Change IPsec proposal to use md5 with aes. It should boost performance significantly. Default sha1 with 3des is very slow on these devices.
getting errors about dh group? is this a bug??? only working for me on ds3 right now
May/28/2013 14:15:47 ipsec,debug,packet ip: type=Life Type, flag=0x8000, lorv=seconds
May/28/2013 14:15:47 ipsec,debug,packet ip: type=Life Duration, flag=0x0000, lorv=4
May/28/2013 14:15:47 ipsec,debug ip: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#4) = AES-CBC:3DES-CBC
May/28/2013 14:15:47 ipsec,debug ip: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#4) = MD5:SHA
May/28/2013 14:15:47 ipsec,debug ip: rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#4) = 1024-bit MODP group:2048-bit MODP group
May/28/2013 14:15:47 ipsec,debug,packet ip: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
May/28/2013 14:15:47 ipsec,debug,packet ip: type=Hash Algorithm, flag=0x8000, lorv=SHA
May/28/2013 14:15:47 ipsec,debug,packet ip: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
May/28/2013 14:15:47 ipsec,debug,packet ip: type=Authentication Method, flag=0x8000, lorv=pre-shared key
May/28/2013 14:15:47 ipsec,debug,packet ip: type=Life Type, flag=0x8000, lorv=seconds
May/28/2013 14:15:47 ipsec,debug,packet ip: type=Life Duration, flag=0x0000, lorv=4
May/28/2013 14:15:47 ipsec,debug ip: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#5) = AES-CBC:3DES-CBC
May/28/2013 14:15:47 ipsec,debug ip: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#5) = MD5:SHA
May/28/2013 14:15:47 ipsec,debug ip: no suitable proposal found.
May/28/2013 14:15:47 ipsec,debug ip: failed to get valid proposal.
May/28/2013 14:15:49 ipsec,debug,packet ip: ==========
May/28/2013 14:15:49 ipsec,debug,packet ip: 384 bytes message received from 10.0.1.9[500] to 10.0.1.1[500]
May/28/2013 14:15:49 ipsec,debug,packet ip: 0816e694 90f71028 00000000 00000000 01100200 00000000 00000180 0d0000d4
May/28/2013 14:15:49 ipsec,debug,packet ip: 00000001 00000001 000000c8 01010005 03000028 01010000 80010007 800e0100
May/28/2013 14:15:49 ipsec,debug,packet ip: 80020002 80040014 80030001 800b0001 000c0004 00007080 03000028 02010000
May/28/2013 14:15:49 ipsec,debug,packet ip: 80010007 800e0080 80020002 80040013 80030001 800b0001 000c0004 00007080
May/28/2013 14:15:49 ipsec,debug,packet ip: 03000028 03010000 80010007 800e0100 80020002 8004000e 80030001 800b0001
May/28/2013 14:15:49 ipsec,debug,packet ip: 000c0004 00007080 03000024 04010000 80010005 80020002 8004000e 80030001
May/28/2013 14:15:49 ipsec,debug,packet ip: 800b0001 000c0004 00007080 00000024 05010000 80010005 80020002 80040002
May/28/2013 14:15:49 ipsec,debug,packet ip: 80030001 800b0001 000c0004 00007080 0d000018 1e2b5169 05991c7d 7c96fcbf
May/28/2013 14:15:49 ipsec,debug,packet ip: b587e461 00000008 0d000014 4a131c81 07035845 5c5728f2 0e95452f 0d000014
May/28/2013 14:15:49 ipsec,debug,packet ip: 90cb8091 3ebb696e 086381b5 ec427b1f 0d000014 4048b7d5 6ebce885 25e7de7f
May/28/2013 14:15:49 ipsec,debug,packet ip: 00d6c2d3 0d000014 fb1de3cd f341b7ea 16b7e5be 0855f120 0d000014 26244d38
May/28/2013 14:15:49 ipsec,debug,packet ip: eddb61b3 172a36e3 d0cfb819 00000014 e3a5966a 76379fe7 07228231 e5ce8652
May/28/2013 14:15:49 ipsec,debug,packet ip: begin.
