:39.805274 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=PRF, val=PRF_HMAC_SHA2_512
2025-01-15 10:44:39.805278 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=DH_GROUP, val=ECP256.
2025-01-15 10:44:39.805283 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=DH_GROUP, val=ECP384.
2025-01-15 10:44:39.805287 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=DH_GROUP, val=ECP521.
2025-01-15 10:44:39.805295 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: proposal id = 7:
2025-01-15 10:44:39.805299 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: protocol = IKEv2:
2025-01-15 10:44:39.805303 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: encapsulation = IKEv2/none
2025-01-15 10:44:39.805308 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=ENCR, val=AES_CBC (key_len = 256)
2025-01-15 10:44:39.805313 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2025-01-15 10:44:39.805318 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=INTEGR, val=AUTH_HMAC_SHA2_384_192
2025-01-15 10:44:39.805322 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=INTEGR, val=AUTH_HMAC_SHA2_512_256
2025-01-15 10:44:39.805327 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=PRF, val=PRF_HMAC_SHA2_256
2025-01-15 10:44:39.805331 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=PRF, val=PRF_HMAC_SHA2_384
2025-01-15 10:44:39.805342 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=PRF, val=PRF_HMAC_SHA2_512
2025-01-15 10:44:39.805347 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=DH_GROUP, val=ECP256.
2025-01-15 10:44:39.805352 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=DH_GROUP, val=ECP384.
2025-01-15 10:44:39.805356 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=DH_GROUP, val=ECP521.
2025-01-15 10:44:39.805363 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: proposal id = 8:
2025-01-15 10:44:39.805368 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: protocol = IKEv2:
2025-01-15 10:44:39.805373 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: encapsulation = IKEv2/none
2025-01-15 10:44:39.805377 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=ENCR, val=AES_CBC (key_len = 256)
2025-01-15 10:44:39.805382 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2025-01-15 10:44:39.805386 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=INTEGR, val=AUTH_HMAC_SHA2_384_192
2025-01-15 10:44:39.805391 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=INTEGR, val=AUTH_HMAC_SHA2_512_256
2025-01-15 10:44:39.805396 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=PRF, val=PRF_HMAC_SHA2_256
2025-01-15 10:44:39.805400 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=PRF, val=PRF_HMAC_SHA2_384
2025-01-15 10:44:39.805405 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=PRF, val=PRF_HMAC_SHA2_512
2025-01-15 10:44:39.805409 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=DH_GROUP, val=ECP256.
2025-01-15 10:44:39.805414 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=DH_GROUP, val=ECP384.
2025-01-15 10:44:39.805418 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=DH_GROUP, val=ECP521.
2025-01-15 10:44:39.805430 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: matched proposal id 1
2025-01-15 10:44:39.805438 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: proposal id = 1:
2025-01-15 10:44:39.805442 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: protocol = IKEv2:
2025-01-15 10:44:39.805446 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: encapsulation = IKEv2/none
2025-01-15 10:44:39.805451 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=ENCR, val=AES_CBC (key_len = 256)
2025-01-15 10:44:39.805455 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2025-01-15 10:44:39.805460 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=PRF, val=PRF_HMAC_SHA2_256
2025-01-15 10:44:39.805465 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: type=DH_GROUP, val=MODP2048.
2025-01-15 10:44:39.805469 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: lifetime=43200
2025-01-15 10:44:39.805477 ike 0:3c5faf9a7ecd25f6/0000000000000000:120342: SA proposal chosen, matched gateway XXXXXXXXX
2025-01-15 10:44:39.805484 ike 0: found XXXXXXXXX XXXXXXXXX 3 -> XXXXXXXXX:500
2025-01-15 10:44:39.805497 ike 0:XXXXXXXXX:120342: processing notify type NAT_DETECTION_SOURCE_IP
2025-01-15 10:44:39.805527 ike 0:XXXXXXXXX:120342: processing NAT-D payload
2025-01-15 10:44:39.805537 ike 0:XXXXXXXXX:120342: NAT not detected
2025-01-15 10:44:39.805542 ike 0:XXXXXXXXX:120342: process NAT-D
2025-01-15 10:44:39.805547 ike 0:XXXXXXXXX:120342: processing notify type NAT_DETECTION_DESTINATION_IP
2025-01-15 10:44:39.805562 ike 0:XXXXXXXXX:120342: processing NAT-D payload
2025-01-15 10:44:39.805567 ike 0:XXXXXXXXX:120342: NAT not detected
2025-01-15 10:44:39.805572 ike 0:XXXXXXXXX:120342: process NAT-D
2025-01-15 10:44:39.805576 ike 0:XXXXXXXXX:120342: processing notify type FRAGMENTATION_SUPPORTED
2025-01-15 10:44:39.805612 ike 0:XXXXXXXXX:120342: responder preparing SA_INIT msg
2025-01-15 10:44:39.805633 ike 0:XXXXXXXXX:120342: generate DH public value request queued
2025-01-15 10:44:39.805661 ike 0:XXXXXXXXX:120342: responder preparing SA_INIT msg
2025-01-15 10:44:39.805676 ike 0:XXXXXXXXX:120342: compute DH shared secret request queued
2025-01-15 10:44:39.808938 ike 0:XXXXXXXXX:120342: responder preparing SA_INIT msg
2025-01-15 10:44:39.808954 ike 0:XXXXXXXXX:120342: create NAT-D hash local XXXXXXXXX/500 remote XXXXXXXXX/500
2025-01-15 10:44:39.808969 ike 0:XXXXXXXXX:120342: out 3C5FAF9A7ECD25F617576DE84593765C2120222000000000000001A8220000300000002C010100040300000C0100000C800E0100030000080200000503000
0080300000C000000080400000E28000108000E0000C793CC84CBE475E35BBFC01E32C82B45FBEFB6C533C0CC0A6A08D53C2E7A744A2BA377A8C42C3DC105CBC63DFD30B1292ED647ABD547E0B3C5D02328407DB7C18871270
8D1FDD407BCEF68B1AAF001D249CB972479F224BCEC577E577DEA9BC6ABE582B79A576AA6C9C55AD6726E176F91D51EB43E7715E9A019401EF58555B176C3A3C4BFF9ECF230AB18D97D88C409D0FC660A305601AF880F4B9DD
96335036CB5FE0AE0BDF78A14FC0663840E39BDF9118F61A5404DF9870F11FA97F6B7BCFACC17CA64029DCF29E5CE373511A7D3D5AB035757437ED7DE1AA84CBA989C3366CA5FA030D23681556C557A3A7D1725D78E3374035
600AA34A6EDF3052BC7FD29000014C3F4980BEAA17CA4E6E403EB42185A5A2900001C0000400444BCA4280197659454D5C34CF0454522B6D7CC1F2900001C00004005AEC17408B1EAC8AA89EAFD7CD2C64EA56A14B9E700000
0080000402E
2025-01-15 10:44:39.809007 ike 0:XXXXXXXXX:120342: sent IKE msg (SA_INIT_RESPONSE): XXXXXXXXX:500->XXXXXXXXX:500, len=424, vrf=0, id=3c5faf9a7ecd25f6/17576de84593765c
2025-01-15 10:44:39.809063 ike 0:XXXXXXXXX:120342: IKE SA 3c5faf9a7ecd25f6/17576de84593765c SK_ei 32:6078C329537473A2C7E8FB869F896CF6BE886A134F06919B438B05853A4149F2
2025-01-15 10:44:39.809072 ike 0:XXXXXXXXX:120342: IKE SA 3c5faf9a7ecd25f6/17576de84593765c SK_er 32:6C26C3D30A8F777AE0EC6D10BE91097E5A2DB23593737BCA82F4015AE7345FC2
2025-01-15 10:44:39.809080 ike 0:XXXXXXXXX:120342: IKE SA 3c5faf9a7ecd25f6/17576de84593765c SK_ai 32:1C08A22F9DCB350AFAF75E58198DEC400317BC1579C58DB8E55920B7C965019A
2025-01-15 10:44:39.809087 ike 0:XXXXXXXXX:120342: IKE SA 3c5faf9a7ecd25f6/17576de84593765c SK_ar 32:732AE78CD7722D83B4AE9952EC344BF8BC6B50185FB1C1AFC2EED762A49B362B
2025-01-15 10:44:39.810596 ike 0: comes XXXXXXXXX:500->XXXXXXXXX:500,ifindex=3,vrf=0....
2025-01-15 10:44:39.810608 ike 0: IKEv2 exchange=AUTH id=3c5faf9a7ecd25f6/17576de84593765c:00000001 len=288
2025-01-15 10:44:39.810618 ike 0: in 3C5FAF9A7ECD25F617576DE84593765C2E20230800000001000001202B000104DD4F54DD4E8625C80E2870D918FB5CF5209E447F25DEED9BC1261DF618CB221A1AA085911BCE5
B318B341AFE91441EF94CA0F5CCBF7DE2ACB07AE033F9E2F925716C6025E2B549CBAF4B181F7098EC2253978DC3D3FFB8B3FD938587B7EEC63C458751E05F2E8C287D964177FBC1FD293613EEDBF962E44A1A53079CFAE729B
39E5DCA3AD8A71A03AEC912EE06B41F8798BD06D624D541F0122EAF78EA4BD099CF30A9802AAB8ABD8101C8B3BD67E72BC84CED0FAEA818480E6EE538DB6B9A19553942EF8575128E797E01A744C5DA9011A6DD46251CAA79D
A84C29DA26DB4A6E9B51BD92218061FDAF8EC6EBE587BE8BAEA9E794870E5BEB14B9757791F1A92
2025-01-15 10:44:39.810651 ike 0:XXXXXXXXX:120342: dec 3C5FAF9A7ECD25F617576DE84593765C2E20230800000001000000FC2B000004230000143E5FAE9A6DFAD6B13D62E82673C0D20E2700000C010000003EF59
6722100002802000000F03D5519A89E9EC8DB54C48FA53E7C97EB86EE4C48F730FDEBA6916AE50FA0522C00002C0000002801030403576286220300000C0100000C800E0100030000080300000C00000008050000002D00002
802000000070000100000FFFFA030A72DA030A72D070000100000FFFFA0300000A033FFFF2900002802000000070000100000FFFFAC121A90AC121A90070000100000FFFFAC121A90AC121A9F2900000801004000290000080
100400A000000080100400B
2025-01-15 10:44:39.810665 ike 0:XXXXXXXXX:120342: responder received AUTH msg
2025-01-15 10:44:39.810672 ike 0:XXXXXXXXX:120342: processing notify type INITIAL_CONTACT
2025-01-15 10:44:39.810694 ike 0:XXXXXXXXX:120342: processing notify type ESP_TFC_PADDING_NOT_SUPPORTED
2025-01-15 10:44:39.810708 ike 0:XXXXXXXXX:120342: processing notify type NON_FIRST_FRAGMENTS_ALSO
2025-01-15 10:44:39.810726 ike 0:XXXXXXXXX:120342: peer identifier IPV4_ADDR XXXXXXXXX
2025-01-15 10:44:39.810749 ike 0:XXXXXXXXX:120342: auth verify done
2025-01-15 10:44:39.810755 ike 0:XXXXXXXXX:120342: responder AUTH continuation
2025-01-15 10:44:39.810759 ike 0:XXXXXXXXX:120342: authentication succeeded
2025-01-15 10:44:39.810776 ike 0:XXXXXXXXX:120342: responder creating new child
2025-01-15 10:44:39.810794 ike 0:XXXXXXXXX:120342:277382: peer proposal:
2025-01-15 10:44:39.810803 ike 0:XXXXXXXXX:120342:277382: TSi_0 0:XXXXXXXXX-XXXXXXXXX:0
2025-01-15 10:44:39.810810 ike 0:XXXXXXXXX:120342:277382: TSi_1 0:XXXXXXXXX-XXXXXXXXX:0
2025-01-15 10:44:39.810815 ike 0:XXXXXXXXX:120342:277382: TSr_0 0:1XXXXXXXXX-1XXXXXXXXX:0
2025-01-15 10:44:39.810821 ike 0:XXXXXXXXX:120342:277382: TSr_1 0:1XXXXXXXXX-XXXXXXXXX:0
2025-01-15 10:44:39.810825 ike 0:XXXXXXXXX:120342:XXXXXXXXX:277382: comparing selectors
2025-01-15 10:44:39.810833 ike 0:XXXXXXXXX:120342:XXXXXXXXX10:277382: comparing selectors
