Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sims
New Contributor III

Created on ‎01-20-2016 09:37 PM

Tunnel is up ,Byte Received 0

Hi,

 

Ipsec tunnel is up , but shows byte received 0

please help (conf file atatched )

Thanks 

Preview file
131 KB
24171
0 Kudos
11 REPLIES 11
emnoc
Esteemed Contributor III

Created on ‎01-20-2016 11:04 PM

the dig debug flow is your friend. I would also check the client to ensure they have the dynamic range that id and the route table on the dialup user.

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
8486
0 Kudos
sims
New Contributor III
In response to emnoc

Created on ‎01-23-2016 02:22 AM

Hi

Thank you for your support . Actually i got the log during deug . ( i have replaced original ip addresses) 

m wan1." id=13 trace_id=1991 msg="Find an existing session, id-057b5cfa, original direction" id=13 trace_id=1991 msg="NAT-T keep-alive" id=13 trace_id=1992 msg="vd-root received a packet(proto=17, remote-ip:14688->wanip:4500) from wan1." id=13 trace_id=1992 msg="Find an existing session, id-057b5cfa, original direction" id=13 trace_id=1993 msg="vd-root received a packet(proto=17, wanip:4500->remote-ip:14688) from local." id=13 trace_id=1993 msg="Find an existing session, id-057b5cfa, reply direction" id=13 trace_id=1994 msg="vd-root received a packet(proto=17, remote-ip:14688->wanip:4500) from wan1." id=13 trace_id=1994 msg="Find an existing session, id-057b5cfa, original direction" id=13 trace_id=1994 msg="NAT-T keep-alive" id=13 trace_id=1995 msg="vd-root received a packet(proto=17, remote-ip:14688->wanip:4500) from wan1." id=13 trace_id=1995 msg="Find an existing session, id-057b5cfa, original direction" id=13 trace_id=1995 msg="NAT-T keep-alive" id=13 trace_id=1996 msg="vd-root received a packet(proto=17, remote-ip:14688->wanip:4500) from wan1." id=13 trace_id=1996 msg="Find an existing session, id-057b5cfa, original direction" id=13 trace_id=1996 msg="NAT-T keep-alive" id=13 trace_id=1997 msg="vd-root received a packet(proto=17, remote-ip:14688->wanip:4500) from wan1." id=13 trace_id=1997 msg="Find an existing session, id-057b5cfa, original direction" id=13 trace_id=1997 msg="NAT-T keep-alive" id=13 trace_id=1998 msg="vd-root received a packet(proto=17, remote-ip:14688->wanip:4500) from wan1." id=13 trace_id=1998 msg="Find an existing session, id-057b5cfa, original direction" id=13 trace_id=1998 msg="NAT-T keep-alive" id=13 trace_id=1999 msg="vd-root received a packet(proto=17, remote-ip:14688->wanip:4500) from wan1." id=13 trace_id=1999 msg="Find an existing session, id-057b5cfa, original direction" id=13 trace_id=2000 msg="vd-root received a packet(proto=17, wanip:4500->remote-ip:14688) from local." id=13 trace_id=2000 msg="Find an existing session, id-057b5cfa, reply direction" id=13 trace_id=2001 msg="vd-root received a packet(proto=17, remote-ip:14688->wanip:4500) from wan1." id=13 trace_id=2001 msg="Find an existing session, id-057b5cfa, original direction" id=13 trace_id=2001 msg="NAT-T keep-alive" id=13 trace_id=2002 msg="vd-root received a packet(proto=17, remote-ip:14688->wanip:4500) from wan1." id=13 trace_id=2002 msg="Find an existing session, id-057b5cfa, original direction" id=13 trace_id=2002 msg="NAT-T keep-alive"

 

When i  run " route print " on windows machine i could not see the  route to the  permitted network . 

 

Now another problem started cient not sending or receiving any bytes . 

 

here is the debug output for sent and receive byte 0 

 

id=13 trace_id=3025 msg="allocate a new session-057c9d9a" id=13 trace_id=3026 msg="vd-root received a packet(proto=17, remote-ip:500->wan-ip:500) from wan1." id=13 trace_id=3026 msg="Find an existing session, id-057c9d9a, original direction" id=13 trace_id=3027 msg="vd-root received a packet(proto=17, remote-ip:500->wan-ip:500) from wan1." id=13 trace_id=3027 msg="Find an existing session, id-057c9d9a, original direction" id=13 trace_id=3028 msg="vd-root received a packet(proto=17, remote-ip:500->wan-ip:500) from wan1." id=13 trace_id=3028 msg="Find an existing session, id-057c9d9a, original direction" id=13 trace_id=3029 msg="vd-root received a packet(proto=17, remote-ip:500->wan-ip:500) from wan1." id=13 trace_id=3029 msg="Find an existing session, id-057c9d9a, original direction" id=13 trace_id=3030 msg="vd-root received a packet(proto=17, remote-ip:500->wan-ip:500) from wan1." id=13 trace_id=3030 msg="Find an existing session, id-057c9d9a, original direction" id=13 trace_id=3031 msg="vd-root received a packet(proto=17, remote-ip:500->wan-ip:500) from wan1." id=13 trace_id=3031 msg="Find an existing session, id-057c9d9a, original direction" id=13 trace_id=3032 msg="vd-root received a packet(proto=17, remote-ip:500->wan-ip:500) from wan1." id=13 trace_id=3032 msg="Find an existing session, id-057c9d9a, original direction"

 

I am very new to fortinet 

 

Please help 

 

 

 

8486
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to sims

Created on ‎01-23-2016 04:17 AM

You supply nearly no information that could help:

- which firmware version on the FGT?

- which VPN software, which version?

- how is the VPN client configuration?

 

I deducted you're using a software client from the type of tunnel.

 

A wild guess: you've configured "Mode config" on the FGT - do you know what that is, and is the client prepared for this?

Second hint: if you plan to serve more than 1 VPN client concurrently you'll have to help the FGT to differentiate between multiple clients, keyword: peer ID.

 

Please have a (another) look at the VPN chapter of the Handbook to learn about the different tunnel options.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
8485
0 Kudos
sims
New Contributor III
In response to ede_pfau

Created on ‎01-23-2016 05:16 AM

Hi

Sorry for confusing . 

I am using FG: v5.0,build3608 (GA Patch 7)

and forticlient  is 5.4.0 

Mode  :Aggressive 

 

 " A wild guess: you've configured "Mode config" on the FGT - do you know what that is, and is the client prepared for this? " 

Mode Config  option is selected in client under VPN  settings .

"

if you plan to serve more than 1 VPN client concurrently you'll have to help the FGT to differentiate between multiple clients, keyword: peer ID. "   

At present i have only one client 

When i run tracert on my windoes machine to the local network , he first hop it shows 169.254.1.1 ?

 

 

Please help 

Thank you for your patience 

 

 

8486
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to sims

Created on ‎01-23-2016 07:18 AM

OK, thanks.

Debug the connection buildup on the FGT (CLI / Console window):

diag deb ena

diag deb app ike -1

To undo

diag deb app ike 0

and see / post what happens while the client tries to connect.

To simplify the setup, disable XAuth on the FGT. PSK only will do meanwhile.

You need a valid policy from tunnel to LAN or the tunnel won't connect.

 

There won't be any route on the Windows machine until the connection is up.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
8486
0 Kudos
sims
New Contributor III
In response to ede_pfau

Created on ‎02-20-2016 04:09 AM

Hi ,

Here is the output  of the debug command

 