May/28/2013 14:15:49 ipsec,debug,packet ip: seen nptype=1(sa)
May/28/2013 14:15:49 ipsec,debug,packet ip: seen nptype=13(vid)
May/28/2013 14:15:49 ipsec,debug,packet ip: seen nptype=13(vid)
May/28/2013 14:15:49 ipsec,debug,packet ip: seen nptype=13(vid)
May/28/2013 14:15:49 ipsec,debug,packet ip: seen nptype=13(vid)
May/28/2013 14:15:49 ipsec,debug,packet ip: seen nptype=13(vid)
May/28/2013 14:15:49 ipsec,debug,packet ip: seen nptype=13(vid)
May/28/2013 14:15:49 ipsec,debug,packet ip: seen nptype=13(vid)
May/28/2013 14:15:49 ipsec,debug,packet ip: succeed.
May/28/2013 14:15:49 ipsec,debug ip: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
May/28/2013 14:15:49 ipsec,debug ip: received Vendor ID: RFC 3947
May/28/2013 14:15:49 ipsec,debug ip: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
May/28/2013 14:15:49 ipsec,debug ip:
May/28/2013 14:15:49 ipsec,debug ip: received Vendor ID: FRAGMENTATION
May/28/2013 14:15:49 ipsec,debug,packet ip: received unknown Vendor ID
May/28/2013 14:15:49 ipsec,debug,packet ip: received unknown Vendor ID
May/28/2013 14:15:49 ipsec,debug,packet ip: received unknown Vendor ID
May/28/2013 14:15:49 ipsec,debug ip: Selected NAT-T version: RFC 3947
May/28/2013 14:15:49 ipsec,debug,packet ip: total SA len=208
May/28/2013 14:15:49 ipsec,debug,packet ip: 00000001 00000001 000000c8 01010005 03000028 01010000 80010007 800e0100
May/28/2013 14:15:49 ipsec,debug,packet ip: 80020002 80040014 80030001 800b0001 000c0004 00007080 03000028 02010000
May/28/2013 14:15:49 ipsec,debug,packet ip: 80010007 800e0080 80020002 80040013 80030001 800b0001 000c0004 00007080
May/28/2013 14:15:49 ipsec,debug,packet ip: 03000028 03010000 80010007 800e0100 80020002 8004000e 80030001 800b0001
May/28/2013 14:15:49 ipsec,debug,packet ip: 000c0004 00007080 03000024 04010000 80010005 80020002 8004000e 80030001
May/28/2013 14:15:49 ipsec,debug,packet ip: 800b0001 000c0004 00007080 00000024 05010000 80010005 80020002 80040002
May/28/2013 14:15:49 ipsec,debug,packet ip: 80030001 800b0001 000c0004 00007080
May/28/2013 14:15:49 ipsec,debug,packet ip: begin.
May/28/2013 14:15:49 ipsec,debug,packet ip: seen nptype=2(prop)
May/28/2013 14:15:49 ipsec,debug,packet ip: succeed.
May/28/2013 14:15:49 ipsec,debug,packet ip: proposal #1 len=200
May/28/2013 14:15:49 ipsec,debug,packet ip: begin.
May/28/2013 14:15:49 ipsec,debug,packet ip: seen nptype=3(trns)
May/28/2013 14:15:49 ipsec,debug,packet ip: seen nptype=3(trns)
May/28/2013 14:15:49 ipsec,debug,packet ip: seen nptype=3(trns)
May/28/2013 14:15:49 ipsec,debug,packet ip: seen nptype=3(trns)
May/28/2013 14:15:49 ipsec,debug,packet ip: seen nptype=3(trns)
May/28/2013 14:15:49 ipsec,debug,packet ip: succeed.
May/28/2013 14:15:49 ipsec,debug,packet ip: transform #1 len=40
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
May/28/2013 14:15:49 ipsec,debug,packet ip: encryption(aes)
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Key Length, flag=0x8000, lorv=256
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Hash Algorithm, flag=0x8000, lorv=SHA
May/28/2013 14:15:49 ipsec,debug,packet ip: hash(sha1)
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Group Description, flag=0x8000, lorv=20
May/28/2013 14:15:49 ipsec,debug ip: invalid DH group 20.
May/28/2013 14:15:49 ipsec,debug,packet ip: transform #2 len=40
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
May/28/2013 14:15:49 ipsec,debug,packet ip: encryption(aes)
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Key Length, flag=0x8000, lorv=128
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Hash Algorithm, flag=0x8000, lorv=SHA
May/28/2013 14:15:49 ipsec,debug,packet ip: hash(sha1)
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Group Description, flag=0x8000, lorv=19
May/28/2013 14:15:49 ipsec,debug ip: invalid DH group 19.