2025-01-15 10:44:39.810838 ike 0:XXXXXXXXX:120342:XXXXXXXXX2:277382: comparing selectors
2025-01-15 10:44:39.810844 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277382: comparing selectors
2025-01-15 10:44:39.810848 ike 0:XXXXXXXXX:120342:XXXXXXXXX4:277382: comparing selectors
2025-01-15 10:44:39.810854 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: comparing selectors
2025-01-15 10:44:39.810858 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: matched by rfc-rule-2
2025-01-15 10:44:39.810863 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: phase2 matched by subset
2025-01-15 10:44:39.810872 ike 0:XXXXXXXXX:120342:277382: local narrowing exactly matches static selector
2025-01-15 10:44:39.810877 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: accepted proposal:
2025-01-15 10:44:39.810882 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: TSi_0 0:XXXXXXXXX-XXXXXXXXX:0
2025-01-15 10:44:39.810889 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: TSr_0 0:1XXXXXXXXX-XXXXXXXXX:0
2025-01-15 10:44:39.810894 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: autokey
2025-01-15 10:44:39.810903 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: incoming child SA proposal:
2025-01-15 10:44:39.810909 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: proposal id = 1:
2025-01-15 10:44:39.810913 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: protocol = ESP:
2025-01-15 10:44:39.810918 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: encapsulation = TUNNEL
2025-01-15 10:44:39.810923 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: type=ENCR, val=AES_CBC (key_len = 256)
2025-01-15 10:44:39.810928 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: type=INTEGR, val=SHA256
2025-01-15 10:44:39.810932 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: type=ESN, val=NO
2025-01-15 10:44:39.810937 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: PFS is disabled
2025-01-15 10:44:39.810943 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: matched proposal id 1
2025-01-15 10:44:39.810948 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: proposal id = 1:
2025-01-15 10:44:39.810952 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: protocol = ESP:
2025-01-15 10:44:39.810957 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: encapsulation = TUNNEL
2025-01-15 10:44:39.810961 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: type=ENCR, val=AES_CBC (key_len = 256)
2025-01-15 10:44:39.810966 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: type=INTEGR, val=SHA256
2025-01-15 10:44:39.810971 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: type=ESN, val=NO
2025-01-15 10:44:39.810975 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: PFS is disabled
2025-01-15 10:44:39.810979 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: lifetime=3600
2025-01-15 10:44:39.810999 ike 0:XXXXXXXXX:120342: responder preparing AUTH msg
2025-01-15 10:44:39.811008 ike 0:XXXXXXXXX:120342: established IKE SA 3c5faf9a7ecd25f6/17576de84593765c
2025-01-15 10:44:39.811031 ike 0:XXXXXXXXX:120342: check peer route: if_addr4_rcvd=0, if_addr6_rcvd=0, mode_cfg=0
2025-01-15 10:44:39.811038 ike 0:XXXXXXXXX:120342: processing INITIAL-CONTACT
2025-01-15 10:44:39.811043 ike 0:XXXXXXXXX: flushing
2025-01-15 10:44:39.811096 ike 0:XXXXXXXXX: deleting IPsec SA with SPI 3612111a
2025-01-15 10:44:39.811154 ike 0:XXXXXXXXX:XXXXXXXXX3: deleted IPsec SA with SPI 3612111a, SA count: 0
2025-01-15 10:44:39.811160 ike 0:XXXXXXXXX: sending SNMP tunnel DOWN trap for XXXXXXXXX3
2025-01-15 10:44:39.811199 ike 0:XXXXXXXXX: static tunnel down event 0.0.0.0 (dev=24)
2025-01-15 10:44:39.811230 ike 0:XXXXXXXXX: static tunnel down event :: (dev=24)
2025-01-15 10:44:39.811243 ike 0:XXXXXXXXX:120308:XXXXXXXXX3:277304: sending delete for IPsec SA SPI 020dce2b
2025-01-15 10:44:39.811251 ike 0:XXXXXXXXX:120308::277383: wait for pending request :277381
2025-01-15 10:44:39.811282 ike 0:XXXXXXXXX: deleting IPsec SA with SPI 010a5dd6
2025-01-15 10:44:39.811328 ike 0:XXXXXXXXX:XXXXXXXXX5: deleted IPsec SA with SPI 010a5dd6, SA count: 0
2025-01-15 10:44:39.811333 ike 0:XXXXXXXXX: sending SNMP tunnel DOWN trap for XXXXXXXXX5
2025-01-15 10:44:39.811357 ike 0:XXXXXXXXX: static tunnel down event 0.0.0.0 (dev=24)
2025-01-15 10:44:39.811373 ike 0:XXXXXXXXX: static tunnel down event :: (dev=24)
2025-01-15 10:44:39.811388 ike 0:XXXXXXXXX:120308:XXXXXXXXX5:277309: sending delete for IPsec SA SPI 020dce2c
2025-01-15 10:44:39.811396 ike 0:XXXXXXXXX:120308::277384: wait for pending request :277381
2025-01-15 10:44:39.811425 ike 0:XXXXXXXXX: deleting IPsec SA with SPI 29008f78
2025-01-15 10:44:39.811471 ike 0:XXXXXXXXX:XXXXXXXXX6: deleted IPsec SA with SPI 29008f78, SA count: 0
2025-01-15 10:44:39.811476 ike 0:XXXXXXXXX: sending SNMP tunnel DOWN trap for XXXXXXXXX6
2025-01-15 10:44:39.811499 ike 0:XXXXXXXXX: static tunnel down event 0.0.0.0 (dev=24)
2025-01-15 10:44:39.811514 ike 0:XXXXXXXXX: static tunnel down event :: (dev=24)
2025-01-15 10:44:39.811531 ike 0:XXXXXXXXX:120308:XXXXXXXXX6:277332: sending delete for IPsec SA SPI 020dce2d
2025-01-15 10:44:39.811539 ike 0:XXXXXXXXX:120308::277385: wait for pending request :277381
2025-01-15 10:44:39.811571 ike 0:XXXXXXXXX: deleting IPsec SA with SPI 3612111a
2025-01-15 10:44:39.811586 ike 0:XXXXXXXXX: IPsec SA with SPI 3612111a deletion failed: 2
2025-01-15 10:44:39.811591 ike 0:XXXXXXXXX: deleting IPsec SA with SPI 010a5dd6
2025-01-15 10:44:39.811606 ike 0:XXXXXXXXX: IPsec SA with SPI 010a5dd6 deletion failed: 2
2025-01-15 10:44:39.811611 ike 0:XXXXXXXXX: deleting IPsec SA with SPI 29008f78
2025-01-15 10:44:39.811628 ike 0:XXXXXXXXX: IPsec SA with SPI 29008f78 deletion failed: 2
2025-01-15 10:44:39.811638 ike 0:XXXXXXXXX: deleting IPsec SA with SPI 3612111a
2025-01-15 10:44:39.811654 ike 0:XXXXXXXXX: IPsec SA with SPI 3612111a deletion failed: 2
2025-01-15 10:44:39.811664 ike 0:XXXXXXXXX: deleting IPsec SA with SPI 010a5dd6
2025-01-15 10:44:39.811679 ike 0:XXXXXXXXX: IPsec SA with SPI 010a5dd6 deletion failed: 2
2025-01-15 10:44:39.811689 ike 0:XXXXXXXXX: deleting IPsec SA with SPI 29008f78
2025-01-15 10:44:39.811707 ike 0:XXXXXXXXX: IPsec SA with SPI 29008f78 deletion failed: 2
2025-01-15 10:44:39.811739 ike 0:XXXXXXXXX:120308:277386: send informational
2025-01-15 10:44:39.811752 ike 0:XXXXXXXXX:120308: enc 00000008010000000706050403020107
2025-01-15 10:44:39.811783 ike 0:XXXXXXXXX:120308: out 01179DF404DEC7CC500C51F1457569B32E20250000000001000000502A000034FCE504808CF516F0B646D883D29D04272E09EBF1D5E0A49724D0A4FF8891B
858051DDAE574CE52BB10E3638BD4D9C40F
2025-01-15 10:44:39.811813 ike 0:XXXXXXXXX:120308: sent IKE msg (INFORMATIONAL): XXXXXXXXX:500->XXXXXXXXX:500, len=80, vrf=0, id=01179df404dec7cc/500c51f1457569b3:00000001
2025-01-15 10:44:39.811849 ike 0:XXXXXXXXX: schedule auto-negotiate
2025-01-15 10:44:39.811891 ike 0:XXXXXXXXX: flushed
2025-01-15 10:44:39.811897 ike 0:XXXXXXXXX:120342: processed INITIAL-CONTACT
2025-01-15 10:44:39.811920 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: replay protection enabled
2025-01-15 10:44:39.811928 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: set sa life soft seconds=3333.
2025-01-15 10:44:39.811933 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: set sa life hard seconds=3600.
2025-01-15 10:44:39.811954 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: IPsec SA selectors #src=1 #dst=1
2025-01-15 10:44:39.811962 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: src 0 7 0:1XXXXXXXXX-XXXXXXXXX:0
2025-01-15 10:44:39.811968 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: dst 0 7 0:XXXXXXXXX-XXXXXXXXX:0
2025-01-15 10:44:39.811974 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: add IPsec SA: SPIs=020dce32/57628622
2025-01-15 10:44:39.811980 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: IPsec SA dec spi 020dce32 key 32:87C5EE351A78444992BA0A90D8A9C123F7C9FFBDDD448972670D3A217B8AC21F auth 32:C8B81CE
4A98634FC893673226C0D0E0F9C75B8411259B48B160C8E54577EED49
2025-01-15 10:44:39.811987 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: IPsec SA enc spi 57628622 key 32:4E094BF3288726D8F7E31FE9D462F9CC9D98864B37F108EAAEDE69FBC180EA95 auth 32:52758C2
80747ABB83EDFA910199A255B1E6DEE46BAB3FFB97B9C4F0B7E8C69A0
2025-01-15 10:44:39.812026 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: added IPsec SA: SPIs=020dce32/57628622
2025-01-15 10:44:39.812048 ike 0:XXXXXXXXX:120342:XXXXXXXXX5:277382: sending SNMP tunnel UP trap
2025-01-15 10:44:39.812058 ike 0:XXXXXXXXX: static tunnel up event 0.0.0.0 (dev=24)
2025-01-15 10:44:39.812079 ike 0:XXXXXXXXX: static tunnel up event :: (dev=24)
2025-01-15 10:44:39.812131 ike 0:XXXXXXXXX:120342: enc 2700000C01000000528760C42100002802000000F179AE46E815BAE8161A81E3DD44D6E1A6AE6C26DD0095EE30E290DDEEEC71F22C00002C0000002801030
403020DCE320300000C0100000C800E0100030000080300000C00000008050000002D00001801000000070000100000FFFFA0300000A033FFFF0000001801000000070000100000FFFFAC121A90AC121A9F0F0E0D0C0B0A090
8070605040302010F
2025-01-15 10:44:39.812159 ike 0:XXXXXXXXX:120342: out 3C5FAF9A7ECD25F617576DE84593765C2E20232000000001000000E0240000C49AB1D632AD8A316CEC4F69FECB76865308BA47C3B228B722BA523E81770C5
8AAACBF154548B7A2DA2D66CB245CFB485C243F9E96F4DE117405E8FF7F47200ABF1BE1F60C8052A81B9CCFC4B0EDDA8CA1F1A0227CEB916571900903335E2C2E9E2B22CD9C25837D5590C77D133BFAD349543771BE9734B95
9622DA1B77FFCE1CB509B25D0C5926FEA9942DFB52080DF21D6C656B2F280E2B449420C28709BA7DB1A1185A3A67D8FED8FB45EBDC78362D6D4847B9018FFD166E69C28BBC10E8C2B
2025-01-15 10:44:39.812186 ike 0:XXXXXXXXX:120342: sent IKE msg (AUTH_RESPONSE): XXXXXXXXX:500->XXXXXXXXX:500, len=224, vrf=0, id=3c5faf9a7ecd25f6/17576de84593765c:0000000
1
2025-01-15 10:44:39.814184 ike 0:XXXXXXXXX: link is idle 3 XXXXXXXXX->XXXXXXXXX:0 dpd=1 seqno=89311 rr=0
2025-01-15 10:44:44.854317 ike 0: comes XXXXXXXXX:500->XXXXXXXXX:500,ifindex=3,vrf=0....