Unknown action 0 forti_01 (root) # forti_01 (root) # forti_01 (root) # ike 0: comes "client public ip":500->"firewall wan interface":500,ifindex=5.... ike 0: IKEv1 exchange=Identity Protection id=09817d1f6252837e/0000000000000000 len=280 ike 0: in 09817D1F6252837E00000000000000000110020000000000000001180D000064000000010000000100000058010100020300002801010000800B0001000C00040001518080010007800E00808003000180020002800400050000002802010000800B0001000C00040001518080010007800E01008003000180020004800400050D0000144A131C81070358455C5728F20E95452F0D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D0000144C53427B6D465D1B337BB755A37A7FEF0D000014B4F01CA951E9DA8D0BAFBBD34AD3044E0D00001412F5F28C457168A9702D9FE274CC01000D00000C09002689DFD6B71200000014AFCAD71368A1F1C96B8696FC77570100 ike 0:09817d1f6252837e/0000000000000000:117: responder: main mode get 1st message... ike 0:09817d1f6252837e/0000000000000000:117: VID RFC 3947 4A131C81070358455C5728F20E95452F ike 0:09817d1f6252837e/0000000000000000:117: VID draft-ietf-ipsec-nat-t-ike-02 CD60464335DF21F87CFDB2FC68B6A448 ike 0:09817d1f6252837e/0000000000000000:117: VID draft-ietf-ipsec-nat-t-ike-02\n 90CB80913EBB696E086381B5EC427B1F ike 0:09817d1f6252837e/0000000000000000:117: VID forticlient connect license 4C53427B6D465D1B337BB755A37A7FEF ike 0:09817d1f6252837e/0000000000000000:117: VID Fortinet Endpoint Control B4F01CA951E9DA8D0BAFBBD34AD3044E ike 0:09817d1f6252837e/0000000000000000:117: VID CISCO-UNITY 12F5F28C457168A9702D9FE274CC0100 ike 0:09817d1f6252837e/0000000000000000:117: VID draft-ietf-ipsra-isakmp-xauth-06.txt 09002689DFD6B712 ike 0:09817d1f6252837e/0000000000000000:117: VID DPD AFCAD71368A1F1C96B8696FC77570100 ike 0:09817d1f6252837e/0000000000000000:117: negotiation result ike 0:09817d1f6252837e/0000000000000000:117: proposal id = 1: ike 0:09817d1f6252837e/0000000000000000:117:   protocol id = ISAKMP: ike 0:09817d1f6252837e/0000000000000000:117:      trans_id = KEY_IKE. ike 0:09817d1f6252837e/0000000000000000:117:      encapsulation = IKE/none ike 0:09817d1f6252837e/0000000000000000:117:         type=OAKLEY_ENCRYPT_ALG, val=AES_CBC. ike 0:09817d1f6252837e/0000000000000000:117:         type=OAKLEY_HASH_ALG, val=SHA. ike 0:09817d1f6252837e/0000000000000000:117:         type=AUTH_METHOD, val=PRESHARED_KEY. ike 0:09817d1f6252837e/0000000000000000:117:         type=OAKLEY_GROUP, val=1536. ike 0:09817d1f6252837e/0000000000000000:117: ISAKMP SA lifetime=28800 ike 0:09817d1f6252837e/0000000000000000:117: SA proposal chosen, matched gateway Tunnel-1 ike 0:Tunnel-1:117: DPD negotiated ike 0:Tunnel-1:117: peer supports UNITY ike 0:Tunnel-1:117: enable FortiClient license check ike 0:Tunnel-1:117: enable FortiClient endpoint compliance check, use 169.254.1.1 ike 0:Tunnel-1:117: selected NAT-T version: RFC 3947 ike 0:Tunnel-1:117: cookie 09817d1f6252837e/371439c7ce5b61d9 ike 0:Tunnel-1:117: out 09817D1F6252837E371439C7CE5B61D90110020000000000000000D00D00003C000000010000000100000030010100010000002801010000800B0001000C00040001518080010007800E00808003000180020002800400050D0000144A131C81070358455C5728F20E95452F0D000014AFCAD71368A1F1C96B8696FC775701000D00001412F5F28C457168A9702D9FE274CC02040D0000144C53427B6D465D1B337BB755A37A7FEF0D000014B4F01CA951E9DA8D0BAFBBD34AD3044E000000148299031757A36082C6A621DE00050E18 ike 0:Tunnel-1:117: sent IKE msg (ident_r1send): "Firewall Wan interFace ":500->"client Public ip":500, len=208, id=09817d1f6252837e/371439c7ce5b61d9 ike 0: comes "client Public ip":500->"Firewall Wan interFace ":500,ifindex=5.... ike 0: IKEv1 exchange=Identity Protection id=09817d1f6252837e/371439c7ce5b61d9 len=292 ike 0: in 09817D1F6252837E371439C7CE5B61D90410020000000000000001240A0000C47DC65A9BECA87F73407731490599A5337709DDBA24C5C81599C7E0CDB094C774136B6923CB4D8030B5E8ED35AD69805E458C5CD79A5670C47D8CCA12A70EC285BA8FF0C9E9CE5E9FAAA3EA6D5E040BECA5BF98C21AACFB598BC3C1DC18585C35ADD976F03AA6270D102813F49737EE615D51BD0E481E365376A32EE7DC53B628255CABA42D7DB63915788C997AADAA5CF346BE04C4F9432AD41DD98CD84E57F46BDBFAE4D6466A22B49D0BF7F44C4B967504D4613EB68750C1782BA23482845D14000014A855D376D56086343F41D29662BD880C1400001806EEE8A9BD579F9A1F224F55C7F554C0E626B0ED0000001877700F22CA9EAE3783AA692965B5AF1FABCD2585 ike 0:Tunnel-1:117: responder:main mode get 2nd message... ike 0:Tunnel-1:117: NAT detected: PEER ike 0:Tunnel-1:117: out 09817D1F6252837E371439C7CE5B61D90410020000000000000001240A0000C4F45A0B1C75ACEBB59DC2D39E41C23AC2689BF083F88C855EF6BC556F1721EA2D827992B05261863D563D57E02E247441725F3CEA8783AE36D6847F785149A3D248575C012FBD99C890A74830185FAEC1C15A8CAE05AA7844F6D6B01EC6B088D9A235CB40D0455C1CF3C6708CC071E8A4988D2A840D964671219291F091DD4FFFC3515353217528D24D78F05D48DDB39FC22A511F01F9746FD34C77B425C5184E1F2C71AE602E76BAB92CA61964ACAD8B9AAA7F65648C693BB6EC9ECEC62FE90C140000144C0EDF4732999CB03F02411D67A942801400001856DC4CFB9F643AB63D30753A7F89925534A8751A0000001806EEE8A9BD579F9A1F224F55C7F554C0E626B0ED ike 0:Tunnel-1:117: sent IKE msg (ident_r2send): "Firewall Wan interFace ":500->"client Public ip":500, len=292, id=09817d1f6252837e/371439c7ce5b61d9 ike 0:Tunnel-1:117: ISAKMP SA 09817d1f6252837e/371439c7ce5b61d9 key 16:B412EA7CF25935A743B4236877A4224F ike 0: comes "client Public ip":4500->"Firewall Wan interFace ":4500,ifindex=5.... ike 0: IKEv1 exchange=Identity Protection id=09817d1f6252837e/371439c7ce5b61d9 len=108 ike 0: in 09817D1F6252837E371439C7CE5B61D905100201000000000000006C624BDA483E47D3B34654AF27DCA35B3311FF633A5F38D03B867AB9CE018774AE37C40EAAABD0323AE569CE043F41181A54486E314701593FC8E2EF4B73DC78AD88169BC67B57A9E943663880D74DA2BB ike 0:Tunnel-1:117: responder: main mode get 3rd message... ike 0:Tunnel-1:117: dec 09817D1F6252837E371439C7CE5B61D905100201000000000000006C0800000C010000000A0002E10B0000189DFC2DB5011E03193E9919140F1C50159E3AE0290000001C000000010110600209817D1F6252837E371439C7CE5B61D998DDA684FFE0A494B1DBEBFAE0A6C50F ike 0:Tunnel-1:117: received notify type 24578 ike 0:Tunnel-1:117: PSK authentication succeeded ike 0:Tunnel-1:117: authentication OK ike 0:Tunnel-1:117: enc 09817D1F6252837E371439C7CE5B61D90510020100000000000000400800000C01000000A8BB67D2000000185C6E61BA6C70A111D41BB3C213A279233928EDB1 ike 0:Tunnel-1:117: remote port change 500 -> 4500 ike 0:Tunnel-1:117: out 09817D1F6252837E371439C7CE5B61D905100201000000000000004CC9D5685417430F7EA034609EC635B19AA36EE9E3B246C1EE32C89B13C8CDD911D3648033D0FAE2B716E374B5838E5018 ike 0:Tunnel-1:117: sent IKE msg (ident_r3send): "Firewall Wan interFace ":4500->"client Public ip":4500, len=76, id=09817d1f6252837e/371439c7ce5b61d9 ike 0:Tunnel-1:117: established IKE SA 09817d1f6252837e/371439c7ce5b61d9 ike 0:Tunnel-1: adding new dynamic tunnel for "client Public ip":4500 ike 0:Tunnel-1_0: added new dynamic tunnel for "client Public ip":4500 ike 0:Tunnel-1_0: add connected route 169.254.1.1 -> 169.254.1.1 ike 0:Tunnel-1_0:117: processing INITIAL-CONTACT ike 0:Tunnel-1_0: flushing ike 0:Tunnel-1_0: flushed ike 0:Tunnel-1_0:117: processed INITIAL-CONTACT ike 0:Tunnel-1_0:117: send ISAKMP RESPONDER-LIFETIME 28800 sec ike 0:Tunnel-1_0:117: enc 09817D1F6252837E371439C7CE5B61D90810050162ADBC970000005C0B000018E8825A1096B44144D172005FEDC421B4BCA5DB3600000028000000010110600009817D1F6252837E371439C7CE5B61D9800B0001000C000400007080 ike 0:Tunnel-1_0:117: out 09817D1F6252837E371439C7CE5B61D90810050162ADBC970000006CE75F373B042749D438C82E0DB56E44D5CF1DD2DB6C839E4441B3C9C871ACC9558DE1149B98B7A34945522FFE49AEC3C45EE08822D96F7F0F74CF81982B0D0D74CB94C648B997065F9883C9521ADB3225 ike 0:Tunnel-1_0:117: sent IKE msg (RESPONDER-LIFETIME): "Firewall Wan interFace ":4500->"client Public ip":4500, len=108, id=09817d1f6252837e/371439c7ce5b61d9:62adbc97 ike 0:Tunnel-1_0:117: no pending Quick-Mode negotiations ike 0: comes "client Public ip":4500->"Firewall Wan interFace ":4500,ifindex=5.... ike 0: IKEv1 exchange=Mode config id=09817d1f6252837e/371439c7ce5b61d9:d8bdb819 len=124 ike 0: in 09817D1F6252837E371439C7CE5B61D908100601D8BDB8190000007C03CC1A981362DB88EC896BDDAC7A194BC9BBCA95406CBC98EB8A8095E6A3A4A970E303C0193AEC2A31C5416B7C08439D027BF8031FB836C0B5A44078F8F8C836BE445E65616997BFF413E0B303BA1C4746E02B3C36FA55031D2F8A274672EE4B ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D908100601D8BDB8190000007C0E00001874FD8EFC6EC1496697B475DF2F2C95DE2377377300000040010052F900010000000200000003000000040000000D0000700000007002000070030000700400007006000070010000D40A0000D40B00000007000098D7F0F5B8DDFB07 ike 0:Tunnel-1_0:117: mode-cfg type 1 request 0:'' ike 0:Tunnel-1_0:117: mode-cfg using allocated IPv4 10.10.10.100 ike 0:Tunnel-1_0:117: mode-cfg type 2 request 0:'' ike 0:Tunnel-1_0:117: mode-cfg type 3 request 0:'' ike 0:Tunnel-1_0:117: mode-cfg type 