May/28/2013 14:15:49 ipsec,debug,packet ip: transform #3 len=40
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
May/28/2013 14:15:49 ipsec,debug,packet ip: encryption(aes)
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Key Length, flag=0x8000, lorv=256
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Hash Algorithm, flag=0x8000, lorv=SHA
May/28/2013 14:15:49 ipsec,debug,packet ip: hash(sha1)
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Group Description, flag=0x8000, lorv=2048-bit MODP group
May/28/2013 14:15:49 ipsec,debug,packet ip: hmac(modp2048)
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Authentication Method, flag=0x8000, lorv=pre-shared key
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Life Type, flag=0x8000, lorv=seconds
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Life Duration, flag=0x0000, lorv=4
May/28/2013 14:15:49 ipsec,debug,packet ip: transform #4 len=36
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
May/28/2013 14:15:49 ipsec,debug,packet ip: encryption(3des)
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Hash Algorithm, flag=0x8000, lorv=SHA
May/28/2013 14:15:49 ipsec,debug,packet ip: hash(sha1)
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Group Description, flag=0x8000, lorv=2048-bit MODP group
May/28/2013 14:15:49 ipsec,debug,packet ip: hmac(modp2048)
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Authentication Method, flag=0x8000, lorv=pre-shared key
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Life Type, flag=0x8000, lorv=seconds
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Life Duration, flag=0x0000, lorv=4
May/28/2013 14:15:49 ipsec,debug,packet ip: transform #5 len=36
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
May/28/2013 14:15:49 ipsec,debug,packet ip: encryption(3des)
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Hash Algorithm, flag=0x8000, lorv=SHA
May/28/2013 14:15:49 ipsec,debug,packet ip: hash(sha1)
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
May/28/2013 14:15:49 ipsec,debug,packet ip: hmac(modp1024)
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Authentication Method, flag=0x8000, lorv=pre-shared key
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Life Type, flag=0x8000, lorv=seconds
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Life Duration, flag=0x0000, lorv=4
May/28/2013 14:15:49 ipsec,debug,packet ip: pair 1:
May/28/2013 14:15:49 ipsec,debug,packet ip: 0x490688: next=(nil) tnext=0x4906a0
May/28/2013 14:15:49 ipsec,debug,packet ip: 0x4906a0: next=(nil) tnext=0x4906b8
May/28/2013 14:15:49 ipsec,debug,packet ip: 0x4906b8: next=(nil) tnext=(nil)
May/28/2013 14:15:49 ipsec,debug,packet ip: proposal #1: 3 transform
May/28/2013 14:15:49 ipsec,debug,packet ip: prop#=1, prot-id=ISAKMP, spi-size=0, #trns=5
May/28/2013 14:15:49 ipsec,debug,packet ip: trns#=3, trns-id=IKE
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Key Length, flag=0x8000, lorv=256
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Hash Algorithm, flag=0x8000, lorv=SHA
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Group Description, flag=0x8000, lorv=2048-bit MODP group
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Authentication Method, flag=0x8000, lorv=pre-shared key
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Life Type, flag=0x8000, lorv=seconds
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Life Duration, flag=0x0000, lorv=4
May/28/2013 14:15:49 ipsec,debug,packet ip: Compared: DB:Peer
May/28/2013 14:15:49 ipsec,debug,packet ip: (lifetime = 86400:28800)
May/28/2013 14:15:49 ipsec,debug,packet ip: (lifebyte = 0:0)
May/28/2013 14:15:49 ipsec,debug,packet ip: enctype = AES-CBC:AES-CBC
May/28/2013 14:15:49 ipsec,debug,packet ip: (encklen = 128:256)
May/28/2013 14:15:49 ipsec,debug,packet ip: hashtype = MD5:SHA
May/28/2013 14:15:49 ipsec,debug,packet ip: authmethod = pre-shared key:pre-shared key
May/28/2013 14:15:49 ipsec,debug,packet ip: dh_group = 1024-bit MODP group:2048-bit MODP group
May/28/2013 14:15:49 ipsec,debug,packet ip: prop#=1, prot-id=ISAKMP, spi-size=0, #trns=5
May/28/2013 14:15:49 ipsec,debug,packet ip: trns#=4, trns-id=IKE
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Hash Algorithm, flag=0x8000, lorv=SHA
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Group Description, flag=0x8000, lorv=2048-bit MODP group