2025-01-15 10:44:44.854344 ike 0: IKEv2 exchange=CREATE_CHILD id=3c5faf9a7ecd25f6/17576de84593765c:00000002 len=544
2025-01-15 10:44:44.854377 ike 0: in 3C5FAF9A7ECD25F617576DE84593765C2E202408000000020000022021000204E9B51BD92218061FDAF8EC6EBE587BE8A29886018E275F66882B7A596EAFD6675329379D11B52
4F94E37C4562B7CB83355691CAAE0FE2C1DAD9E6BDD3B30A8BDBBFCEBFDF3C58CC65B6B1EB93BE818F7E69062A59778EDF12E06796E9C6151408D75A0A1BE7954D9A052ADA184BD101C7BDDB80CEA263B180660A963EF95EE4
4AB8C896365DC381C808645A73679A7D9AC0D3AA1CA6337A66559FDD40816DF9CE5CC85DDA11F53C8C298E3C807F3AD8AB60C8C3F0ECB3C90702D80097CDBEEBB2FE050CC6F240E5C9AEF3388B812876F68D561B14EBFA311A
D63F5D786F6AC529A2B837EF5D4BB617142955AE4646D861B1B0DFFF52841BC37A27348445C753BC357B462CF2FEDE64B5F8438AF7DD361FA086BFC5A7FE1C13CEFD3201DF1FD6DBC9F3A24E83A4085E7A21A988257FC5D084
4C914B21628358E81CAF1CDD2FD3F6940C7EF124709D9FCE015089F32D13B6352122DBC725875472E49E6A0F616EA502AF119D644E8607A1160F0002BF58D9573F0F7251F3AF632F310BDB05D1BF928EDFE29B7E3527E84F1A
1824476028FB98B3C5A921DC720D3D4E81D13EFFDC40987C557788AD5049D13D4325F6CECAE984F34DF14391507E10CFD73B15BCCF95BA4F249BAD96E07A09D11D7288855E2806B6E2C4EA995AD365F21B94CDED155EEAEBCB
0930FEFC47A9EBBE157FDFE2F7646957B115B6A3175B88C271585CE89
2025-01-15 10:44:44.854443 ike 0:XXXXXXXXX:120342: dec 3C5FAF9A7ECD25F617576DE84593765C2E20240800000002000001F0210000042800003400000030010304041128CF600300000C0100000C800E010003000
0080300000C030000080400000E000000080500000022000044CAA286D4384304E85312706275271A1E3B0941889C616137949026DE11FAEB9C93EF16A4C097A8EC64FE40C3EB8D59B0551AAA328B7F9872DF85DC2BC9E6D40
02C000108000E00001EB834ACC615F48BAA1B8C2882F993EFDD0B5F3FE674B94668062DA5A01BA5E6681B7F877C0C3BCEAF06690422A0EF907E7E6ECC4EDEA5E15503FE45F59314C04E662C5EB8BC6421849C8E0B3AC257FFF
652F08D628A45DCFC55AA968598E8F646E0F4299BB5DED9EB62C8A5DB7C5F80D80391CDED09EB9BA1123279255D9BA66B73BEDEE7BCDD7117CAB25B602BE0A27308B04CF467E27EEE664E05A98654EC09E4FF240E34BC89075
146A7F2B2E19B4D773FBBBFCF7ED11E9EA0D175F204D0719F10EA56AFF9BB722C37411A61071790912C2AEE2AF4C3EDB0B01365627750E15051F53016F54E8AFD66026ECE15AC456FAC6F326ABE848CE1532B1D74B23D2D000
02802000000070000100000FFFFA02EC555A02EC555070000100000FFFFA02EC000A02EDFFF0000002802000000070000100000FFFFAC121A90AC121A90070000100000FFFFAC121A90AC121A9F
2025-01-15 10:44:44.854464 ike 0:XXXXXXXXX:120342: received create-child request
2025-01-15 10:44:44.854470 ike 0:XXXXXXXXX:120342: responder received CREATE_CHILD exchange
2025-01-15 10:44:44.854478 ike 0:XXXXXXXXX:120342: responder creating new child
2025-01-15 10:44:44.854506 ike 0:XXXXXXXXX:120342:277387: peer proposal:
2025-01-15 10:44:44.854515 ike 0:XXXXXXXXX:120342:277387: TSi_0 0:XXXXXXXXX7.85-XXXXXXXXX7.85:0
2025-01-15 10:44:44.854522 ike 0:XXXXXXXXX:120342:277387: TSi_1 0:XXXXXXXXX2.0-XXXXXXXXX.255:0
2025-01-15 10:44:44.854529 ike 0:XXXXXXXXX:120342:277387: TSr_0 0:1XXXXXXXXX-1XXXXXXXXX:0
2025-01-15 10:44:44.854535 ike 0:XXXXXXXXX:120342:277387: TSr_1 0:1XXXXXXXXX-XXXXXXXXX:0
2025-01-15 10:44:44.854540 ike 0:XXXXXXXXX:120342:XXXXXXXXX:277387: comparing selectors
2025-01-15 10:44:44.854547 ike 0:XXXXXXXXX:120342:XXXXXXXXX10:277387: comparing selectors
2025-01-15 10:44:44.854553 ike 0:XXXXXXXXX:120342:XXXXXXXXX2:277387: comparing selectors
2025-01-15 10:44:44.854559 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: comparing selectors
2025-01-15 10:44:44.854565 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: matched by rfc-rule-2
2025-01-15 10:44:44.854570 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: phase2 matched by subset
2025-01-15 10:44:44.854577 ike 0:XXXXXXXXX:120342:277387: local narrowing exactly matches static selector
2025-01-15 10:44:44.854585 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: accepted proposal:
2025-01-15 10:44:44.854591 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: TSi_0 0:XXXXXXXXX2.0-XXXXXXXXX.255:0
2025-01-15 10:44:44.854597 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: TSr_0 0:1XXXXXXXXX-XXXXXXXXX:0
2025-01-15 10:44:44.854603 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: autokey
2025-01-15 10:44:44.854614 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: incoming child SA proposal:
2025-01-15 10:44:44.854620 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: proposal id = 1:
2025-01-15 10:44:44.854625 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: protocol = ESP:
2025-01-15 10:44:44.854630 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: encapsulation = TUNNEL
2025-01-15 10:44:44.854636 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: type=ENCR, val=AES_CBC (key_len = 256)
2025-01-15 10:44:44.854641 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: type=INTEGR, val=SHA256
2025-01-15 10:44:44.854647 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: type=DH_GROUP, val=MODP2048
2025-01-15 10:44:44.854652 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: type=ESN, val=NO
2025-01-15 10:44:44.854659 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: matched proposal id 1
2025-01-15 10:44:44.854665 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: proposal id = 1:
2025-01-15 10:44:44.854670 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: protocol = ESP:
2025-01-15 10:44:44.854675 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: encapsulation = TUNNEL
2025-01-15 10:44:44.854680 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: type=ENCR, val=AES_CBC (key_len = 256)
2025-01-15 10:44:44.854685 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: type=INTEGR, val=SHA256
2025-01-15 10:44:44.854690 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: type=DH_GROUP, val=MODP2048
2025-01-15 10:44:44.854695 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: type=ESN, val=NO
2025-01-15 10:44:44.854700 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: lifetime=3600
2025-01-15 10:44:44.854705 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: PFS enabled, group=14
2025-01-15 10:44:44.854726 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: generate DH public value request queued
2025-01-15 10:44:44.854762 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: compute DH shared secret request queued
2025-01-15 10:44:44.858052 ike 0:XXXXXXXXX: schedule auto-negotiate
2025-01-15 10:44:44.858061 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: replay protection enabled
2025-01-15 10:44:44.858069 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: set sa life soft seconds=3328.
2025-01-15 10:44:44.858075 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: set sa life hard seconds=3600.
2025-01-15 10:44:44.858104 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: IPsec SA selectors #src=1 #dst=1
2025-01-15 10:44:44.858112 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: src 0 7 0:1XXXXXXXXX-XXXXXXXXX:0
2025-01-15 10:44:44.858119 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: dst 0 7 0:XXXXXXXXX2.0-XXXXXXXXX.255:0
2025-01-15 10:44:44.858127 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: add IPsec SA: SPIs=020dce33/1128cf60
2025-01-15 10:44:44.858133 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: IPsec SA dec spi 020dce33 key 32:00F6E7499D49B5C5214F747A4580DF5D0F8CAF9F922095B9CEDCD40A171B900B auth 32:C3639AB
04B105FEC8B329F3CC79A7700F52F553AD122C9AA97932A65D95A6ED8
2025-01-15 10:44:44.858143 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: IPsec SA enc spi 1128cf60 key 32:7C42FDA438BE1974E35C0BA688DCCB210A82DF61FEC853EAD4EB587E4A95BDF2 auth 32:A355999
EF7E71639369266B9D790EC8712E81F077EFB18262FCF67E32BE4CBB1
2025-01-15 10:44:44.858181 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: added IPsec SA: SPIs=020dce33/1128cf60
2025-01-15 10:44:44.858204 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: sending SNMP tunnel UP trap
2025-01-15 10:44:44.858215 ike 0:XXXXXXXXX: static tunnel up event 0.0.0.0 (dev=24)
2025-01-15 10:44:44.858246 ike 0:XXXXXXXXX: static tunnel up event :: (dev=24)
2025-01-15 10:44:44.858284 ike 0:XXXXXXXXX:120342:XXXXXXXXX3:277387: responder preparing CREATE_CHILD message
2025-01-15 10:44:44.858305 ike 0:XXXXXXXXX:120342: enc 280000340000003001030404020DCE330300000C0100000C800E0100030000080300000C030000080400000E000000080500000022000014081193C65F8A9
83F7989FBD4E897577A2C000108000E0000A9C6C2982C6F98BC4025246C78C02958BF8C2E800E8A23FFFED685C0DAFCB3988181A2720B16638788F1A021911CF8B4401224F0714611BA942264E306F251A1E0DC85C59466B6A
D3197FEFDC3EEEE976B2E49DF8E0D23907064E29E41272F78B0BB3D08A13706443A59354021BF5BDB7A36D4C22DC6ED845448E62BF39A2AAEB3643574D9F04AD80DB830547911D30C536189C14AFFF35180B3A6E02CDD48AAA
B64ACA448FD08AABD0945263E9B72B89C07AF0A0A8E06FDADD0BABB04CABD242865FDECB7D4409420E2ABCF78C3728390ECBF6EF96B84C9ABD35C7657655B67662E7C780725A357BC37205501D5173870DB771ACE5E9CEF5EE
210BF1E20E62E2D00001801000000070000100000FFFFA02EC000A02EDFFF0000001801000000070000100000FFFFAC121A90AC121A9F0F0E0D0C0B0A0908070605040302010F
2025-01-15 10:44:44.858350 ike 0:XXXXXXXXX:120342: out 3C5FAF9A7ECD25F617576DE84593765C2E20242000000002000001D0210001B4F0192E2673C4411B4F7B452B09F0CE30631921F44BA08102E7D1E75A67E80
9E2977D9019334E4D46000C5D527989AA52C1EB4B87F3CDD7F3F2C4864B8B39EE3854099534A59F42523AA6590525C759B50949F8383D00D2C05699070404A15E4EA695C63BD2B66D3189A2F4DB0C886F0871E767761E5A376
C3101A470F8DFE41F5F1B8260FB4D3DE72C234ECBD3836EA481D2765E690D335F10C0FA32C0CDC75922C817258231607FAA176B951669734094137FF5B4254431848FC617852F3CBD90BAEDFFC2A22FE8A3B9B0F9B6772398F
0680742E9F7C2B5748F2E7F386BC4AEDC060F83C863D855F4E6A24447389A9741CAB318F5A75A044CAAE129B4D0B0205AA17BDFA0CB13B15094C2FBF68FADF59627484E93F5334EC8EF31E7F501D47E46F7BB1487B6A51F760
861BD50823D8627B7A6E07D9DB3A13240D75C37C0E969384D2DAE2179A735E7AD61DDE26C1D7A4D38ADDD9F990DF7163017A778483FDFBF2D4E89664E9BB93AC5D60D13ED726C33EAC21CB310D7B5DFC88E4246D158332D97F
82EF8E17641F1C08C4A43186831F1751BFFBC21312149EDD06D7F92506DFCDA9AC9BAACF4D04F23F6C23584E0D3
2025-01-15 10:44:44.858391 ike 0:XXXXXXXXX:120342: sent IKE msg (CREATE_CHILD_RESPONSE): XXXXXXXXX:500->XXXXXXXXX:500, len=464, vrf=0, id=3c5faf9a7ecd25f6/17576de84593765c
:00000002
Hi it_admin_icongroup,
Please confirm whether the tunnel is still flapping after changing the DPD settings.