4 request 0:'' ike 0:Tunnel-1_0:117: mode-cfg WINS ignored, no WINS servers configured ike 0:Tunnel-1_0:117: mode-cfg type 13 request 0:'' ike 0:Tunnel-1_0:117: mode-cfg type 28672 request 0:'' ike 0:Tunnel-1_0:117: mode-cfg UNITY type 28672 requested ike 0:Tunnel-1_0:117: mode-cfg no banner configured, ignoring ike 0:Tunnel-1_0:117: mode-cfg type 28674 request 0:'' ike 0:Tunnel-1_0:117: mode-cfg UNITY type 28674 requested ike 0:Tunnel-1_0:117: mode-cfg no domain configured, ignoring ike 0:Tunnel-1_0:117: mode-cfg type 28675 request 0:'' ike 0:Tunnel-1_0:117: mode-cfg UNITY type 28675 requested ike 0:Tunnel-1_0:117: mode-cfg UNITY type 28675 not supported, ignoring ike 0:Tunnel-1_0:117: mode-cfg type 28676 request 0:'' ike 0:Tunnel-1_0:117: mode-cfg UNITY type 28676 requested ike 0:Tunnel-1_0:117: mode-cfg type 28678 request 0:'' ike 0:Tunnel-1_0:117: mode-cfg UNITY type 28678 requested ike 0:Tunnel-1_0:117: mode-cfg type 28673 request 0:'' ike 0:Tunnel-1_0:117: mode-cfg UNITY type 28673 requested ike 0:Tunnel-1_0:117: mode-cfg type 21514 requested ike 0:Tunnel-1_0:117: mode-cfg type 21515 requested ike 0:Tunnel-1_0:117: mode-cfg type 7 request 0:'' ike 0:Tunnel-1_0:117: mode-cfg assigned (1) IPv4 address 10.10.10.100 ike 0:Tunnel-1_0:117: mode-cfg assigned (2) IPv4 netmask 255.255.255.0 ike 0:Tunnel-1_0:117: mode-cfg send (13) 0:10.0.144.0/255.255.240.0:0 ike 0:Tunnel-1_0:117: mode-cfg send (13) 0:10.0.144.0/255.255.240.0:0 ike 0:Tunnel-1_0:117: mode-cfg send (3) IPv4 DNS(1) 208.91.112.53 ike 0:Tunnel-1_0:117: mode-cfg send (3) IPv4 DNS(2) 208.91.112.52 ike 0:Tunnel-1_0:117: mode-cfg send (28676) IPv4 subnet 10.0.144.0/255.255.240.0 port 0 proto 0 ike 0:Tunnel-1_0:117: mode-cfg send APPLICATION_VERSION 'FortiGate-1000C v5.00.7,build3608b271,140409' ike 0:Tunnel-1_0:117: include-local-lan is disabled ike 0:Tunnel-1_0:117: client save-password is disabled ike 0:Tunnel-1_0:117: client auto-negotiate is disabled ike 0:Tunnel-1_0:117: client-keep-alive is disabled ike 0:Tunnel-1_0:117: enc 09817D1F6252837E371439C7CE5B61D908100601D8BDB819000000B60E000018645626B31A9A1D27C7F0E564A4AEC3A7D61DC2AF00000082020052F9000100040A0A0A6400020004FFFFFF00000D00080A009000FFFFF000000D00080A009000FFFFF00000030004D05B703500030004D05B70347004000E0A009000FFFFF0000000000000000007002C466F727469476174652D31303030432076352E30302E372C6275696C6433363038623237312C313430343039 ike 0:Tunnel-1_0:117: out 09817D1F6252837E371439C7CE5B61D908100601D8BDB819000000BCA72EF59386EE9278E8322967A4B78285B4477F2C27A3E03D0FE9BDBFEAED73EB1483C918AB918452F2FABD0C6E7B86AEF0BE8D689A1A22E051C89C39C8A8A9FECDDCDD76A2712D45D71F1443A673AFF1E1CC841DAAE54A02C25E9A5E2453D389838234E02E7D1CD97354297A84994E757ABEF91EA8380DE6779F54996A08BBE1C14E73A22158019F9A641D5B2CAA0A3AF17C83107471654AF0C0C8F9397FC6A7 ike 0:Tunnel-1_0:117: sent IKE msg (cfg_send): "Firewall Wan interFace ":4500->"client Public ip":4500, len=188, id=09817d1f6252837e/371439c7ce5b61d9:d8bdb819 ike 0: comes "client Public ip":4500->"Firewall Wan interFace ":4500,ifindex=5.... ike 0: IKEv1 exchange=Quick id=09817d1f6252837e/371439c7ce5b61d9:981e5144 len=668 ike 0: in 09817D1F6252837E371439C7CE5B61D908102001981E51440000029C3DFA441D95014BB758998994DA44C8DB6D49E023122CDABEEBEAEB2DF661C9036BEC7E91A741CE620520F0AE1F1A8B155C86618589EF13396BF5EF5BC4526D526F4097B93110411DE0DEF2F5B0E5CA0C7A19345318B619D9BB73F64C71D01B308EE6B548DF217D0E0D5624F9123DDAD242B4B06FDA6131B380CBE64EF523D81BE167F2E6128327C36927A74D1A28ACAAD368EC19F496FA61E006D607301D4A6267AFEB6AE930C4F053FE46E4A79C9013ED0F65BF60EE069423C2B8493C12C16F56ED47CB8624FEE6B7B089AEBDC2F47C89B177746660FBC81A98179D362CE17DF401A5CD5DCD3F4235BE70B546149DB517A9D2FAF941A6FBF750DF18E7BD1B2782AF8B1991BCD27776BA7D01E7AF55E9BA671A02730EBA98BDB64EF69E2915FF5940FE1C0A9E5B271F7F79AB8F45F5A6F7EEA81E504CA2DD6AA723E9DCAF7B837AD3AA3D57CF93619E723400053119A032C295C2F097599469E68D6573618BBAB357B4FEEB625064E44E310D857686534BF5DBF99CFCFEFB4FD27DE88B5D72AE169B14FEA4B76DA66F88500BE9FE0539476FDC1C48004447B9473D533BF76E60DDA3DC4A2AEE889572F26B043E1C1449021F3207CE5F147369C885065368312B39720CADA241848ED6A01581C46890AC1CD6CBEEE1C7533D48988A0B5ADD5F638FA1520C2449521A787ECD99624D2B029EB72937A5FE13F2FD26A437CBD8239F3BDCB74226320955980D6A40678F72249E83228C90A59915D9E96DDFE1875FD201D5DA5528A90854C75EEF2B37E19119884A8ED4A6BAA15E388FEDDE77709806B4273560A54F676D9F7622A25E80CFFC3D0429B98B7373F27D76760204C675B558A5CE13FF2A33392C18B275988DDB65C42903FD3200F0C11F354612E5CF1F4E ike 0:Tunnel-1_0:117:2504: responder received first quick-mode message ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D908102001981E51440000029C01000018AC3B8213FAC00D9240F9E7EAD52928CC7495BDCF0A00009800000001000000010000008C010304043F23F0DD03000020010C0000800100018002A8C08004000380060080800500028003000503000020020C0000800100018002A8C08004000380060080800500028003000503000020030C0000800100018002A8C08004000380060100800500028003000500000020040C0000800100018002A8C08004000380060100800500028003000504000014ADEB672BF376EA52B07F568DC258F70B050000C49785CB9D3C0B92780B79FD4E457BE180BD09F5E316F452C4F5869283782AC109C2603E18F7B6A76C860C28DF833FF451A776207CC76E7793288F820F6A318B783F772A321C2F21F95A8DA57E361792095444557B9604C22288BB061515DCEA36EC921E5422CDCB119F825875811796F580D3C92B2DB94C2A593B23CAA1232FA4ABA97734D472DD3E5216549C477A4CDC2EE95228D601DA24E5E8D3C635EBC0D00BA60EAB1835B5249D2BFF567B8EA1939E308E387A7DE6350F8F444D0CC4CE8D0500000C010000000A0A0A640B000010040000000000000000000000000000D70100000001007DF65645523D310A4643545645523D352E342E302E303738300A5549443D38353533334334333832303534454131423633333135423042434645394544370A49503D31302E302E322E3232350A4D41433D30302D32312D63632D63312D37382D37383B0A484F53543D746573740A555345523D736972616A0A4F535645523D4D6963726F736F66742057696E646F777320382E302050726F66657373696F6E616C2045646974696F6E2C2036342D62697420286275696C642039323030290A5245475F5354415455533D300A00D7B1CDD904 ike 0:Tunnel-1_0:117: received notify type 32246 ike 0:Tunnel-1_0:117:2504: FORTICLIENT-CONNECT received, license status = 32 ike 0:Tunnel-1_0:117:2504: FCC request len = 203, data = 'VER=1 FCTVER=5.4.0.0780 UID=85533C4382054EA1B63315B0BCFE9ED7 IP=10.0.2.225 MAC=00-21-cc-c1-78-78; HOST=test USER=test_user OSVER=Microsoft Windows 8.0 Professional Edition, 64-bit (build 9200) REG_STATUS=0 ' ike 0:Tunnel-1_0:117:2504: FCC reply len = 14, data = 'VER=1 CODE=0 ' ike 0:Tunnel-1_0:117:2504: peer proposal is: peer:0:10.10.10.100-10.10.10.100:0, me:0:0.0.0.0-255.255.255.255:0 ike 0:Tunnel-1_0:117:Tunnel-1:2504: trying ike 0:Tunnel-1_0:117:Tunnel-1:2504: matched phase2 ike 0:Tunnel-1_0:117:Tunnel-1:2504: dynamic client ike 0:Tunnel-1_0:117:Tunnel-1:2504: my proposal: ike 0:Tunnel-1_0:117:Tunnel-1:2504: proposal id = 1: ike 0:Tunnel-1_0:117:Tunnel-1:2504:   protocol id = IPSEC_ESP: ike 0:Tunnel-1_0:117:Tunnel-1:2504:   PFS DH group = 5 ike 0:Tunnel-1_0:117:Tunnel-1:2504:      trans_id = ESP_3DES ike 0:Tunnel-1_0:117:Tunnel-1:2504:      encapsulation = ENCAPSULATION_MODE_TUNNEL ike 0:Tunnel-1_0:117:Tunnel-1:2504:         type = AUTH_ALG, val=SHA1 ike 0:Tunnel-1_0:117:Tunnel-1:2504:      trans_id = ESP_AES (key_len = 128) ike 0:Tunnel-1_0:117:Tunnel-1:2504:      encapsulation = ENCAPSULATION_MODE_TUNNEL ike 0:Tunnel-1_0:117:Tunnel-1:2504:         type = AUTH_ALG, val=SHA1 ike 0:Tunnel-1_0:117:Tunnel-1:2504: incoming proposal: ike 0:Tunnel-1_0:117:Tunnel-1:2504: proposal id = 1: ike 0:Tunnel-1_0:117:Tunnel-1:2504:   protocol id = IPSEC_ESP: ike 0:Tunnel-1_0:117:Tunnel-1:2504:   PFS DH group = 5 ike 0:Tunnel-1_0:117:Tunnel-1:2504:      trans_id = ESP_AES (key_len = 128) ike 0:Tunnel-1_0:117:Tunnel-1:2504:      encapsulation = UDP_ENCAPSULATION_MODE_TUNNEL_RFC3947 ike 0:Tunnel-1_0:117:Tunnel-1:2504:         type = AUTH_ALG, val=SHA1 ike 0:Tunnel-1_0:117:Tunnel-1:2504:      trans_id = ESP_AES (key_len = 128) ike 0:Tunnel-1_0:117:Tunnel-1:2504:      encapsulation = UDP_ENCAPSULATION_MODE_TUNNEL_RFC3947 ike 0:Tunnel-1_0:117:Tunnel-1:2504:         type = AUTH_ALG, val=SHA1 ike 0:Tunnel-1_0:117:Tunnel-1:2504:      trans_id = ESP_AES (key_len = 256) ike 0:Tunnel-1_0:117:Tunnel-1:2504:      encapsulation = UDP_ENCAPSULATION_MODE_TUNNEL_RFC3947 ike 0:Tunnel-1_0:117:Tunnel-1:2504:         type = AUTH_ALG, val=SHA1 ike 0:Tunnel-1_0:117:Tunnel-1:2504:      trans_id = ESP_AES (key_len = 256) ike 0:Tunnel-1_0:117:Tunnel-1:2504:      encapsulation = UDP_ENCAPSULATION_MODE_TUNNEL_RFC3947 ike 0:Tunnel-1_0:117:Tunnel-1:2504:         type = AUTH_ALG, val=SHA1 ike 0:Tunnel-1_0:117:Tunnel-1:2504: negotiation result ike 0:Tunnel-1_0:117:Tunnel-1:2504: proposal id = 1: ike 0:Tunnel-1_0:117:Tunnel-1:2504:   protocol id = IPSEC_ESP: ike 0:Tunnel-1_0:117:Tunnel-1:2504:   