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Authentication Method, flag=0x8000, lorv=pre-shared key
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Life Type, flag=0x8000, lorv=seconds
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Life Duration, flag=0x0000, lorv=4
May/28/2013 14:15:49 ipsec,debug,packet ip: Compared: DB:Peer
May/28/2013 14:15:49 ipsec,debug,packet ip: (lifetime = 86400:28800)
May/28/2013 14:15:49 ipsec,debug,packet ip: (lifebyte = 0:0)
May/28/2013 14:15:49 ipsec,debug,packet ip: enctype = AES-CBC:3DES-CBC
May/28/2013 14:15:49 ipsec,debug,packet ip: (encklen = 128:0)
May/28/2013 14:15:49 ipsec,debug,packet ip: hashtype = MD5:SHA
May/28/2013 14:15:49 ipsec,debug,packet ip: authmethod = pre-shared key:pre-shared key
May/28/2013 14:15:49 ipsec,debug,packet ip: dh_group = 1024-bit MODP group:2048-bit MODP group
May/28/2013 14:15:49 ipsec,debug,packet ip: prop#=1, prot-id=ISAKMP, spi-size=0, #trns=5
May/28/2013 14:15:49 ipsec,debug,packet ip: trns#=5, trns-id=IKE
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Hash Algorithm, flag=0x8000, lorv=SHA
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Authentication Method, flag=0x8000, lorv=pre-shared key
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Life Type, flag=0x8000, lorv=seconds
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Life Duration, flag=0x0000, lorv=4
May/28/2013 14:15:49 ipsec,debug,packet ip: Compared: DB:Peer
May/28/2013 14:15:49 ipsec,debug,packet ip: (lifetime = 86400:28800)
May/28/2013 14:15:49 ipsec,debug,packet ip: (lifebyte = 0:0)
May/28/2013 14:15:49 ipsec,debug,packet ip: enctype = AES-CBC:3DES-CBC
May/28/2013 14:15:49 ipsec,debug,packet ip: (encklen = 128:0)
May/28/2013 14:15:49 ipsec,debug,packet ip: hashtype = MD5:SHA
May/28/2013 14:15:49 ipsec,debug,packet ip: authmethod = pre-shared key:pre-shared key
May/28/2013 14:15:49 ipsec,debug,packet ip: dh_group = 1024-bit MODP group:1024-bit MODP group
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Key Length, flag=0x8000, lorv=256
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Hash Algorithm, flag=0x8000, lorv=SHA
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Group Description, flag=0x8000, lorv=2048-bit MODP group
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Authentication Method, flag=0x8000, lorv=pre-shared key
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Life Type, flag=0x8000, lorv=seconds
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Life Duration, flag=0x0000, lorv=4
May/28/2013 14:15:49 ipsec,debug ip: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#3) = MD5:SHA
May/28/2013 14:15:49 ipsec,debug ip: rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#3) = 1024-bit MODP group:2048-bit MODP group
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Hash Algorithm, flag=0x8000, lorv=SHA
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Group Description, flag=0x8000, lorv=2048-bit MODP group
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Authentication Method, flag=0x8000, lorv=pre-shared key
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Life Type, flag=0x8000, lorv=seconds
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Life Duration, flag=0x0000, lorv=4
May/28/2013 14:15:49 ipsec,debug ip: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#4) = AES-CBC:3DES-CBC
May/28/2013 14:15:49 ipsec,debug ip: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#4) = MD5:SHA
May/28/2013 14:15:49 ipsec,debug ip: rejected dh_group: DB(prop#1:trns#1):Peer(prop#1:trns#4) = 1024-bit MODP group:2048-bit MODP group
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Hash Algorithm, flag=0x8000, lorv=SHA
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Authentication Method, flag=0x8000, lorv=pre-shared key
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Life Type, flag=0x8000, lorv=seconds
May/28/2013 14:15:49 ipsec,debug,packet ip: type=Life Duration, flag=0x0000, lorv=4
May/28/2013 14:15:49 ipsec,debug ip: rejected enctype: DB(prop#1:trns#1):Peer(prop#1:trns#5) = AES-CBC:3DES-CBC
May/28/2013 14:15:49 ipsec,debug ip: rejected hashtype: DB(prop#1:trns#1):Peer(prop#1:trns#5) = MD5:SHA
May/28/2013 14:15:49 ipsec,debug ip: no suitable proposal found.
May/28/2013 14:15:49 ipsec,debug ip: failed to get valid proposal.