Additionally, try disabling Replay Detection on both ends and observe the behavior.
If the tunnel continues to flap, kindly collect the new IKE debug logs and attach them here for further analysis.
Regards,
Aman
Hi Aman,
tunnel is still flapping after DPD settings.
I can't disable Replay Detection on the other side, because it's a global Cisco setting there and they will not change it because it affects more than 300 connections of the partner:
crypto ipsec security-association replay window-size 1024
If I still disable Replay Detection on our Fortigate, tunnel is still flapping. Here is the log. I am still curious why it can't delete SPIs:
2025-01-22 11:16:14.480153 ike 0:XXX-XXX: deleting IPsec SA with SPI 7c393c64
2025-01-22 11:16:14.480169 ike 0:XXX-XXX: IPsec SA with SPI 7c393c64 deletion failed: 2
2025-01-22 11:16:14.480177 ike 0:XXX-XXX: deleting IPsec SA with SPI e78c61ae
2025-01-22 11:16:14.480192 ike 0:XXX-XXX: IPsec SA with SPI e78c61ae deletion failed: 2
2025-01-22 11:16:14.480201 ike 0:XXX-XXX: deleting IPsec SA with SPI 7c393c64
2025-01-22 11:16:14.480216 ike 0:XXX-XXX: IPsec SA with SPI 7c393c64 deletion failed: 2
2025-01-22 11:16:14.480227 ike 0:XXX-XXX: deleting IPsec SA with SPI e78c61ae
2025-01-22 11:16:14.480243 ike 0:XXX-XXX: IPsec SA with SPI e78c61ae deletion failed: 2
Regards,
Jan
full log:
FG-MUC # diagnose debug console timestamp enable
FG-MUC # diagnose debug application ike -1
Debug messages will be on for 30 minutes.
FG-MUC # diagnose debug enable
FG-MUC #
FG-MUC #
FG-MUC #
FG-MUC #
FG-MUC # 2025-01-22 11:16:08.793393 ike 0:XXX-XXX: link is idle 3 XX.XXX.96.196->XX.XXX.150.114:0 dpd=1 seqno=108847 rr=0
2025-01-22 11:16:08.793430 ike 0:XXX-XXX:140650: send IKEv2 DPD probe, seqno 108847
2025-01-22 11:16:08.793443 ike 0:XXX-XXX:321855: sending NOTIFY msg
2025-01-22 11:16:08.793449 ike 0:XXX-XXX:140650:321855: send informational
2025-01-22 11:16:08.793465 ike 0:XXX-XXX:140650: enc 0F0E0D0C0B0A0908070605040302010F
2025-01-22 11:16:08.793509 ike 0:XXX-XXX:140650: out A642E8B2AE97E27184B663F7CFC536BE2E20250000000001000000500000003488E4607FD5C5AC4DB01790B2C
D1114C597F1FD68F1B6DEAE156A890D7326F45ADFBB559CDC9BF2126C53EF191BAFF3F4
2025-01-22 11:16:08.793543 ike 0:XXX-XXX:140650: sent IKE msg (INFORMATIONAL): XX.XXX.96.196:500->XX.XXX.150.114:500, len=80, vrf=0, id=a642e8
b2ae97e271/84b663f7cfc536be:00000001
2025-01-22 11:16:11.794249 ike 0:XXX-XXX:140650: out A642E8B2AE97E27184B663F7CFC536BE2E20250000000001000000500000003488E4607FD5C5AC4DB01790B2C
D1114C597F1FD68F1B6DEAE156A890D7326F45ADFBB559CDC9BF2126C53EF191BAFF3F4
2025-01-22 11:16:11.794309 ike 0:XXX-XXX:140650: sent IKE msg (RETRANSMIT_INFORMATIONAL): XX.XXX.96.196:500->XX.XXX.150.114:500, len=80, vrf=0
, id=a642e8b2ae97e271/84b663f7cfc536be:00000001
2025-01-22 11:16:14.473314 ike 0: comes XX.XXX.150.114:500->XX.XXX.96.196:500,ifindex=3,vrf=0....
2025-01-22 11:16:14.473359 ike 0: IKEv2 exchange=SA_INIT id=4f5a04df14c9a506/0000000000000000 len=1234
2025-01-22 11:16:14.473375 ike 0: in 4F5A04DF14C9A50600000000000000002120220800000000000004D2220002C40200004C010100080300000C0100000C800E01000
30000080200000703000008020000060300000802000005030000080300000E030000080300000D030000080300000C000000080400000E0200005C0201000A0300000C0100000
C800E0100030000080200000703000008020000060300000802000005030000080300000E030000080300000D030000080300000C0300000804000010030000080400000F00000
0080400000E0200005C0301000A0300000C0100000C800E0100030000080200000703000008020000060300000802000005030000080300000E030000080300000D03000008030
0000C0300000804000010030000080400000F000000080400000E0200004C040100080300000C01000014800E01000300000802000007030000080200000603000008020000050
30000080400001F0300000804000015030000080400001400000008040000130200005C0501000A0300000C0100000C800E0100030000080200000703000008020000060300000
802000005030000080300000E030000080300000D030000080300000C0300000804000010030000080400000F000000080400000E0200005C0601000A0300000C0100000C800E0
100030000080200000703000008020000060300000802000005030000080300000E030000080300000D030000080300000C0300000804000015030000080400001400000008040
000130200005C0701000A0300000C0100000C800E0100030000080200000703000008020000060300000802000005030000080300000E030000080300000D030000080300000C0
300000804000015030000080400001400000008040000130000005C0801000A0300000C0100000C800E01000300000802000007030000080200000603000008020000050300000
80300000E030000080300000D030000080300000C03000008040000150300000804000014000000080400001328000108000E000011F8F05E33C6AEC86D6F8C303F59A17E02F64
79779CB583C0F3EAF4AD6C9778D30B1D5DA08F1635D35104992F39C6F053B04AB7F643980033C53B3C4DADD8251B6002F012B86134F4E34DB2FF47DE8F1FBF0CDCEF6F2E281AE9
6796BD3A7DEEFE8D6C957889F2AC6556BB1D54720E836764892DC1403A76AB1057BA26617E9470A29CF0468E9288148DC76DD5B22F5BFF111D37C5C0DA3ECBC960BF3FCF3AD9B0
E41D25E4E9FEBBD3D3CB7568393F66CBE33D290E0626A8A96A2D5D5FDD9A91C4D74E9843DE377597098E678D78E3223A8A9ECCB46D1824473719B4DC27B5134159897DE6B3F656
F9285F2D2C8B302B347ED6AAD009EA5C97907190259F8D8A12B000044D54F4136C616D8C8CCCE953EE06E2EF1C72809120D1876F77522B691AB5FD437A7A0BC46521FBBE88FE80
103FDC7DAC07EFF375A3AD64AD23299D026853E5E0D2B000017434953434F2D44454C4554452D524541534F4E2900003B434953434F28434F505952494748542926436F7079726
967687420286329203230303920436973636F2053797374656D732C20496E632E2900001C01004004361CD8EDD9623D366D82D90306FC6FC8A28C6E6B2900001C01004005B8C04
A82EEE2EF80896F0BC113FF6ADFD9D8DDDE2B0000080000402E000000144048B7D56EBCE88525E7DE7F00D6C2D3
2025-01-22 11:16:14.473447 ike 0:4f5a04df14c9a506/0000000000000000:140661: responder received SA_INIT msg
2025-01-22 11:16:14.473459 ike 0:4f5a04df14c9a506/0000000000000000:140661: VID unknown (19): CISCO-DELETE-REASON
2025-01-22 11:16:14.473472 ike 0:4f5a04df14c9a506/0000000000000000:140661: VID unknown (55): CISCO(COPYRIGHT)&Copyright (c) 2009 Cisco Systems
, Inc.
2025-01-22 11:16:14.473482 ike 0:4f5a04df14c9a506/0000000000000000:140661: received notify type NAT_DETECTION_SOURCE_IP
2025-01-22 11:16:14.473492 ike 0:4f5a04df14c9a506/0000000000000000:140661: received notify type NAT_DETECTION_DESTINATION_IP
2025-01-22 11:16:14.473502 ike 0:4f5a04df14c9a506/0000000000000000:140661: received notify type FRAGMENTATION_SUPPORTED
2025-01-22 11:16:14.473512 ike 0:4f5a04df14c9a506/0000000000000000:140661: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3
2025-01-22 11:16:14.473541 ike 0:4f5a04df14c9a506/0000000000000000:140661: incoming proposal:
2025-01-22 11:16:14.473551 ike 0:4f5a04df14c9a506/0000000000000000:140661: proposal id = 1:
2025-01-22 11:16:14.473557 ike 0:4f5a04df14c9a506/0000000000000000:140661: protocol = IKEv2:
2025-01-22 11:16:14.473563 ike 0:4f5a04df14c9a506/0000000000000000:140661: encapsulation = IKEv2/none
2025-01-22 11:16:14.473570 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=ENCR, val=AES_CBC (key_len = 256)
2025-01-22 11:16:14.473577 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2025-01-22 11:16:14.473590 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=INTEGR, val=AUTH_HMAC_SHA2_384_192
2025-01-22 11:16:14.473595 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=INTEGR, val=AUTH_HMAC_SHA2_512_256
2025-01-22 11:16:14.473600 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=PRF, val=PRF_HMAC_SHA2_256
2025-01-22 11:16:14.473606 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=PRF, val=PRF_HMAC_SHA2_384
2025-01-22 11:16:14.473611 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=PRF, val=PRF_HMAC_SHA2_512
2025-01-22 11:16:14.473616 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=DH_GROUP, val=MODP2048.
2025-01-22 11:16:14.473624 ike 0:4f5a04df14c9a506/0000000000000000:140661: proposal id = 2:
2025-01-22 11:16:14.473629 ike 0:4f5a04df14c9a506/0000000000000000:140661: protocol = IKEv2:
2025-01-22 11:16:14.473634 ike 0:4f5a04df14c9a506/0000000000000000:140661: encapsulation = IKEv2/none
2025-01-22 11:16:14.473639 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=ENCR, val=AES_CBC (key_len = 256)
2025-01-22 11:16:14.473645 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2025-01-22 11:16:14.473650 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=INTEGR, val=AUTH_HMAC_SHA2_384_192
2025-01-22 11:16:14.473655 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=INTEGR, val=AUTH_HMAC_SHA2_512_256
2025-01-22 11:16:14.473660 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=PRF, val=PRF_HMAC_SHA2_256
2025-01-22 11:16:14.473665 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=PRF, val=PRF_HMAC_SHA2_384
2025-01-22 11:16:14.473670 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=PRF, val=PRF_HMAC_SHA2_512
2025-01-22 11:16:14.473675 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=DH_GROUP, val=MODP2048.