PFS DH group = 5 ike 0:Tunnel-1_0:117:Tunnel-1:2504:      trans_id = ESP_AES (key_len = 128) ike 0:Tunnel-1_0:117:Tunnel-1:2504:      encapsulation = ENCAPSULATION_MODE_TUNNEL ike 0:Tunnel-1_0:117:Tunnel-1:2504:         type = AUTH_ALG, val=SHA1 ike 0:Tunnel-1_0:117:Tunnel-1:2504: set pfs=1536 ike 0:Tunnel-1_0:117:Tunnel-1:2504: using udp tunnel mode. ike 0:Tunnel-1_0:117:Tunnel-1:2504: add RESPONDER-LIFETIME 1800 seconds ike 0:Tunnel-1_0:117: enc 09817D1F6252837E371439C7CE5B61D908102001981E51440000018C010000182B779A8DCA37F15EE6AC2620349EDB5F2695EA490A00003800000001000000010000002C010304014C1B89D900000020010C0000800100018002A8C08004000380060080800500028003000504000014F6B62A1A6B6985899572F5B3997B8D20050000C42B7A3F7BF9A3F0F35E816F47FA7F99BC6834B939171EAAE390A6CAF204F4C124C6C758DF625DD064979C1B1F6FBF38AC1BE79BD6F8A47D6B51BA108483A6C005403B0A507794044263BB324010BDC9C6AF2CBF9DCDE83E2249840B394C9AA647D11AD1A0E580291DA93B6B1379439C4D03DF1308F50C1EF45FF25DFA2038E5A6252D57A44370CC1F1B48545C541938EE97C0BC9A2698417272A9146728152B7C19821A7ED3489E7270C3D09FECE188036FC9284FF4D2C987D5C4F16B29DE37250500000C010000000A0A0A640B0000100400000000000000000000000B00001C00000001030460004C1B89D9800100010002000400000708000000100100000001007DF8A9FE0101 ike 0:Tunnel-1_0:117: out 09817D1F6252837E371439C7CE5B61D908102001981E51440000019CB7816209F310E72AEABED7FEF674119C72326B2C088A66EDDF07010177625E40030E9ED48AFD11993516B8309C1461BE51550E9B92265DBD36B0AEDAC073808B68C092815606CF73824CCDE259296F7114180DD24D48B32696D1634C5464DEEF479F6BF0E4E40E567F56B0EBBB41E5844E062E8871728B460A8BE99FEA726B705A58200685B971EFE7A322F141167B19CB51EC48534416FBB39ECB40B4970D2A855D9C470D783ED558C6D72C0348DF12DDF32341C55DF8AD00FFCB21644FDFD9E5289896C72B987EF8D4CC72A7D02EF1E4F9487339344A787450A654661F934DE8FF82050E3185805D3351F9A07FF0204B7C822503D88473256EABD632A30FDC8E257A078B9F8AC8EAD29DA2473768C2771F96A3D2862363950EFD2B35C2EFC85CC96EDC3FCB331C26C68A26AC8CBBC445CE91E59BE51877E36DA98C29C863CBD62112BFBE88671C838CE40BD7C07C6A17416FA07927AD790B914B432423C3450A9C66B37E8F4BF008848C25818FA38BE01F36A952A1E7023D134AB7DE0EC6D6 ike 0:Tunnel-1_0:117: sent IKE msg (quick_r1send): "firewall wan interface ":4500->"client public ip ":4500, len=412, id=09817d1f6252837e/371439c7ce5b61d9:981e5144 ike 0: comes "client public ip ":4500->"firewall wan interface ":4500,ifindex=5.... ike 0: IKEv1 exchange=Quick id=09817d1f6252837e/371439c7ce5b61d9:981e5144 len=60 ike 0: in 09817D1F6252837E371439C7CE5B61D908102001981E51440000003C35198771279A6A5CAA7525ADCD8D72BC1C49D4461DE29E95C671E9E85D1A4F8B ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D908102001981E51440000003C000000186FBC9585FCDD4FED0D31CA2EF6AED474A595EAFCB0F3FFF782DECF07 ike 0:Tunnel-1_0:117: enc 09817D1F6252837E371439C7CE5B61D908102001981E51440000004E0B00001867DFB9106831661E9193BC9613E417ABED8B96EB0000001A0000000101007DF75645523D310A434F44453D300A00 ike 0:Tunnel-1_0:117: out 09817D1F6252837E371439C7CE5B61D908102001981E51440000005C0703149FC8E573D653775A5DC0397A0451A6FBC0B6068F89BF569374862497527E333D3CD7F11FCE677BB9EF1FE01ACAA927A18F52CBA5E87F25EDA800151F72 ike 0:Tunnel-1_0:117: sent IKE msg (quick_r2send): "firewall wan interface ":4500->"client public ip ":4500, len=92, id=09817d1f6252837e/371439c7ce5b61d9:981e5144 ike 0:Tunnel-1_0:117:Tunnel-1:2504: replay protection enabled ike 0:Tunnel-1_0:117:Tunnel-1:2504: SA life soft seconds=1785. ike 0:Tunnel-1_0:117:Tunnel-1:2504: SA life hard seconds=1800. ike 0:Tunnel-1_0:117:Tunnel-1:2504: IPsec SA selectors #src=1 #dst=1 ike 0:Tunnel-1_0:117:Tunnel-1:2504: src 0 7 0:0.0.0.0-255.255.255.255:0 ike 0:Tunnel-1_0:117:Tunnel-1:2504: dst 0 7 0:10.10.10.100-10.10.10.100:0 ike 0:Tunnel-1_0:117:Tunnel-1:2504: add dynamic IPsec SA selectors ike 0:Tunnel-1_0:2504: add route 10.10.10.100/255.255.255.255 oif Tunnel-1_0(86) metric 1 priority 0 ike 0:Tunnel-1_0:117:Tunnel-1:2504: tunnel 1 of VDOM limit 0/0 ike 0:Tunnel-1_0:117:Tunnel-1:2504: add IPsec SA: SPIs=4c1b89d9/3f23f0dd ike 0:Tunnel-1_0:117:Tunnel-1:2504: IPsec SA dec spi 4c1b89d9 key 16:9DE645A416D5B95ABA83CD466B09C2C9 auth 20:9752C5B49658993111AE0611B32B917B3816492E ike 0:Tunnel-1_0:117:Tunnel-1:2504: IPsec SA enc spi 3f23f0dd key 16:99DD7868C8554FFFA623830AFB973161 auth 20:4FF3CA81E819C6CC0CAB637DF37453930D4A9A78 ike 0:Tunnel-1_0:117:Tunnel-1:2504: added IPsec SA: SPIs=4c1b89d9/3f23f0dd ike 0:Tunnel-1_0:117:Tunnel-1:2504: sending SNMP tunnel UP trap ike 0: comes "client public ip ":4500->"firewall wan interface ":4500,ifindex=5.... ike 0: IKEv1 exchange=Informational id=09817d1f6252837e/371439c7ce5b61d9:91081d2c len=92 ike 0: in 09817D1F6252837E371439C7CE5B61D90810050191081D2C0000005C59D8C03C917D4F7E909C2E456B7E352E84FFE312153497432463E0927FA9D387A71AE5F2F688900623266CCEFA2FF6C6BFC2741E6CB7850A9F9F6A06EE2518AC ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D90810050191081D2C0000005C0B0000188575F01079775A7D624986FE854E8B91F5B8EDB6000000200000000101108D2809817D1F6252837E371439C7CE5B61D9000009DE92C4D693B99DBC07 ike 0:Tunnel-1_0:117: notify msg received: R-U-THERE ike 0:Tunnel-1_0:117: enc 09817D1F6252837E371439C7CE5B61D908100501DE1E4D47000000540B0000182F9A13358846A3BCE8D58E4777DBB53BAA41A510000000200000000101108D2909817D1F6252837E371439C7CE5B61D9000009DE ike 0:Tunnel-1_0:117: out 09817D1F6252837E371439C7CE5B61D908100501DE1E4D470000005C377EF08CBB387BF2DDCAD1DBA9545DCC8760C2375CEF6B5C0E22FCFBA6E79482E9ED27AD6BD51FC7CF8EFD7FDD834B43C988976A4A700F0758F5CB9D61C46F68 ike 0:Tunnel-1_0:117: sent IKE msg (R-U-THERE-ACK): "firewall wan interface ":4500->"client public ip ":4500, len=92, id=09817d1f6252837e/371439c7ce5b61d9:de1e4d47 ike 0: comes "client public ip ":4500->"firewall wan interface ":4500,ifindex=5.... ike 0: IKEv1 exchange=Informational id=09817d1f6252837e/371439c7ce5b61d9:a84d3007 len=92 ike 0: in 09817D1F6252837E371439C7CE5B61D908100501A84D30070000005C917D9D7F7F6E74D6E8A2F6617FD65CD1A4951C836E34B5435F23BE2B0CA917848A5179FC718018FC56E0EBBBC55CE1442D187E302EE9E300C32275245E4E12A4 ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D908100501A84D30070000005C0B000018A2D8861D60A4B4E1929A3DCBFE52B9922FD61B00000000200000000101108D2809817D1F6252837E371439C7CE5B61D9000009DFFDA09DE494B19507 ike 0:Tunnel-1_0:117: notify msg received: R-U-THERE ike 0:Tunnel-1_0:117: enc 09817D1F6252837E371439C7CE5B61D908100501C14929C4000000540B0000186AB71F902DBC07008C62C7641987BF80E80BAC5F000000200000000101108D2909817D1F6252837E371439C7CE5B61D9000009DF ike 0:Tunnel-1_0:117: out 09817D1F6252837E371439C7CE5B61D908100501C14929C40000005C0CFD43DD6216B4D72A818585C28980B4224EFC2B39768CD47B80D592A1ED4809A46DDD4CDB92CD4E904D0B1C266E93D56EFAB11AAD7279AACF88E2642138EBE2 ike 0:Tunnel-1_0:117: sent IKE msg (R-U-THERE-ACK): "firewall wan interface ":4500->"client public ip ":4500, len=92, id=09817d1f6252837e/371439c7ce5b61d9:c14929c4 ike 0: comes "client public ip ":4500->"firewall wan interface ":4500,ifindex=5.... ike 0: IKEv1 exchange=Informational id=09817d1f6252837e/371439c7ce5b61d9:bda9a408 len=92 ike 0: in 09817D1F6252837E371439C7CE5B61D908100501BDA9A4080000005CE12156FEF056EEC7DDAC2D81EF55D089313BC8A67F1AC9E0DCA85218DBAFE0B09C8AFC5D170E9206FD5441FEC4B39FD18C70D6DC84C99D1B7C9485F6468DA8D7 ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D908100501BDA9A4080000005C0B0000189969ED9A251054940C527786EBF5E731494E7879000000200000000101108D2809817D1F6252837E371439C7CE5B61D9000009E0FDDD93EA89D88A07 ike 0:Tunnel-1_0:117: notify msg received: R-U-THERE ike 0:Tunnel-1_0:117: enc 09817D1F6252837E371439C7CE5B61D90810050141AFE219000000540B000018CD193058CCB70633CCAE340028DBFC1301EC70D3000000200000000101108D2909817D1F6252837E371439C7CE5B61D9000009E0 ike 0:Tunnel-1_0:117: out 09817D1F6252837E371439C7CE5B61D90810050141AFE2190000005C2B3B61D3BCF970B8B1B946F1588E6241107B1C84B7C78EC7450C608FDEA2BEB684B25D7BCB532D4C449A385348822F142A28A4970D1E3D5127B608C1DDD485F8 ike 0:Tunnel-1_0:117: sent IKE msg (R-U-THERE-ACK): "firewall wan interface ":4500->"client public ip ":4500, len=92, id=09817d1f6252837e/371439c7ce5b61d9:41afe219 ike 0: comes "client public ip ":4500->"firewall wan interface ":4500,ifindex=5.... ike 0: IKEv1 exchange=Informational id=09817d1f6252837e/371439c7ce5b61d9:a6023eac len=92 ike 0: in 09817D1F6252837E371439C7CE5B61D908100501A6023EAC0000005C087FA296698C3DA646FD62ABCBFC1FE95A56C86F33EA22D1B0DA0F712613D4A30111C14FE3CC4F7CA41C79196FEF893E86C134F5C9D5417F290E6EC698C050B5 ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D908100501A6023EAC0000005C0B0000185754132BC0443E754B0003F103D69BB70286C81E000000200000000101108D2809817D1F6252837E371439C7CE5B61D9000009E1D3E5AC899396AF07 ike 0:Tunnel-1_0:117: notify msg received: R-U-THERE ike 0:Tunnel-1_0:117: enc 