2025-01-22 11:16:14.473680 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=DH_GROUP, val=MODP3072.
2025-01-22 11:16:14.473685 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=DH_GROUP, val=MODP4096.
2025-01-22 11:16:14.473693 ike 0:4f5a04df14c9a506/0000000000000000:140661: proposal id = 3:
2025-01-22 11:16:14.473698 ike 0:4f5a04df14c9a506/0000000000000000:140661: protocol = IKEv2:
2025-01-22 11:16:14.473703 ike 0:4f5a04df14c9a506/0000000000000000:140661: encapsulation = IKEv2/none
2025-01-22 11:16:14.473708 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=ENCR, val=AES_CBC (key_len = 256)
2025-01-22 11:16:14.473713 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2025-01-22 11:16:14.473718 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=INTEGR, val=AUTH_HMAC_SHA2_384_192
2025-01-22 11:16:14.473724 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=INTEGR, val=AUTH_HMAC_SHA2_512_256
2025-01-22 11:16:14.473729 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=PRF, val=PRF_HMAC_SHA2_256
2025-01-22 11:16:14.473734 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=PRF, val=PRF_HMAC_SHA2_384
2025-01-22 11:16:14.473739 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=PRF, val=PRF_HMAC_SHA2_512
2025-01-22 11:16:14.473744 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=DH_GROUP, val=MODP2048.
2025-01-22 11:16:14.473749 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=DH_GROUP, val=MODP3072.
2025-01-22 11:16:14.473754 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=DH_GROUP, val=MODP4096.
2025-01-22 11:16:14.473761 ike 0:4f5a04df14c9a506/0000000000000000:140661: proposal id = 4:
2025-01-22 11:16:14.473767 ike 0:4f5a04df14c9a506/0000000000000000:140661: protocol = IKEv2:
2025-01-22 11:16:14.473772 ike 0:4f5a04df14c9a506/0000000000000000:140661: encapsulation = IKEv2/none
2025-01-22 11:16:14.473777 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=ENCR, val=AES_GCM_16 (key_len = 256)
2025-01-22 11:16:14.473782 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=PRF, val=PRF_HMAC_SHA2_256
2025-01-22 11:16:14.473790 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=PRF, val=PRF_HMAC_SHA2_384
2025-01-22 11:16:14.473795 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=PRF, val=PRF_HMAC_SHA2_512
2025-01-22 11:16:14.473800 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=DH_GROUP, val=ECP256.
2025-01-22 11:16:14.473805 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=DH_GROUP, val=ECP384.
2025-01-22 11:16:14.473811 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=DH_GROUP, val=ECP521.
2025-01-22 11:16:14.473816 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=DH_GROUP, val=CURVE25519.
2025-01-22 11:16:14.473824 ike 0:4f5a04df14c9a506/0000000000000000:140661: proposal id = 5:
2025-01-22 11:16:14.473829 ike 0:4f5a04df14c9a506/0000000000000000:140661: protocol = IKEv2:
2025-01-22 11:16:14.473834 ike 0:4f5a04df14c9a506/0000000000000000:140661: encapsulation = IKEv2/none
2025-01-22 11:16:14.473838 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=ENCR, val=AES_CBC (key_len = 256)
2025-01-22 11:16:14.473844 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2025-01-22 11:16:14.473849 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=INTEGR, val=AUTH_HMAC_SHA2_384_192
2025-01-22 11:16:14.473854 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=INTEGR, val=AUTH_HMAC_SHA2_512_256
2025-01-22 11:16:14.473859 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=PRF, val=PRF_HMAC_SHA2_256
2025-01-22 11:16:14.473863 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=PRF, val=PRF_HMAC_SHA2_384
2025-01-22 11:16:14.473868 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=PRF, val=PRF_HMAC_SHA2_512
2025-01-22 11:16:14.473873 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=DH_GROUP, val=MODP2048.
2025-01-22 11:16:14.473878 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=DH_GROUP, val=MODP3072.
2025-01-22 11:16:14.473883 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=DH_GROUP, val=MODP4096.
2025-01-22 11:16:14.473890 ike 0:4f5a04df14c9a506/0000000000000000:140661: proposal id = 6:
2025-01-22 11:16:14.473895 ike 0:4f5a04df14c9a506/0000000000000000:140661: protocol = IKEv2:
2025-01-22 11:16:14.473900 ike 0:4f5a04df14c9a506/0000000000000000:140661: encapsulation = IKEv2/none
2025-01-22 11:16:14.473905 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=ENCR, val=AES_CBC (key_len = 256)
2025-01-22 11:16:14.473910 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2025-01-22 11:16:14.473915 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=INTEGR, val=AUTH_HMAC_SHA2_384_192
2025-01-22 11:16:14.473920 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=INTEGR, val=AUTH_HMAC_SHA2_512_256
2025-01-22 11:16:14.473924 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=PRF, val=PRF_HMAC_SHA2_256
2025-01-22 11:16:14.473929 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=PRF, val=PRF_HMAC_SHA2_384
2025-01-22 11:16:14.473934 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=PRF, val=PRF_HMAC_SHA2_512
2025-01-22 11:16:14.473939 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=DH_GROUP, val=ECP256.
2025-01-22 11:16:14.473944 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=DH_GROUP, val=ECP384.
2025-01-22 11:16:14.473948 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=DH_GROUP, val=ECP521.
2025-01-22 11:16:14.473956 ike 0:4f5a04df14c9a506/0000000000000000:140661: proposal id = 7:
2025-01-22 11:16:14.473960 ike 0:4f5a04df14c9a506/0000000000000000:140661: protocol = IKEv2:
2025-01-22 11:16:14.473965 ike 0:4f5a04df14c9a506/0000000000000000:140661: encapsulation = IKEv2/none
2025-01-22 11:16:14.473970 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=ENCR, val=AES_CBC (key_len = 256)
2025-01-22 11:16:14.473975 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2025-01-22 11:16:14.473980 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=INTEGR, val=AUTH_HMAC_SHA2_384_192
2025-01-22 11:16:14.473985 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=INTEGR, val=AUTH_HMAC_SHA2_512_256
2025-01-22 11:16:14.473990 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=PRF, val=PRF_HMAC_SHA2_256
2025-01-22 11:16:14.473996 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=PRF, val=PRF_HMAC_SHA2_384
2025-01-22 11:16:14.474000 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=PRF, val=PRF_HMAC_SHA2_512
2025-01-22 11:16:14.474005 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=DH_GROUP, val=ECP256.
2025-01-22 11:16:14.474009 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=DH_GROUP, val=ECP384.
2025-01-22 11:16:14.474014 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=DH_GROUP, val=ECP521.
2025-01-22 11:16:14.474022 ike 0:4f5a04df14c9a506/0000000000000000:140661: proposal id = 8:
2025-01-22 11:16:14.474026 ike 0:4f5a04df14c9a506/0000000000000000:140661: protocol = IKEv2:
2025-01-22 11:16:14.474031 ike 0:4f5a04df14c9a506/0000000000000000:140661: encapsulation = IKEv2/none
2025-01-22 11:16:14.474035 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=ENCR, val=AES_CBC (key_len = 256)
2025-01-22 11:16:14.474040 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2025-01-22 11:16:14.474045 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=INTEGR, val=AUTH_HMAC_SHA2_384_192
2025-01-22 11:16:14.474049 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=INTEGR, val=AUTH_HMAC_SHA2_512_256
2025-01-22 11:16:14.474054 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=PRF, val=PRF_HMAC_SHA2_256
2025-01-22 11:16:14.474059 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=PRF, val=PRF_HMAC_SHA2_384
2025-01-22 11:16:14.474064 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=PRF, val=PRF_HMAC_SHA2_512
2025-01-22 11:16:14.474068 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=DH_GROUP, val=ECP256.
2025-01-22 11:16:14.474073 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=DH_GROUP, val=ECP384.
2025-01-22 11:16:14.474078 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=DH_GROUP, val=ECP521.
2025-01-22 11:16:14.474091 ike 0:4f5a04df14c9a506/0000000000000000:140661: matched proposal id 1
2025-01-22 11:16:14.474099 ike 0:4f5a04df14c9a506/0000000000000000:140661: proposal id = 1:
2025-01-22 11:16:14.474104 ike 0:4f5a04df14c9a506/0000000000000000:140661: protocol = IKEv2:
2025-01-22 11:16:14.474109 ike 0:4f5a04df14c9a506/0000000000000000:140661: encapsulation = IKEv2/none
2025-01-22 11:16:14.474113 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=ENCR, val=AES_CBC (key_len = 256)
2025-01-22 11:16:14.474118 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2025-01-22 11:16:14.474124 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=PRF, val=PRF_HMAC_SHA2_256
2025-01-22 11:16:14.474129 ike 0:4f5a04df14c9a506/0000000000000000:140661: type=DH_GROUP, val=MODP2048.
2025-01-22 11:16:14.474134 ike 0:4f5a04df14c9a506/0000000000000000:140661: lifetime=43200
2025-01-22 11:16:14.474141 ike 0:4f5a04df14c9a506/0000000000000000:140661: SA proposal chosen, matched gateway XXX-XXX
2025-01-22 11:16:14.474149 ike 0: found XXX-XXX XX.XXX.96.196 3 -> XX.XXX.150.114:500
2025-01-22 11:16:14.474161 ike 0:XXX-XXX:140661: processing notify type NAT_DETECTION_SOURCE_IP
2025-01-22 11:16:14.474193 ike 0:XXX-XXX:140661: processing NAT-D payload
2025-01-22 11:16:14.474203 ike 0:XXX-XXX:140661: NAT not detected
2025-01-22 11:16:14.474208 ike 0:XXX-XXX:140661: process NAT-D
2025-01-22 11:16:14.474212 ike 0:XXX-XXX:140661: processing notify type NAT_DETECTION_DESTINATION_IP
2025-01-22 11:16:14.474228 ike 0:XXX-XXX:140661: processing NAT-D payload
2025-01-22 11:16:14.474233 ike 0:XXX-XXX:140661: NAT not detected
2025-01-22 11:16:14.474238 ike 0:XXX-XXX:140661: process NAT-D
2025-01-22 11:16:14.474242 ike 0:XXX-XXX:140661: processing notify type FRAGMENTATION_SUPPORTED
2025-01-22 11:16:14.474277 ike 0:XXX-XXX:140661: responder preparing SA_INIT msg
2025-01-22 11:16:14.474298 ike 0:XXX-XXX:140661: generate DH public value request queued
2025-01-22 11:16:14.474340 ike 0:XXX-XXX:140661: responder preparing SA_INIT msg
2025-01-22 11:16:14.474360 ike 0:XXX-XXX:140661: compute DH shared secret request queued
2025-01-22 11:16:14.477609 ike 0:XXX-XXX:140661: responder preparing SA_INIT msg
2025-01-22 11:16:14.477628 ike 0:XXX-XXX:140661: create NAT-D hash local XX.XXX.96.196/500 remote XX.XXX.150.114/500
2025-01-22 11:16:14.477644 ike 0:XXX-XXX:140661: out 4F5A04DF14C9A50664FB9764164ABF282120222000000000000001A8220000300000002C010100040300000C0
100000C800E01000300000802000005030000080300000C000000080400000E28000108000E0000064B311BF1E5F4577AD50E19A20E296B736AE24FA3F5923244F45CD488D797C
00656B41C7C44DB482EBF8FB5D2650013EFBA2ABFD272BA345E0615F12BD5A056A3E2C61ED96DBC8E5419A9F177F93920DE4D6B5355F5C263E8556E6016354A19DE024C36DA979
AFE7BFD63655DA0D8AD2F065799A4C7EFBCB45B94015699302B13BD4F4241CC5A6F237BD23FBC55FA11987C5E03EBC1708757857256D67AEE29DFC78B75EB13BC33BE1DA8D4623
AB3970FB590BD68C3B12B00C0CDB17363FC789D3AB9FCEF93F7234C377090C640C42DD015B1CFF67AFF74E5533D58DE2091FB8304A3E0F88E184B217CB82F64095C8697291E26E
94667D7F35AE9B588C9846C290000140772D3740A655E72DA40C7C3298AC66E2900001C000040046178E2BB63BF1497BBAF332CBE0949AC3ACECC032900001C000040057935AB2
CE1D578BD826C4732DD88D2BE01C0FFC1000000080000402E
2025-01-22 11:16:14.477682 ike 0:XXX-XXX:140661: sent IKE msg (SA_INIT_RESPONSE): XX.XXX.96.196:500->XX.XXX.150.114:500, len=424, vrf=0, id=4f
5a04df14c9a506/64fb9764164abf28
2025-01-22 11:16:14.477741 ike 0:XXX-XXX:140661: IKE SA 4f5a04df14c9a506/64fb9764164abf28 SK_ei 32:D714B955EBB73B7EAD18C290295124201F374954F8D
94CE1F7B7CBC719D88802
2025-01-22 11:16:14.477750 ike 0:XXX-XXX:140661: IKE SA 4f5a04df14c9a506/64fb9764164abf28 SK_er 32:4EDAAD58F68FF0288171511AC02B78A96B26C052989
79AED63D672B8FCCD2FF2
2025-01-22 11:16:14.477758 ike 0:XXX-XXX:140661: IKE SA 4f5a04df14c9a506/64fb9764164abf28 SK_ai 32:F5A721BF4FC2F24F66AAB1907FC557A4E412AB5829B
E0C4C527F8F6DBC29E8C3
2025-01-22 11:16:14.477766 ike 0:XXX-XXX:140661: IKE SA 4f5a04df14c9a506/64fb9764164abf28 SK_ar 32:4130AEB63128913165107C612A72A9123821CEC1FA0
0EE55D0F730E640B985E6
2025-01-22 11:16:14.479326 ike 0: comes XX.XXX.150.114:500->XX.XXX.96.196:500,ifindex=3,vrf=0....
2025-01-22 11:16:14.479339 ike 0: IKEv2 exchange=AUTH id=4f5a04df14c9a506/64fb9764164abf28:00000001 len=288
2025-01-22 11:16:14.479349 ike 0: in 4F5A04DF14C9A50664FB9764164ABF282E20230800000001000001202B000104DF61058E8ED8B1ADB7BC9247A3655B107CAEF5E01
68BD343C4812FAF3A4418461BD8E0889220A82DFDA8775309EC1C84DA0F9DFE7E10022BE0CF584D3859DDF93C0834CE580E18EFF5B89CD10E2D8C84B9A65B418D249980C319942
F80F8FDF72B4B689B637BEA4DEFC6BF906A74D404F2AC9A47E523DBF2B8A086B6B7EC5DC974884687D01B66E671DCD4B406202FBFE4CB31F906AFCE5339828177F97FD8754DCD4
A715E72F42CC3FAF0BD5601E1698F0E21A28A2ABDAB46CE2EC770949984A007E47850A029D32A71A2F0A6C11D21E3DA05C64C63ACDE7A1F7BA7B8E5FF68A4ABFDD7692C229FA8D
140C67B7C102DC7DFA1250B1A7055E260278C5F105DBB
2025-01-22 11:16:14.479383 ike 0:XXX-XXX:140661: dec 4F5A04DF14C9A50664FB9764164ABF282E20230800000001000000FC2B000004230000144D5A05DF07FE56410
633F484C915FFE12700000C010000003EF5967221000028020000006FFCCF1B91BE0F5876F0D15AB816812686C64420C65D1B592A414D300C013B862C00002C000000280103040
3A19772820300000C0100000C800E0100030000080300000C00000008050000002D00002802000000070000100000FFFFA02EC555A02EC555070000100000FFFFA02EC000A02ED
FFF2900002802000000070000100000FFFFAC121A90AC121A90070000100000FFFFAC121A90AC121A9F2900000801004000290000080100400A000000080100400B
2025-01-22 11:16:14.479398 ike 0:XXX-XXX:140661: responder received AUTH msg
2025-01-22 11:16:14.479404 ike 0:XXX-XXX:140661: processing notify type INITIAL_CONTACT
2025-01-22 11:16:14.479423 ike 0:XXX-XXX:140661: processing notify type ESP_TFC_PADDING_NOT_SUPPORTED
2025-01-22 11:16:14.479439 ike 0:XXX-XXX:140661: processing notify type NON_FIRST_FRAGMENTS_ALSO
2025-01-22 11:16:14.479455 ike 0:XXX-XXX:140661: peer identifier IPV4_ADDR XX.XXX.150.114
2025-01-22 11:16:14.479478 ike 0:XXX-XXX:140661: auth verify done
2025-01-22 11:16:14.479486 ike 0:XXX-XXX:140661: responder AUTH continuation
2025-01-22 11:16:14.479491 ike 0:XXX-XXX:140661: authentication succeeded
2025-01-22 11:16:14.479508 ike 0:XXX-XXX:140661: responder creating new child
2025-01-22 11:16:14.479528 ike 0:XXX-XXX:140661:321856: peer proposal:
2025-01-22 11:16:14.479536 ike 0:XXX-XXX:140661:321856: TSi_0 0:XXX.XX.197.85-XXX.XX.197.85:0
2025-01-22 11:16:14.479543 ike 0:XXX-XXX:140661:321856: TSi_1 0:XXX.XX.192.0-XXX.XX.223.255:0
2025-01-22 11:16:14.479549 ike 0:XXX-XXX:140661:321856: TSr_0 0:XXX.XX.26.144-XXX.XX.26.144:0
2025-01-22 11:16:14.479555 ike 0:XXX-XXX:140661:321856: TSr_1 0:XXX.XX.26.144-XXX.XX.26.159:0
2025-01-22 11:16:14.479559 ike 0:XXX-XXX:140661:XXX-XXX3:321856: comparing selectors
2025-01-22 11:16:14.479566 ike 0:XXX-XXX:140661:XXX-XXX3:321856: matched by rfc-rule-2
2025-01-22 11:16:14.479572 ike 0:XXX-XXX:140661:XXX-XXX3:321856: phase2 matched by subset
2025-01-22 11:16:14.479578 ike 0:XXX-XXX:140661:321856: local narrowing exactly matches static selector
2025-01-22 11:16:14.479583 ike 0:XXX-XXX:140661:XXX-XXX3:321856: accepted proposal:
2025-01-22 11:16:14.479590 ike 0:XXX-XXX:140661:XXX-XXX3:321856: TSi_0 0:XXX.XX.192.0-XXX.XX.223.255:0
2025-01-22 11:16:14.479596 ike 0:XXX-XXX:140661:XXX-XXX3:321856: TSr_0 0:XXX.XX.26.144-XXX.XX.26.159:0
2025-01-22 11:16:14.479601 ike 0:XXX-XXX:140661:XXX-XXX3:321856: autokey
2025-01-22 11:16:14.479611 ike 0:XXX-XXX:140661:XXX-XXX3:321856: incoming child SA proposal:
2025-01-22 11:16:14.479618 ike 0:XXX-XXX:140661:XXX-XXX3:321856: proposal id = 1:
2025-01-22 11:16:14.479623 ike 0:XXX-XXX:140661:XXX-XXX3:321856: protocol = ESP:
2025-01-22 11:16:14.479628 ike 0:XXX-XXX:140661:XXX-XXX3:321856: encapsulation = TUNNEL
2025-01-22 11:16:14.479633 ike 0:XXX-XXX:140661:XXX-XXX3:321856: type=ENCR, val=AES_CBC (key_len = 256)
2025-01-22 11:16:14.479639 ike 0:XXX-XXX:140661:XXX-XXX3:321856: type=INTEGR, val=SHA256
2025-01-22 11:16:14.479644 ike 0:XXX-XXX:140661:XXX-XXX3:321856: type=ESN, val=NO
2025-01-22 11:16:14.479650 ike 0:XXX-XXX:140661:XXX-XXX3:321856: PFS is disabled
2025-01-22 11:16:14.479656 ike 0:XXX-XXX:140661:XXX-XXX3:321856: matched proposal id 1
2025-01-22 11:16:14.479661 ike 0:XXX-XXX:140661:XXX-XXX3:321856: proposal id = 1:
2025-01-22 11:16:14.479665 ike 0:XXX-XXX:140661:XXX-XXX3:321856: protocol = ESP:
2025-01-22 11:16:14.479670 ike 0:XXX-XXX:140661:XXX-XXX3:321856: encapsulation = TUNNEL
2025-01-22 11:16:14.479675 ike 0:XXX-XXX:140661:XXX-XXX3:321856: type=ENCR, val=AES_CBC (key_len = 256)
2025-01-22 11:16:14.479680 ike 0:XXX-XXX:140661:XXX-XXX3:321856: type=INTEGR, val=SHA256
2025-01-22 11:16:14.479685 ike 0:XXX-XXX:140661:XXX-XXX3:321856: type=ESN, val=NO
2025-01-22 11:16:14.479690 ike 0:XXX-XXX:140661:XXX-XXX3:321856: PFS is disabled
2025-01-22 11:16:14.479694 ike 0:XXX-XXX:140661:XXX-XXX3:321856: lifetime=3600
2025-01-22 11:16:14.479713 ike 0:XXX-XXX:140661: responder preparing AUTH msg
2025-01-22 11:16:14.479723 ike 0:XXX-XXX:140661: established IKE SA 4f5a04df14c9a506/64fb9764164abf28
2025-01-22 11:16:14.479746 ike 0:XXX-XXX:140661: check peer route: if_addr4_rcvd=0, if_addr6_rcvd=0, mode_cfg=0
2025-01-22 11:16:14.479755 ike 0:XXX-XXX:140661: processing INITIAL-CONTACT
2025-01-22 11:16:14.479760 ike 0:XXX-XXX: flushing
2025-01-22 11:16:14.479801 ike 0:XXX-XXX: deleting IPsec SA with SPI e78c61ae
2025-01-22 11:16:14.479864 ike 0:XXX-XXX:XXX-XXX3: deleted IPsec SA with SPI e78c61ae, SA count: 0
2025-01-22 11:16:14.479871 ike 0:XXX-XXX: sending SNMP tunnel DOWN trap for XXX-XXX3
2025-01-22 11:16:14.479911 ike 0:XXX-XXX: static tunnel down event 0.0.0.0 (dev=24)
2025-01-22 11:16:14.479952 ike 0:XXX-XXX: static tunnel down event :: (dev=24)
2025-01-22 11:16:14.479970 ike 0:XXX-XXX:140650:XXX-XXX3:321834: sending delete for IPsec SA SPI 020dd97f
2025-01-22 11:16:14.479980 ike 0:XXX-XXX:140650::321857: wait for pending request :321855
2025-01-22 11:16:14.480011 ike 0:XXX-XXX: deleting IPsec SA with SPI 7c393c64
2025-01-22 11:16:14.480059 ike 0:XXX-XXX:XXX-XXX5: deleted IPsec SA with SPI 7c393c64, SA count: 0
2025-01-22 11:16:14.480067 ike 0:XXX-XXX: sending SNMP tunnel DOWN trap for XXX-XXX5
2025-01-22 11:16:14.480092 ike 0:XXX-XXX: static tunnel down event 0.0.0.0 (dev=24)
2025-01-22 11:16:14.480107 ike 0:XXX-XXX: static tunnel down event :: (dev=24)
2025-01-22 11:16:14.480121 ike 0:XXX-XXX:140650:XXX-XXX5:321830: sending delete for IPsec SA SPI 020dd97e
2025-01-22 11:16:14.480132 ike 0:XXX-XXX:140650::321858: wait for pending request :321855
2025-01-22 11:16:14.480153 ike 0:XXX-XXX: deleting IPsec SA with SPI 7c393c64
2025-01-22 11:16:14.480169 ike 0:XXX-XXX: IPsec SA with SPI 7c393c64 deletion failed: 2
2025-01-22 11:16:14.480177 ike 0:XXX-XXX: deleting IPsec SA with SPI e78c61ae
2025-01-22 11:16:14.480192 ike 0:XXX-XXX: IPsec SA with SPI e78c61ae deletion failed: 2
2025-01-22 11:16:14.480201 ike 0:XXX-XXX: deleting IPsec SA with SPI 7c393c64
2025-01-22 11:16:14.480216 ike 0:XXX-XXX: IPsec SA with SPI 7c393c64 deletion failed: 2
2025-01-22 11:16:14.480227 ike 0:XXX-XXX: deleting IPsec SA with SPI e78c61ae
2025-01-22 11:16:14.480243 ike 0:XXX-XXX: IPsec SA with SPI e78c61ae deletion failed: 2
2025-01-22 11:16:14.480278 ike 0:XXX-XXX:140650:321859: send informational
2025-01-22 11:16:14.480292 ike 0:XXX-XXX:140650: enc 00000008010000000706050403020107
2025-01-22 11:16:14.480321 ike 0:XXX-XXX:140650: out A642E8B2AE97E27184B663F7CFC536BE2E20250000000001000000502A000034CA7FFFA9DBBA3460C154D5D39
57A3A32CE6B321325EA55E6350A8193FF5D18FD0533431A85D3955AE65A978163F9177D
2025-01-22 11:16:14.480346 ike 0:XXX-XXX:140650: sent IKE msg (INFORMATIONAL): XX.XXX.96.196:500->XX.XXX.150.114:500, len=80, vrf=0, id=a642e8
b2ae97e271/84b663f7cfc536be:00000001
2025-01-22 11:16:14.480379 ike 0:XXX-XXX: schedule auto-negotiate
2025-01-22 11:16:14.480421 ike 0:XXX-XXX: flushed
2025-01-22 11:16:14.480429 ike 0:XXX-XXX:140661: processed INITIAL-CONTACT
2025-01-22 11:16:14.480452 ike 0:XXX-XXX:140661:XXX-XXX3:321856: set sa life soft seconds=3333.