09817D1F6252837E371439C7CE5B61D9081005013ADF616F000000540B0000183822B1097264B5D88E870DA6CCECDE884D1EE6FD000000200000000101108D2909817D1F6252837E371439C7CE5B61D9000009E1 ike 0:Tunnel-1_0:117: out 09817D1F6252837E371439C7CE5B61D9081005013ADF616F0000005C63AF57C78DA4380D31EA1FE2F5E26883381721D559A4FAD087DA63D3E8D4CA325526F066185CC74834D157DC1BF4A8F77E1BE339D1ACEB7C7CED5ED5E2A4002B ike 0:Tunnel-1_0:117: sent IKE msg (R-U-THERE-ACK): "firewall wan interface ":4500->"client public ip ":4500, len=92, id=09817d1f6252837e/371439c7ce5b61d9:3adf616f ike 0: comes "client public ip ":4500->"firewall wan interface ":4500,ifindex=5.... ike 0: IKEv1 exchange=Informational id=09817d1f6252837e/371439c7ce5b61d9:fbd1290b len=92 ike 0: in 09817D1F6252837E371439C7CE5B61D908100501FBD1290B0000005C5AD02858795CBC75BBCCA253F8F9971CABD489120AF44D700E0C03D75AE55282D40DD48E390548A3720E52A40AAF0FA3A76957FFAD8CCEB4D38F58F2E95FE342 ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D908100501FBD1290B0000005C0B00001807EE4148A0B878B7A5C4BEF460084BBC93AF6FC8000000200000000101108D2809817D1F6252837E371439C7CE5B61D9000009E2998F8886C1D4A907 ike 0:Tunnel-1_0:117: notify msg received: R-U-THERE ike 0:Tunnel-1_0:117: enc 09817D1F6252837E371439C7CE5B61D908100501963BEB63000000540B000018FCEAB5C250EE8360B319F0506BA147FDD7946C50000000200000000101108D2909817D1F6252837E371439C7CE5B61D9000009E2 ike 0:Tunnel-1_0:117: out 09817D1F6252837E371439C7CE5B61D908100501963BEB630000005CDBCD4AEE30EB58AFB5069B866E0CEBF08225C9BD81F097751EE01FE21DB16E2C5DE8BE6D079329784E252DD9809A9D70CFCC1B88FF7218E2A1C559714A44B28A ike 0:Tunnel-1_0:117: sent IKE msg (R-U-THERE-ACK): "firewall wan interface ":4500->"client public ip ":4500, len=92, id=09817d1f6252837e/371439c7ce5b61d9:963beb63 ike 0: comes "client public ip ":4500->"firewall wan interface ":4500,ifindex=5.... ike 0: IKEv1 exchange=Informational id=09817d1f6252837e/371439c7ce5b61d9:a70cc6da len=92 ike 0: in 09817D1F6252837E371439C7CE5B61D908100501A70CC6DA0000005C6779DC5F6446380E2B70C6EE68E4AA09CF07F5004E237F4801A61CCBC6348A70E9911E18796552BF4BB4B9937F45281801E0F6FB83A05905FB488A3270235409 ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D908100501A70CC6DA0000005C0B000018463B4E2D0DF699BA013E5A011D44F09A11806876000000200000000101108D2809817D1F6252837E371439C7CE5B61D9000009E3D7F8EFEB95BD8007 ike 0:Tunnel-1_0:117: notify msg received: R-U-THERE ike 0:Tunnel-1_0:117: enc 09817D1F6252837E371439C7CE5B61D908100501AA7C10F8000000540B0000188F05818223806C68700B367EF6B3AD53180C2F24000000200000000101108D2909817D1F6252837E371439C7CE5B61D9000009E3 ike 0:Tunnel-1_0:117: out 09817D1F6252837E371439C7CE5B61D908100501AA7C10F80000005C0DD7EB0462262E60EB626152994D1442E38ED55D9C59161995B8628B92CBFE3BBFBA7DB8EC15B83335655E2473095E3B25B81E6A2A65534D952102781BE683E2 ike 0:Tunnel-1_0:117: sent IKE msg (R-U-THERE-ACK): "firewall wan interface ":4500->"client public ip ":4500, len=92, id=09817d1f6252837e/371439c7ce5b61d9:aa7c10f8 ike 0: comes "client public ip ":4500->"firewall wan interface ":4500,ifindex=5.... ike 0: IKEv1 exchange=Informational id=09817d1f6252837e/371439c7ce5b61d9:eb72b2c5 len=92 ike 0: in 09817D1F6252837E371439C7CE5B61D908100501EB72B2C50000005C636A306F65BB09BF953B915CED9DB2D6FBEB3DECE7B3F6BD884752849F46CDA6763B9CAB6C4847F2A1899A748C854D987CFB69591CAB684DD1DBD5B65D8F66D8 ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D908100501EB72B2C50000005C0B000018BC2FB9C647C21B7467C5147B350A5C39CCE16C80000000200000000101108D2809817D1F6252837E371439C7CE5B61D9000009E4C3B6E4EDE2EA8507 ike 0:Tunnel-1_0:117: notify msg received: R-U-THERE ike 0:Tunnel-1_0:117: enc 09817D1F6252837E371439C7CE5B61D908100501C59EC588000000540B000018CBD88DFCC9ACFE723C67802C92FF11D4E6837794000000200000000101108D2909817D1F6252837E371439C7CE5B61D9000009E4 ike 0:Tunnel-1_0:117: out 09817D1F6252837E371439C7CE5B61D908100501C59EC5880000005CEEA2AB2E1C5482FD58E6EFB601EAE441E70EFF234199D2D7C6ABEBA4D777E339D1B1134AE41D20A6935739D9C2925952C919763D51BC6B6E7302D24CD5B533C4 ike 0:Tunnel-1_0:117: sent IKE msg (R-U-THERE-ACK): "firewall wan interface ":4500->"client public ip ":4500, len=92, id=09817d1f6252837e/371439c7ce5b61d9:c59ec588 ike 0: comes "client public ip ":4500->"firewall wan interface ":4500,ifindex=5.... ike 0: IKEv1 exchange=Informational id=09817d1f6252837e/371439c7ce5b61d9:acbb10bb len=92 ike 0: in 09817D1F6252837E371439C7CE5B61D908100501ACBB10BB0000005C51F1E89D04E4DB17B122DEB5F32B780486CA18378D97B3B5FA872CA5D40B5EB15488D6EC2C84AA7141E19E6D357B042375FBD467E0A4BE4E32E6697381399D03 ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D908100501ACBB10BB0000005C0B000018B3EF66971F8F0246EB339EBD22AD8A40EB7E4AE9000000200000000101108D2809817D1F6252837E371439C7CE5B61D9000009E5FBE3DCBF8AF8AF07 ike 0:Tunnel-1_0:117: notify msg received: R-U-THERE ike 0:Tunnel-1_0:117: enc 09817D1F6252837E371439C7CE5B61D908100501C8FAED15000000540B00001820B6C65EA53996C9E4B947954AAAA3653E3DE38F000000200000000101108D2909817D1F6252837E371439C7CE5B61D9000009E5 ike 0:Tunnel-1_0:117: out 09817D1F6252837E371439C7CE5B61D908100501C8FAED150000005C66248BCE75A842E28D405B36AF9EF5817A05531AA80ACBD57A29DD27D8540E3B0A04739D9E1C602DE8692F8BC0A93755AADA57C8D2CB01A506635F5B21B1F9B7 ike 0:Tunnel-1_0:117: sent IKE msg (R-U-THERE-ACK): "firewall wan interface ":4500->"client public ip ":4500, len=92, id=09817d1f6252837e/371439c7ce5b61d9:c8faed15 ike 0: comes "client public ip ":4500->"firewall wan interface ":4500,ifindex=5.... ike 0: IKEv1 exchange=Informational id=09817d1f6252837e/371439c7ce5b61d9:ce912623 len=92 ike 0: in 09817D1F6252837E371439C7CE5B61D908100501CE9126230000005C011CE540AEA01880B46DF20B9F0E8A753B94F1FC7C547C78D61AEE8BFECE6A200685BBF8B7AA5D152C6F41B471544D46AC540184A3B55C7BBFBF47F9643EDCB4 ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D908100501CE9126230000005C0B00001865FFE0BC88CB73A486EB1F44DAC1041DC39B57D8000000200000000101108D2809817D1F6252837E371439C7CE5B61D9000009E6A2D1D9CFF0FF9F07 ike 0:Tunnel-1_0:117: notify msg received: R-U-THERE ike 0:Tunnel-1_0:117: enc 09817D1F6252837E371439C7CE5B61D908100501BC73481D000000540B0000188C2DCC38DEB0EABF966EB55FC2375567D45B1F44000000200000000101108D2909817D1F6252837E371439C7CE5B61D9000009E6 ike 0:Tunnel-1_0:117: out 09817D1F6252837E371439C7CE5B61D908100501BC73481D0000005CFFE0B512B0BA824EE2968AB8042EB4BAF91240F90AA807536D63F42BFBE596215F978572BFEB5233B5D4192A784510675D2403F4A788162E4B17962A16FE14B7 ike 0:Tunnel-1_0:117: sent IKE msg (R-U-THERE-ACK): "firewall wan interface ":4500->"client public ip ":4500, len=92, id=09817d1f6252837e/371439c7ce5b61d9:bc73481d ike 0: comes "client public ip ":4500->"firewall wan interface ":4500,ifindex=5.... ike 0: IKEv1 exchange=Informational id=09817d1f6252837e/371439c7ce5b61d9:d56ed79a len=92 ike 0: in 09817D1F6252837E371439C7CE5B61D908100501D56ED79A0000005C6E3BBC06EE6CDAC9FCFF6390CD77564984B9C1C6E06DCD45A2382183E330D570552FFED564B36DB5E09CF9D9265FF043A6EF05F793C6FC9851AB141EC24D2724 ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D908100501D56ED79A0000005C0B000018E65E21B8BC367F61F8AE95E4740B8C1F5DEB53BE000000200000000101108D2809817D1F6252837E371439C7CE5B61D9000009E793D7BBACAEAA9207 ike 0:Tunnel-1_0:117: notify msg received: R-U-THERE ike 0:Tunnel-1_0:117: enc 09817D1F6252837E371439C7CE5B61D9081005011E92B7A3000000540B0000188E69F9494177A38BFA58178A7DA444ADD8908971000000200000000101108D2909817D1F6252837E371439C7CE5B61D9000009E7 ike 0:Tunnel-1_0:117: out 09817D1F6252837E371439C7CE5B61D9081005011E92B7A30000005CC8E71B5634B343C1EEE40B3CBA74A6931873EF0EFCABF0DD28D7999D5568B2685ED3DF169061B9B47ECBAE6B49B5BF496AE6CD1AEA058FFD1194B3FCD3B47476 ike 0:Tunnel-1_0:117: sent IKE msg (R-U-THERE-ACK): "firewall wan interface ":4500->"client public ip ":4500, len=92, id=09817d1f6252837e/371439c7ce5b61d9:1e92b7a3 ike 0: comes "client public ip ":4500->"firewall wan interface ":4500,ifindex=5.... ike 0: IKEv1 exchange=Informational id=09817d1f6252837e/371439c7ce5b61d9:96e418c3 len=92 ike 0: in 09817D1F6252837E371439C7CE5B61D90810050196E418C30000005CAFCDC0B15B187258DF3B905A82B61F696E9F70AE523F8D2798DC7189106F1336172A7D78163B5C94E2AD0FBE7D2FF3430BCF40F2D8D8116B7F97662E6BBB8E0B ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D90810050196E418C30000005C0B0000184A8672C50158970981FFE2F7373E5FA91C86C451000000200000000101108D2809817D1F6252837E371439C7CE5B61D9000009E8DCACE2C4B2D99007 ike 0:Tunnel-1_0:117: notify msg received: R-U-THERE ike 0:Tunnel-1_0:117: enc 09817D1F6252837E371439C7CE5B61D9081005017C1294A4000000540B000018BCE009D9C4A16AFBD25A02C556BE3B0C232AF057000000200000000101108D2909817D1F6252837E371439C7CE5B61D9000009E8 ike 0:Tunnel-1_0:117: out 