2025-01-22 11:16:14.480460 ike 0:XXX-XXX:140661:XXX-XXX3:321856: set sa life hard seconds=3600.
2025-01-22 11:16:14.480479 ike 0:XXX-XXX:140661:XXX-XXX3:321856: IPsec SA selectors #src=1 #dst=1
2025-01-22 11:16:14.480489 ike 0:XXX-XXX:140661:XXX-XXX3:321856: src 0 7 0:XXX.XX.26.144-XXX.XX.26.159:0
2025-01-22 11:16:14.480495 ike 0:XXX-XXX:140661:XXX-XXX3:321856: dst 0 7 0:XXX.XX.192.0-XXX.XX.223.255:0
2025-01-22 11:16:14.480500 ike 0:XXX-XXX:140661:XXX-XXX3:321856: add IPsec SA: SPIs=020dd980/a1977282
2025-01-22 11:16:14.480506 ike 0:XXX-XXX:140661:XXX-XXX3:321856: IPsec SA dec spi 020dd980 key 32:0DE95528E4783D4948A87D1E9209D54D6C94949CD117
30DBDFDF1E5D7F2EB373 auth 32:6F202B146CAA14D9AEFC2C6290390F0C19035D5F523203A6F0A4FD86064D3587
2025-01-22 11:16:14.480512 ike 0:XXX-XXX:140661:XXX-XXX3:321856: IPsec SA enc spi a1977282 key 32:FD5C23D949DB305248AEA0FE75B87772FC15B57097DA
E2E1BE473920E0A1E9AE auth 32:0BD0A910F49FACF445EE90BF199FB92156F910EC22515B6482ED8065E77042FD
2025-01-22 11:16:14.480552 ike 0:XXX-XXX:140661:XXX-XXX3:321856: added IPsec SA: SPIs=020dd980/a1977282
2025-01-22 11:16:14.480574 ike 0:XXX-XXX:140661:XXX-XXX3:321856: sending SNMP tunnel UP trap
2025-01-22 11:16:14.480589 ike 0:XXX-XXX: static tunnel up event 0.0.0.0 (dev=24)
2025-01-22 11:16:14.480610 ike 0:XXX-XXX: static tunnel up event :: (dev=24)
2025-01-22 11:16:14.480672 ike 0:XXX-XXX:140661: enc 2700000C01000000528760C42100002802000000ECD3B038DCC1DEC86A8341ED1A98E9D2DA90F7D2E3B7D636C
BA4315C198DB9302C00002C0000002801030403020DD9800300000C0100000C800E0100030000080300000C00000008050000002D00001801000000070000100000FFFFA02EC00
0A02EDFFF0000001801000000070000100000FFFFAC121A90AC121A9F0F0E0D0C0B0A0908070605040302010F
2025-01-22 11:16:14.480699 ike 0:XXX-XXX:140661: out 4F5A04DF14C9A50664FB9764164ABF282E20232000000001000000E0240000C4F9B7BFBA563614AA906408837
F1967ED451A7FF1828C7B9499552BE9F830669D6A09224880FF0CDD2E33EC05D859B3AA3C847488817B5DC0272B1FBBAEB92944DB42E7BA526557223183DE7E95777C9199D59F6
3ABEA15C8F9D905EAE7212944896B486D0C2E7431CE448D629F3611F888360776A414BAC87FAD7D469E2374C74844D7CA20CBC2192C1E7F85B30E4E39FD57A728318D90EFEE6A0
EA98BAF7288EDD40C86247E7689D370F27872EA35AA7B3D964FA92C4E4F763EE1E702E8A7A5
2025-01-22 11:16:14.480730 ike 0:XXX-XXX:140661: sent IKE msg (AUTH_RESPONSE): XX.XXX.96.196:500->XX.XXX.150.114:500, len=224, vrf=0, id=4f5a0
4df14c9a506/64fb9764164abf28:00000001
2025-01-22 11:16:14.481383 ike 0:XXX-XXX: link is idle 3 XX.XXX.96.196->XX.XXX.150.114:0 dpd=1 seqno=108848 rr=0
2025-01-22 11:16:14.667298 ike 0: comes XX.XXX.150.114:500->XX.XXX.96.196:500,ifindex=3,vrf=0....
2025-01-22 11:16:14.667327 ike 0: IKEv2 exchange=CREATE_CHILD id=4f5a04df14c9a506/64fb9764164abf28:00000002 len=544
2025-01-22 11:16:14.667352 ike 0: in 4F5A04DF14C9A50664FB9764164ABF282E202408000000020000022021000204A4ABFDD7692C229FA8D140C67B7C102D6057ABB7B
A19DEB8BED9E8E61D208108312F56D40F07F3AB6D2BB227E87653E3D19BAB101B3721BBB3CB39EA489057B5E44419F03DF52CE084121050A7E1DF3C16042DB2F9A0DE26C9D868C
9A12C0F2C1F0685D6C0424EBE8432C85BAF8B98C043612FBB3AFFBD8464311D302C660E70E4F0A7CA2BEBB408C370FF74ED8AF58FC5E5066FE927F175EB7D6932AB2A59C71A95C
1531EA1A62D078E575BBBE0662634B06D1182AE0C935E89EFB88D6B744A21912D50600733EBFF3B13B904CA547BC1782FB9ADF70945B905BD8768E636B0C1D296D1168FAD156CE
06820D6182AF12E7DEA203F87C9C29AD4DD9E7EB07DB43A8374841BB558161E4393C71BFCA894DD629C90BAD494BDD37D0BABBEC2FD60AE62169F99069DB94901379603A573FA3
0923435C6980FCB2B72B24D3AC323A73D317F2B8E56D78CEB3F55B999EE927AEF8005ED0DA8FC8BAA9DB50B6B75083A917F563B5216F186A0523022BE6DA41097ABF5DD7170B96
66451A49B08EE982268BBB72BECFF159215D833465DAA90A6359DD4C984EFA65FB1017721DCA58AE626EC14E49CD690BA9F34E18B444B956C41DD7D1980C9CF4D91A5E2B2E4881
F739DB59C5C287A308050939B9962C8678A442B2E1A81E070DC5AC5B638C559A8B863285F6F1D5A8B35C6A87B2E6E39B65C55BC9F1D3D13761363E79014E740BDE0
2025-01-22 11:16:14.667407 ike 0:XXX-XXX:140661: dec 4F5A04DF14C9A50664FB9764164ABF282E20240800000002000001F0210000042800003400000030010304042
802EEFA0300000C0100000C800E0100030000080300000C030000080400000E00000008050000002200004483DA94C8C790B00441CFF84F3D6C822A427E01E1497BA42BDD26BD2
3C0079034CA1977ABA9578051A00E5AC0B57DAB43C5070017D23EFC7A1763A8E1CCB024572C000108000E0000EBB47D853C10E989DFCD63FEC2C7DBF5A78F84889DC786BCCA738
992AB521E79B7DDDF899E4E67CED8AA3E35CAD6E24AE6F3F94636E0A89AAD7D10FD6A53DA269D5F7D6DF663A1A77D3EE27514A7171EB2432168B26FF8237B92B27F77EAD162984
51C4863E340C902A94C9F7514F12010F6C4D43D0CB16970FA7ECB2811EC74E26ED4D17187A769C0067FEEF15A5B5A331A825B57D93C4D5FC346A38DDE49C4C71E97913E2B2A903
85F5B7699090AD0E06A5E372E17E2665D9E9888C0F177CFD009BA44B6D1786DD8CB0F28FF9DB38E486F699A9B7D59C259DA97708FC1D1B248AA3568699C3D79778DA5903CF3F93
3211F579D67C578A408DA4BDFA6BE25782D00002802000000070000100000FFFFA030A72DA030A72D070000100000FFFFA0300000A033FFFF0000002802000000070000100000F
FFFAC121A90AC121A90070000100000FFFFAC121A90AC121A9F
2025-01-22 11:16:14.667427 ike 0:XXX-XXX:140661: received create-child request
2025-01-22 11:16:14.667432 ike 0:XXX-XXX:140661: responder received CREATE_CHILD exchange
2025-01-22 11:16:14.667439 ike 0:XXX-XXX:140661: responder creating new child
2025-01-22 11:16:14.667467 ike 0:XXX-XXX:140661:321860: peer proposal:
2025-01-22 11:16:14.667474 ike 0:XXX-XXX:140661:321860: TSi_0 0:XXX.XX.167.45-XXX.XX.167.45:0
2025-01-22 11:16:14.667481 ike 0:XXX-XXX:140661:321860: TSi_1 0:XXX.XX.0.0-160.51.255.255:0
2025-01-22 11:16:14.667487 ike 0:XXX-XXX:140661:321860: TSr_0 0:XXX.XX.26.144-XXX.XX.26.144:0
2025-01-22 11:16:14.667492 ike 0:XXX-XXX:140661:321860: TSr_1 0:XXX.XX.26.144-XXX.XX.26.159:0
2025-01-22 11:16:14.667497 ike 0:XXX-XXX:140661:XXX-XXX3:321860: comparing selectors
2025-01-22 11:16:14.667504 ike 0:XXX-XXX:140661:XXX-XXX5:321860: comparing selectors
2025-01-22 11:16:14.667509 ike 0:XXX-XXX:140661:XXX-XXX5:321860: matched by rfc-rule-2
2025-01-22 11:16:14.667514 ike 0:XXX-XXX:140661:XXX-XXX5:321860: phase2 matched by subset
2025-01-22 11:16:14.667520 ike 0:XXX-XXX:140661:321860: local narrowing exactly matches static selector
2025-01-22 11:16:14.667525 ike 0:XXX-XXX:140661:XXX-XXX5:321860: accepted proposal:
2025-01-22 11:16:14.667531 ike 0:XXX-XXX:140661:XXX-XXX5:321860: TSi_0 0:XXX.XX.0.0-160.51.255.255:0
2025-01-22 11:16:14.667537 ike 0:XXX-XXX:140661:XXX-XXX5:321860: TSr_0 0:XXX.XX.26.144-XXX.XX.26.159:0
2025-01-22 11:16:14.667545 ike 0:XXX-XXX:140661:XXX-XXX5:321860: autokey
2025-01-22 11:16:14.667555 ike 0:XXX-XXX:140661:XXX-XXX5:321860: incoming child SA proposal:
2025-01-22 11:16:14.667560 ike 0:XXX-XXX:140661:XXX-XXX5:321860: proposal id = 1:
2025-01-22 11:16:14.667565 ike 0:XXX-XXX:140661:XXX-XXX5:321860: protocol = ESP:
2025-01-22 11:16:14.667569 ike 0:XXX-XXX:140661:XXX-XXX5:321860: encapsulation = TUNNEL
2025-01-22 11:16:14.667574 ike 0:XXX-XXX:140661:XXX-XXX5:321860: type=ENCR, val=AES_CBC (key_len = 256)
2025-01-22 11:16:14.667579 ike 0:XXX-XXX:140661:XXX-XXX5:321860: type=INTEGR, val=SHA256
2025-01-22 11:16:14.667584 ike 0:XXX-XXX:140661:XXX-XXX5:321860: type=DH_GROUP, val=MODP2048
2025-01-22 11:16:14.667588 ike 0:XXX-XXX:140661:XXX-XXX5:321860: type=ESN, val=NO
2025-01-22 11:16:14.667594 ike 0:XXX-XXX:140661:XXX-XXX5:321860: matched proposal id 1
2025-01-22 11:16:14.667599 ike 0:XXX-XXX:140661:XXX-XXX5:321860: proposal id = 1:
2025-01-22 11:16:14.667604 ike 0:XXX-XXX:140661:XXX-XXX5:321860: protocol = ESP:
2025-01-22 11:16:14.667608 ike 0:XXX-XXX:140661:XXX-XXX5:321860: encapsulation = TUNNEL
2025-01-22 11:16:14.667613 ike 0:XXX-XXX:140661:XXX-XXX5:321860: type=ENCR, val=AES_CBC (key_len = 256)
2025-01-22 11:16:14.667617 ike 0:XXX-XXX:140661:XXX-XXX5:321860: type=INTEGR, val=SHA256
2025-01-22 11:16:14.667621 ike 0:XXX-XXX:140661:XXX-XXX5:321860: type=DH_GROUP, val=MODP2048
2025-01-22 11:16:14.667626 ike 0:XXX-XXX:140661:XXX-XXX5:321860: type=ESN, val=NO
2025-01-22 11:16:14.667630 ike 0:XXX-XXX:140661:XXX-XXX5:321860: lifetime=3600
2025-01-22 11:16:14.667635 ike 0:XXX-XXX:140661:XXX-XXX5:321860: PFS enabled, group=14
2025-01-22 11:16:14.667653 ike 0:XXX-XXX:140661:XXX-XXX5:321860: generate DH public value request queued
2025-01-22 11:16:14.668423 ike 0:XXX-XXX:140661:XXX-XXX5:321860: compute DH shared secret request queued
2025-01-22 11:16:14.671692 ike 0:XXX-XXX:140661:XXX-XXX5:321860: set sa life soft seconds=3332.
2025-01-22 11:16:14.671699 ike 0:XXX-XXX:140661:XXX-XXX5:321860: set sa life hard seconds=3600.
2025-01-22 11:16:14.671728 ike 0:XXX-XXX:140661:XXX-XXX5:321860: IPsec SA selectors #src=1 #dst=1
2025-01-22 11:16:14.671734 ike 0:XXX-XXX:140661:XXX-XXX5:321860: src 0 7 0:XXX.XX.26.144-XXX.XX.26.159:0
2025-01-22 11:16:14.671740 ike 0:XXX-XXX:140661:XXX-XXX5:321860: dst 0 7 0:XXX.XX.0.0-160.51.255.255:0
2025-01-22 11:16:14.671745 ike 0:XXX-XXX:140661:XXX-XXX5:321860: add IPsec SA: SPIs=020dd981/2802eefa
2025-01-22 11:16:14.671750 ike 0:XXX-XXX:140661:XXX-XXX5:321860: IPsec SA dec spi 020dd981 key 32:716AA363D2CF483095A3244A5C1A73B78260F36AB91F
DB690D6E846C7BE53DAE auth 32:2707730763F90AFD650298483929B93C566CB792AE3AEAF6D99C353B266CAE92
2025-01-22 11:16:14.671756 ike 0:XXX-XXX:140661:XXX-XXX5:321860: IPsec SA enc spi 2802eefa key 32:0054012A8B02A4E7947F5CC3655A96ACBFC03C292881
99C5D8548BA6F179A60E auth 32:5585DE5B012EE531A77EC7504CC0C6BDCDDA9EC60517880BF5EE4B9A018A5E38
2025-01-22 11:16:14.671792 ike 0:XXX-XXX:140661:XXX-XXX5:321860: added IPsec SA: SPIs=020dd981/2802eefa
2025-01-22 11:16:14.671815 ike 0:XXX-XXX:140661:XXX-XXX5:321860: sending SNMP tunnel UP trap
2025-01-22 11:16:14.671825 ike 0:XXX-XXX: static tunnel up event 0.0.0.0 (dev=24)
2025-01-22 11:16:14.671875 ike 0:XXX-XXX: static tunnel up event :: (dev=24)
2025-01-22 11:16:14.671923 ike 0:XXX-XXX:140661:XXX-XXX5:321860: responder preparing CREATE_CHILD message
2025-01-22 11:16:14.671941 ike 0:XXX-XXX:140661: enc 280000340000003001030404020DD9810300000C0100000C800E0100030000080300000C030000080400000E0
00000080500000022000014709FFDFF0BB5767BE96152A4F49B65D92C000108000E0000E65462BE7AFA0E0636DA6A915BDAB7160203D7FCC0B8355AA2712B0B48F732C5C2FA855
1C192D46590AA94A3FBEAC35E3A3376EACA59B967F50F872CA9A44389BE904564746EA68228370F09F4B4651B3F5AEFE4B4585DE4664E8FEFCDCE6ADEFF062FFAF8479A43C861F
70CE7EF9B6BBC530C917E2A5085C36F98C1D1F6D05AC389972AB997D6C05F35CFFC4D1292A9B7E351402E5268C1E8CAD982E1734CE1587FAD46ADC23AE49F7DC7A6D4B5A168B58
DBB426E9EED07BEEC25101AAACCD197A9552AF45ED7DA9D8A6A9D071C4335A2F4E32713EDFF94B09D2CF298C239C66909E0574C59101934A8395A0BFB7A5920A42AD67F81A0192
2D45780A18381372D00001801000000070000100000FFFFA0300000A033FFFF0000001801000000070000100000FFFFAC121A90AC121A9F0F0E0D0C0B0A0908070605040302010
F
2025-01-22 11:16:14.671983 ike 0:XXX-XXX:140661: out 4F5A04DF14C9A50664FB9764164ABF282E20242000000002000001D0210001B45202A58427991291ECD97D6B1
BC3D773B87770BEC7DCBC36205921BFACBBFE279FB22C7E193ABA5254DF7663144985061CDECE7B241E7ECCD6C51B924FED1687CB98F10BB711E01971DAAB0D82530E4ECFE42A4
56C590D3E1F5C5455EA64905562EC1760810A742EF896AD98689BA49D675FFF85BBA885A643E0AD0B57D7CC53A79CEF05705853667F6D97B06110F90FDACF8D925CFC5DD36D839
6E319A74988841CB5053786F2C12F19E7BD27E6FA3DAA63348D3E2FD835E6EBA18B66FE27DC6677D8ED5F62795153D5163F3C55A2406200D6BDE87BBA4E15BDBE524E66E31635B
931D1DE99025F5F6C57BAD7AD07BFE1D18179814DA028FAF6C1B329FBCB71B3E2DF7F153F5D7EF2FE7AF413029C2F353A9240782EBC86BBCC39D6CD9B29E8682CD4A1E877722A3
598E3CD44746AF42B484621AF8B6E0C20B8D890755A94FC145103CF5B1A1109E733DD4DD99BF929CD0D0DDB181F35BF18E9D3ED5D99964DD45DD0A681F2FD813176544E43973CF
ABBA06566BEB36AE8FBCF1116284B8391FF721DA825BC1584DB3F911FD7607BD033487CBE349472C923FEE57F142BE11AE9DC924D485072C5849E70D9C89A27C3
2025-01-22 11:16:14.672027 ike 0:XXX-XXX:140661: sent IKE msg (CREATE_CHILD_RESPONSE): XX.XXX.96.196:500->XX.XXX.150.114:500, len=464, vrf=0,
id=4f5a04df14c9a506/64fb9764164abf28:00000002
2025-01-22 11:16:36.853713 ike 0: comes XX.XXX.150.114:500->XX.XXX.96.196:500,ifindex=3,vrf=0....
2025-01-22 11:16:36.853740 ike 0: IKEv2 exchange=INFORMATIONAL id=4f5a04df14c9a506/64fb9764164abf28:00000003 len=80
2025-01-22 11:16:36.853752 ike 0: in 4F5A04DF14C9A50664FB9764164ABF282E20250800000003000000500000003463285F6F1D5A8B35C6A87B2E6E39B65C32F395691
064218155ABB40FC73CFBFFE3CFD03B69BB31D7104117C692CC90D8
2025-01-22 11:16:36.853800 ike 0:XXX-XXX:140661: dec 4F5A04DF14C9A50664FB9764164ABF282E202508000000030000002000000004
2025-01-22 11:16:36.853807 ike 0:XXX-XXX:140661: received informational request
2025-01-22 11:16:36.853828 ike 0:XXX-XXX:140661: enc 0F0E0D0C0B0A0908070605040302010F
2025-01-22 11:16:36.853842 ike 0:XXX-XXX:140661: out 4F5A04DF14C9A50664FB9764164ABF282E20252000000003000000500000003442DD1A96283596559BF7BB685
353F02B9D14BC30BFDEC29427D1CBFC585E8A2758262E2230C09B2EF99A05EDDB7B2414
2025-01-22 11:16:36.853873 ike 0:XXX-XXX:140661: sent IKE msg (INFORMATIONAL_RESPONSE): XX.XXX.96.196:500->XX.XXX.150.114:500, len=80, vrf=0,
id=4f5a04df14c9a506/64fb9764164abf28:00000003
2025-01-22 11:17:42.853219 ike 0: comes XX.XXX.150.114:500->XX.XXX.96.196:500,ifindex=3,vrf=0....
2025-01-22 11:17:42.853260 ike 0: IKEv2 exchange=INFORMATIONAL id=4f5a04df14c9a506/64fb9764164abf28:00000004 len=80
2025-01-22 11:17:42.853270 ike 0: in 4F5A04DF14C9A50664FB9764164ABF282E20250800000004000000500000003432F395691064218155ABB40FC73CFBFF02F6E4EF4
D1A7CA365E8EE6925859C4F51F7EB93BD68A9AB9456B4EDCF817B68
2025-01-22 11:17:42.853322 ike 0:XXX-XXX:140661: dec 4F5A04DF14C9A50664FB9764164ABF282E202508000000040000002000000004
2025-01-22 11:17:42.853334 ike 0:XXX-XXX:140661: received informational request
2025-01-22 11:17:42.853358 ike 0:XXX-XXX:140661: enc 0F0E0D0C0B0A0908070605040302010F
2025-01-22 11:17:42.853376 ike 0:XXX-XXX:140661: out 4F5A04DF14C9A50664FB9764164ABF282E20252000000004000000500000003424907DB734B5F95AA2FC43024
17DF3B6E5878CBBDFE10FCC78BDBB86D58C021D1A3F130BFEEF22EF86BA942D9A8BFBA5
2025-01-22 11:17:42.853407 ike 0:XXX-XXX:140661: sent IKE msg (INFORMATIONAL_RESPONSE): XX.XXX.96.196:500->XX.XXX.150.114:500, len=80, vrf=0,
id=4f5a04df14c9a506/64fb9764164abf28:00000004
It is resolved by now! After I tried many things to resolve this, one of these have fixed it:
1. My best guess is I disabled NAT-T on the IPSEC tunnel's network settings as there was also a SNAT configured in Central SNAT and I think it interfered.
2. I removed some of the partner networks IPs of allowed IPs in the settings of another OpenVPN service that did not work. It might have interfered with the traffic resulting in packages being dropped.
User | Count |
---|---|
2549 | |
1356 | |
795 | |
646 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.