09817D1F6252837E371439C7CE5B61D9081005017C1294A40000005CD516A2F5D5352C46D8A2F814E72EA1083A14F9FF05044C34A7430D8A6DB5B31888F2840FA5C0C4E0F8855F25E777A1F3FB3D6DC784A90ED3C5688668A4F1C0BD ike 0:Tunnel-1_0:117: sent IKE msg (R-U-THERE-ACK): "firewall wan interface ":4500->"client public ip ":4500, len=92, id=09817d1f6252837e/371439c7ce5b61d9:7c1294a4 ike 0: comes "client public ip ":4500->"firewall wan interface ":4500,ifindex=5.... ike 0: IKEv1 exchange=Informational id=09817d1f6252837e/371439c7ce5b61d9:8d29235e len=92 ike 0: in 09817D1F6252837E371439C7CE5B61D9081005018D29235E0000005CE4023B8CA886A9D6A47381A6AB7D226EB1D89E79E82F15165FAE44710EC3D545E163C72DE933C52077D1E7D0314C8BA23E7BFA0013D43B082A67157B87E285A7 ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D9081005018D29235E0000005C0B00001885C7E4A6CBAE503831C530B6B63E9E7DA6AE6E47000000200000000101108D2809817D1F6252837E371439C7CE5B61D9000009E9A5CCD9E0D8AACB07 ike 0:Tunnel-1_0:117: notify msg received: R-U-THERE ike 0:Tunnel-1_0:117: enc 09817D1F6252837E371439C7CE5B61D9081005016EDE33BB000000540B000018F82FAD125333DD2713A69FC831B7D4C1DFA77983000000200000000101108D2909817D1F6252837E371439C7CE5B61D9000009E9 ike 0:Tunnel-1_0:117: out 09817D1F6252837E371439C7CE5B61D9081005016EDE33BB0000005C1D3C0685D2117FC8542D960BCF068D37A3F8BCFC113A3FB991FA45D246920733609530D4181EFF318FDFC002E129CEDE02A305262D8F4E79518C5C8C5E7E6D5A ike 0:Tunnel-1_0:117: sent IKE msg (R-U-THERE-ACK): "firewall wan interface ":4500->"client public ip ":4500, len=92, id=09817d1f6252837e/371439c7ce5b61d9:6ede33bb ike 0: comes "client public ip ":4500->"firewall wan interface ":4500,ifindex=5.... ike 0: IKEv1 exchange=Informational id=09817d1f6252837e/371439c7ce5b61d9:ff32d644 len=92 ike 0: in 09817D1F6252837E371439C7CE5B61D908100501FF32D6440000005CBB3AA07ADA98542F9D77C36F003DAF4D668281A3E32A39376D648E2CBDC5307026B01A9833F9D21DA115C830C4286E1279FC8B41A450DC480A98AA26F33C1760 ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D908100501FF32D6440000005C0B00001877523BC5587AA4175695DB19771B6302579477F6000000200000000101108D2809817D1F6252837E371439C7CE5B61D9000009EAA4E4CABBB0B1B307 ike 0:Tunnel-1_0:117: notify msg received: R-U-THERE ike 0:Tunnel-1_0:117: enc 09817D1F6252837E371439C7CE5B61D9081005016BEA598C000000540B00001863D4AB4F40F81B2BE189BFA19A9D1E92FC0D8EC6000000200000000101108D2909817D1F6252837E371439C7CE5B61D9000009EA ike 0:Tunnel-1_0:117: out 09817D1F6252837E371439C7CE5B61D9081005016BEA598C0000005CFA2ADA2793F3ED7ABA08C20E42984794F47E255B4A1CD55AA8C3F99044C4EC50AA9494E2920D93F7C9FA6A7231459DDE80761A7C145A0E369CF08B69D54ED4F1 ike 0:Tunnel-1_0:117: sent IKE msg (R-U-THERE-ACK): "firewall wan interface ":4500->"client public ip ":4500, len=92, id=09817d1f6252837e/371439c7ce5b61d9:6bea598c ike 0: comes "client public ip ":4500->"firewall wan interface ":4500,ifindex=5.... ike 0: IKEv1 exchange=Informational id=09817d1f6252837e/371439c7ce5b61d9:9764fc97 len=92 ike 0: in 09817D1F6252837E371439C7CE5B61D9081005019764FC970000005C7070CA264CFF2E24E959145550874B2D5D5D43B9E981413D5BEE273219910E5EB3589B3CFC39B5CE190B367100F6E59E770DC9CC16A129599B736039E4320F08 ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D9081005019764FC970000005C0B000018872E62660879B39723C32EF634D9E8857E4398D3000000200000000101108D2809817D1F6252837E371439C7CE5B61D9000009EBB8D9A391F3E2DC07 ike 0:Tunnel-1_0:117: notify msg received: R-U-THERE ike 0:Tunnel-1_0:117: enc 09817D1F6252837E371439C7CE5B61D908100501DA48AF99000000540B000018106B2C5586EC591758A2B271B8BBFDEE755223E8000000200000000101108D2909817D1F6252837E371439C7CE5B61D9000009EB ike 0:Tunnel-1_0:117: out 09817D1F6252837E371439C7CE5B61D908100501DA48AF990000005C60FED8C3D083F63D1F0AFB227686C245F5DC48274D1CA028DBEF991E0F7F31C7D7E0295FB9F5AB61589A5210ED661BC3880D2C353C613BED53CF7CEAA0B427BA ike 0:Tunnel-1_0:117: sent IKE msg (R-U-THERE-ACK): "firewall wan interface ":4500->"client public ip ":4500, len=92, id=09817d1f6252837e/371439c7ce5b61d9:da48af99 ike 0: comes "client public ip ":4500->"firewall wan interface ":4500,ifindex=5.... ike 0: IKEv1 exchange=Informational id=09817d1f6252837e/371439c7ce5b61d9:bb6d4193 len=92 ike 0: in 09817D1F6252837E371439C7CE5B61D908100501BB6D41930000005C4BFA73522A6BE823ACBD7F15F4F9D825725EE01DE030021E8E42792FA4A41F53DAB3011CD7FA8BCDBA96A46A92C67E111A6497F15ED092BDFD20C36B82145AE0 ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D908100501BB6D41930000005C0B000018F29221A086629C9C7D2188FEF105C6E9EB07348D000000200000000101108D2809817D1F6252837E371439C7CE5B61D9000009ECCFB2B8DED9C3F907 ike 0:Tunnel-1_0:117: notify msg received: R-U-THERE ike 0:Tunnel-1_0:117: enc 09817D1F6252837E371439C7CE5B61D9081005018566E3BF000000540B000018B198AD155A31F4D60B4621AC4DB25252D87626CB000000200000000101108D2909817D1F6252837E371439C7CE5B61D9000009EC ike 0:Tunnel-1_0:117: out 09817D1F6252837E371439C7CE5B61D9081005018566E3BF0000005C9980523AC6BE6E4E805E21C1C04DD1E6119F56BB36C547BD34580230AD4962D74A8225DA527D78FBB73490B516E06FF3AC77159E10617C8149C7B716D9495B93 ike 0:Tunnel-1_0:117: sent IKE msg (R-U-THERE-ACK): "firewall wan interface ":4500->"client public ip ":4500, len=92, id=09817d1f6252837e/371439c7ce5b61d9:8566e3bf ike 0: comes "client public ip ":4500->"firewall wan interface ":4500,ifindex=5.... ike 0: IKEv1 exchange=Informational id=09817d1f6252837e/371439c7ce5b61d9:e43a8e41 len=92 ike 0: in 09817D1F6252837E371439C7CE5B61D908100501E43A8E410000005CAEA5CC49C9726AC7BB66AFB5FACDBBD08B17B4534E2DA5FE7786FCC2301692B6C98F33CE97C47ABE1216F42B4BFEA79CB4AC6D7BA4327B3A1939F58B52A4D8C8 ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D908100501E43A8E410000005C0B000018E47B2F36B6960284A00196C394993B3145E63935000000200000000101108D2809817D1F6252837E371439C7CE5B61D9000009EDD2D595DD8BB2E007 ike 0:Tunnel-1_0:117: notify msg received: R-U-THERE ike 0:Tunnel-1_0:117: enc 09817D1F6252837E371439C7CE5B61D908100501E64A1559000000540B000018BD2F7DCDC171C10C24E08F0C72787966B2AC0C74000000200000000101108D2909817D1F6252837E371439C7CE5B61D9000009ED ike 0:Tunnel-1_0:117: out 09817D1F6252837E371439C7CE5B61D908100501E64A15590000005CDF6671BFFBCC44E91A2B8F808AE201463537FD97A4D43CE1094F5EF0497D131BF39009C618BC796C8CF7E9853E5624C74FF59FD4DF97D92F5BA719BAB73A27A7 ike 0:Tunnel-1_0:117: sent IKE msg (R-U-THERE-ACK): "firewall wan interface ":4500->"client public ip ":4500, len=92, id=09817d1f6252837e/371439c7ce5b61d9:e64a1559 ike 0:Tunnel-1_0: link is idle 5 "firewall wan interface "->"client public ip ":4500 dpd=1 seqno=1 ike 0:Tunnel-1_0:117: send IKEv1 DPD probe, seqno 1 ike 0:Tunnel-1_0:117: enc 09817D1F6252837E371439C7CE5B61D908100501B6A98F7F000000540B000018A3B18DE6C54260C844A5E6D9E6262DA8CAEA24D4000000200000000101108D2809817D1F6252837E371439C7CE5B61D900000001 ike 0:Tunnel-1_0:117: out 09817D1F6252837E371439C7CE5B61D908100501B6A98F7F0000005C6DDC6E5915BB59D18CF54F99FA896C8E206B0454D2BB9954CC210EA9747864C238562CC5EF8BEF16F20139C858929DAD67CA0A15ABBD0DAE6C1807029FF3C9FE ike 0:Tunnel-1_0:117: sent IKE msg (R-U-THERE): "firewall wan interface ":4500->"client public ip ":4500, len=92, id=09817d1f6252837e/371439c7ce5b61d9:b6a98f7f ike 0: comes "client public ip ":4500->"firewall wan interface ":4500,ifindex=5.... ike 0: IKEv1 exchange=Informational id=09817d1f6252837e/371439c7ce5b61d9:ec92b26a len=92 ike 0: in 09817D1F6252837E371439C7CE5B61D908100501EC92B26A0000005CED63B5ABB2971FBC6B8579E49E91D0B99E994968D48D22493B100EB8B00DCFB1C48EAAC778090691A85F8FA4D0911F2C7023727E4E7EE3FA6E3A2D983B74EE51 ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D908100501EC92B26A0000005C0B00001836A5AC5D9170D3E3EB250A34A3AA1610B0D6E03C000000200000000101108D2809817D1F6252837E371439C7CE5B61D9000009EEEDD5D296DBBCEB07 ike 0:Tunnel-1_0:117: notify msg received: R-U-THERE ike 0:Tunnel-1_0:117: enc 09817D1F6252837E371439C7CE5B61D908100501487557A4000000540B000018696D25EB9530FEEFF500F29CD6C85801296E41DF000000200000000101108D2909817D1F6252837E371439C7CE5B61D9000009EE ike 0:Tunnel-1_0:117: out 09817D1F6252837E371439C7CE5B61D908100501487557A40000005CBDC039DC11EBE49E99B6D7FF9BF2CC2725FCDA980BFDF9FA2ADD6385CCA767EB3EC560DC744927AD3BD154DD9D9981EC4749AEAF918E7618EA85FAFA1578FA82 ike 0:Tunnel-1_0:117: sent IKE msg (R-U-THERE-ACK): "firewall wan interface ":4500->"client public ip ":4500, len=92, id=09817d1f6252837e/371439c7ce5b61d9:487557a4 ike 0: comes "client public ip ":4500->"firewall wan interface ":4500,ifindex=5.... ike 0: IKEv1 exchange=Informational id=09817d1f6252837e/371439c7ce5b61d9:eb7b94ba len=92 ike 0: in 09817D1F6252837E371439C7CE5B61D908100501EB7B94BA0000005CBAC021367B39EF531ACF71DAE5837A42523444D051C3F67F5152E9BB0FACA46C18B698EFC33CE892FED5F8B069BCD644787CC1BDB039DFE47F69839219E69023 ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D908100501EB7B94BA0000005C0B000018F934C33E999970791BDECB743D4B2EE41F825938000000200000000101108D2909817D1F6252837E371439C7CE5B61D900000001C9F0E79FB48DED07 ike 0:Tunnel-1_0:117: notify msg received: R-U-THERE-ACK ike 0: comes "client public ip ":4500->"firewall wan interface ":4500,ifindex=5.... ike 0: IKEv1 exchange=Informational id=09817d1f6252837e/371439c7ce5b61d9:d6479a40 len=92 ike 0: in 09817D1F6252837E371439C7CE5B61D908100501D6479A400000005C163972F529A8FD566122A28A443F51326DC9FF4194488431E1269DFAF1FDA4238BEAC8CFC6E1ACB12C19A6509DB690F8FF779FD9C13A315B629112AA3CC6422B ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D908100501D6479A400000005C0B00001843B83D8B9F2AE316E0C0A464391DEB21A45FDAFB000000200000000101108D2809817D1F6252837E371439C7CE5B61D9000009EFC39DCBB987F78E07 ike 0:Tunnel-1_0:117: notify msg received: R-U-THERE ike 0:Tunnel-1_0:117: enc 09817D1F6252837E371439C7CE5B61D9081005014BDACCF3000000540B00001868312E3121B97E0BB7D3BC141BDB5B75B6D6FF4D000000200000000101108D2909817D1F6252837E371439C7CE5B61D9000009EF ike 0:Tunnel-1_0:117: out 09817D1F6252837E371439C7CE5B61D9081005014BDACCF30000005C03122A0DC0DBD977F2D1AFF13B201C4F0F0C7F271EDA915128CA7F747517E40AD92C897CF295119F5746FAE7AF44804F2152AA23D69100F31BB06AAE6EF08123 ike 0:Tunnel-1_0:117: sent IKE msg (R-U-THERE-ACK): "firewall wan interface ":4500->"client public ip ":4500, len=92, id=09817d1f6252837e/371439c7ce5b61d9:4bdaccf3 ike 0: comes "client public ip ":4500->"firewall wan interface ":4500,ifindex=5.... ike 0: IKEv1 exchange=Informational id=09817d1f6252837e/371439c7ce5b61d9:9d525d10 len=92 ike 0: in 09817D1F6252837E371439C7CE5B61D9081005019D525D100000005C1F10F2EA07AE29D20DA5D5FE4BB48BB49B2804D0DC45A5EEC9A9A3E2C50FD056A642EEB4975D7A52E60F5F221A756962012A4E9DAF0594A64E7983A3ACD701EB ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D9081005019D525D100000005C0B000018C0D731F477909D0C6215E4876B67AF7BF80FE83E000000200000000101108D2809817D1F6252837E371439C7CE5B61D9000009F0DC82A99FAFDCD107 ike 0:Tunnel-1_0:117: notify msg received: R-U-THERE ike 0:Tunnel-1_0:117: enc 09817D1F6252837E371439C7CE5B61D908100501D68C03D0000000540B000018DC41C45C492A3E3D650CDAA00AED00D013F35EB3000000200000000101108D2909817D1F6252837E371439C7CE5B61D9000009F0 ike 0:Tunnel-1_0:117: out 09817D1F6252837E371439C7CE5B61D908100501D68C03D00000005C65FCEA9FBBF002B02A8C8DBF47CC70C2CB8159FD0A6C78621A7722173DEC9F89F1ABE6FFE9FB7B6C511733B793E657BF1E756DFA7A0D1C830C439FD7124EB252 ike 0:Tunnel-1_0:117: sent IKE msg (R-U-THERE-ACK): "firewall wan interface ":4500->"client public ip ":4500, len=92, id=09817d1f6252837e/371439c7ce5b61d9:d68c03d0 ike 0: comes "client public ip ":4500->"firewall wan interface ":4500,ifindex=5.... ike 0: IKEv1 exchange=Informational id=09817d1f6252837e/371439c7ce5b61d9:dff49c60 len=92 ike 0: in 09817D1F6252837E371439C7CE5B61D908100501DFF49C600000005CE839FCD9D7DC9D7A2944C26978E6AD7B7B4E83E0B518037D92253C8A5B1BAA99650F7D310AA063E458C9F04620EF7A158E84E13F6FE0B6F656FCEA65C5BF5BC4 ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D908100501DFF49C600000005C0B000018CBD9A447CA87854D5B706EEAEFEB0A4BEB077254000000200000000101108D2809817D1F6252837E371439C7CE5B61D9000009F1D5A0BBEAD0D6FF07 ike 0:Tunnel-1_0:117: notify msg received: R-U-THERE ike 0:Tunnel-1_0:117: enc 09817D1F6252837E371439C7CE5B61D9081005018EA3008E000000540B00001806E5E9EFBA7377834C7F7E867B63F09B5C580199000000200000000101108D2909817D1F6252837E371439C7CE5B61D9000009F1 ike 0:Tunnel-1_0:117: out 09817D1F6252837E371439C7CE5B61D9081005018EA3008E0000005C4DA867547AF10B6E55390A3533BE241A653A39CE47FA882C43A7E4C3CD84997DD42D64EB7CA942FE50E5AB20E59786CCB6669F2AFCFE21D81CF07BE53BB482A6 ike 0:Tunnel-1_0:117: sent IKE msg (R-U-THERE-ACK): "firewall wan interface ":4500->"client public ip ":4500, len=92, id=09817d1f6252837e/371439c7ce5b61d9:8ea3008e ike 0: comes "client public ip ":4500->"firewall wan interface ":4500,ifindex=5.... ike 0: IKEv1 exchange=Informational id=09817d1f6252837e/371439c7ce5b61d9:88249757 len=92 ike 0: in 09817D1F6252837E371439C7CE5B61D908100501882497570000005C2649C720F7716E53FA3CE14445577BB9CE92B17B23059C22CF1AF834F82F89E764F977CE7C4FC817FE8E957732589E18EA86FABE6EF7A0991E534AD1113AF33D ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D908100501882497570000005C0B000018EB8F7B9844BA6F53C40205BC01C7B9BCFA39A34E000000200000000101108D2809817D1F6252837E371439C7CE5B61D9000009F2AED28CBAD9C3B907 ike 0:Tunnel-1_0:117: notify msg received: R-U-THERE ike 0:Tunnel-1_0:117: enc 09817D1F6252837E371439C7CE5B61D9081005013C7A535B000000540B000018E0A92AC58A9BEC7080A6D7EC91D3A22C81AF8F8D000000200000000101108D2909817D1F6252837E371439C7CE5B61D9000009F2 ike 0:Tunnel-1_0:117: out 09817D1F6252837E371439C7CE5B61D9081005013C7A535B0000005C9CF2A6B45EC13FFC4D8A59AAA2E38DDE344F2F3552AF208B124EBA9115C09DFBAC4DB861CB92903F0DF2E1957694610EFDAB84A1E50DD009B42478FA04910E2D ike 0:Tunnel-1_0:117: sent IKE msg (R-U-THERE-ACK): "firewall wan interface ":4500->"client public ip ":4500, len=92, id=09817d1f6252837e/371439c7ce5b61d9:3c7a535b ike 0: comes "client public ip ":4500->"firewall wan interface ":4500,ifindex=5.... ike 0: IKEv1 exchange=Informational id=09817d1f6252837e/371439c7ce5b61d9:a682e281 len=92 ike 0: in 09817D1F6252837E371439C7CE5B61D908100501A682E2810000005C88CCB161D83B47A2639A019EEECEAB0A469F5F6D9D4BE882BED05DA6590979EE30C3AB54B6BA496554C3EF029DB176C3A6F2E3A84F34E0584B821B52656F0E01 ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D908100501A682E2810000005C0B000018C73BDD2411704C60302ED9AE126B1812548D4429000000200000000101108D2809817D1F6252837E371439C7CE5B61D9000009F3E6DBAFA3F6E2F507 ike 0:Tunnel-1_0:117: notify msg received: R-U-THERE ike 0:Tunnel-1_0:117: enc 09817D1F6252837E371439C7CE5B61D90810050178E70F62000000540B00001845B982CE47B6EF299654614125FD1128B5BC3463000000200000000101108D2909817D1F6252837E371439C7CE5B61D9000009F3 ike 0:Tunnel-1_0:117: out 09817D1F6252837E371439C7CE5B61D90810050178E70F620000005CCFA1E2CB257E6325D9F9363D2A316F77996C3B137F864E21CE6F7D09EEF2D7A64E926412858851AAC7D7A378FAF40814043FD61A279B4569F8009CB9B4A9E609 ike 0:Tunnel-1_0:117: sent IKE msg (R-U-THERE-ACK): "firewall wan interface ":4500->"client public ip ":4500, len=92, id=09817d1f6252837e/371439c7ce5b61d9:78e70f62 ike 0: comes "client public ip ":4500->"firewall wan interface ":4500,ifindex=5.... ike 0: IKEv1 exchange=Informational id=09817d1f6252837e/371439c7ce5b61d9:cac7f253 len=76 ike 0: in 09817D1F6252837E371439C7CE5B61D908100501CAC7F2530000004C7E06D2BB362AEDC3A82D96B4AD1CA2DD8DB9EFE97904C4D3523A299BB8A8C907E8B04223248454AB25582EEA060A69EF ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D908100501CAC7F2530000004C0C000018C03AC133A322EA94109AE3074D865BC020E756CB0000001000000001030400013F23F0DD98F4F8E5F5E7E807 ike 0:Tunnel-1_0:117: recv IPsec SA delete, spi count 1 ike 0:Tunnel-1_0: deleting IPsec SA with SPI 3f23f0dd ike 0:Tunnel-1_0:Tunnel-1: deleted IPsec SA with SPI 3f23f0dd, SA count: 0 ike 0:Tunnel-1_0: sending SNMP tunnel DOWN trap for Tunnel-1 ike 0:Tunnel-1_0:2504: del route 10.10.10.100/255.255.255.255 oif Tunnel-1_0(86) metric 1 priority 0 ike 0:Tunnel-1_0:Tunnel-1: delete ike 0: comes "client public ip ":4500->"firewall wan interface ":4500,ifindex=5.... ike 0: IKEv1 exchange=Informational id=09817d1f6252837e/371439c7ce5b61d9:c8f38e19 len=76 ike 0: in 09817D1F6252837E371439C7CE5B61D908100501C8F38E190000004C3CF8B60454C3A7C0DE1536E38A1055D4D783B444A2A71DE09B3DC6C720B76F56B8E75FC3565B2B408603466799CDA8FB ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D908100501C8F38E190000004C0C0000187DA5230FCBE15460FF574B56A214934475168DE10000001000000001030400013F23F0DDCB95A0B8F995DD07 ike 0:Tunnel-1_0:117: recv IPsec SA delete, spi count 1 ike 0:Tunnel-1_0: deleting IPsec SA with SPI 3f23f0dd ike 0:Tunnel-1_0: IPsec SA with SPI 3f23f0dd does not exist ike 0: comes "client public ip ":4500->"firewall wan interface ":4500,ifindex=5.... ike 0: IKEv1 exchange=Informational id=09817d1f6252837e/371439c7ce5b61d9:f0e67ffb len=92 ike 0: in 09817D1F6252837E371439C7CE5B61D908100501F0E67FFB0000005C923E4C4D5B2492B1C386B2D31F42AEFFA9780B293B36202756BD44483E2D5039611CBF1A6916CA8847197857C7EC4A70B2DCF42F0B3A3746CEDB2BB2A2AE4725 ike 0:Tunnel-1_0:117: dec 09817D1F6252837E371439C7CE5B61D908100501F0E67FFB0000005C0C000018D8F38A93C49FA0FEAE1ACBA488095D2AB929AC0C0000001C000000010110000109817D1F6252837E371439C7CE5B61D9A9D3FE9997F0928C92A6840B ike 0:Tunnel-1_0:117: recv ISAKMP SA delete 09817d1f6252837e/371439c7ce5b61d9 ike 0:Tunnel-1_0: deleting ike 0:Tunnel-1_0: flushing ike 0:Tunnel-1_0: sending SNMP tunnel DOWN trap ike 0:Tunnel-1_0: flushed ike 0:Tunnel-1_0: mode-cfg release 10.10.10.100/255.255.255.0 ike 0:Tunnel-1_0: delete dynamic ike 0:Tunnel-1_0: reset NAT-T ike 0:Tunnel-1_0: deleted exit

Thank you

[link]https://forum.fortinet.com/tm.aspx?m=133090[/link]

8486
0 Kudos
NotMine
Contributor II
In response to sims

Created on ‎02-20-2016 12:35 PM

Hello,

From what I can see in the debug output, the tunnel is indeed established. Have you configured the appropriate Firewall policies to allow incoming/outgoing traffic from and thru the VPN tunnel?

 

Cheers,

Slavko

NSE 7

All oppinions/statements written here are my own.

NSE 7 All oppinions/statements written here are my own.
8486
0 Kudos
sims
New Contributor III
In response to NotMine

Created on ‎02-20-2016 09:35 PM

Hi

Here is my policy 

Policy Type : Firewall Plicy Subtype : Address

Incoming Interface : Tunnel-1 Source address : Vpn _Client_Address Outgoing Interface : Inside Destination Address :Inside_local (host behind firewall )

Enable Nat: Yes

Thanks

 

8486
0 Kudos
NotMine
Contributor II
In response to sims

Created on ‎02-21-2016 01:08 AM

Hello,

 

Unfortunately, diag debug flow logs you've posted previously are not very helpful, because they do not contain session forming information. All of the traffic is going thru the session formed before the logging was enabled ("Find an existing session....").

 

Could you firs turn on debig flow and then bring up the tunnel?

 

Cheers,

Slavko

NSE 7

All oppinions/statements written here are my own.

NSE 7 All oppinions/statements written here are my own.
8486
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.