I am working on a GRE IPsec tunnel with Verizon. We get it to come up enough where info is populated in installed-sa. However, the traffic does not seem to return and we cannot ping the private address on either end
Mikrotik: CCR1036-12G-4S
rOS: 6.19
Here is a sample config Verizon believes would work on my end if I were using a cisco device:
rypto isakmp policy 1
encr aes 256
hash md5
authentication pre-share
group 2
crypto isakmp key VzWmPn01686 address 2.2.2.2
crypto isakmp key VzWmPn01686 address 4.4.4.4
!
crypto ipsec transform-set VZW-TSET esp-aes 256 esp-sha-hmac
mode transport
!
crypto map VZW-MAP 10 ipsec-isakmp
set peer 2.2.2.2
set peer 4.4.4.4
set transform-set VZW-TSET
match address 172
!
!
!
!
interface Tunnel0
ip address 10.98.0.2 255.255.255.252
tunnel source 1.1.1.1
tunnel destination 2.2.2.2
!
interface Tunnel1
ip address 10.98.0.6 255.255.255.252
tunnel source 1.1.1.1
tunnel destination 4.4.4.4
!
interface GigabitEthernet0/0
ip address 1.1.1.1------------------outside interface
duplex auto
speed 100
crypto map VZW-MAP
!
router bgp 65505
no synchronization
bgp log-neighbor-changes
neighbor 10.98.0.1 remote-as 6167
neighbor 10.98.0.1 default-originate
neighbor 10.98.0.5 remote-as 6167
neighbor 10.98.0.5 default-originate
no auto-summary
!
!
access-list 172 permit gre host 1.1.1.1 host 2.2.2.2
access-list 172 permit gre host 1.1.1.1 host 4.4.4.4
Mikrotik Installed-Sa info:
lags: A - AH, E - ESP, P - pfs
0 E spi=0xB3E2DB2 src-address=2.2.2.2:4500
dst-address=1.1.1.1:4500 auth-algorithm=md5 enc-algorithm=aes-cbc
replay=4 state=mature auth-key="xxxxxxxxxxx"
enc-key="xxxxxxxxxxxxxx"
addtime=sep/25/2014 10:49:57 expires-in=23m37s add-lifetime=48m/1h
current-bytes=10464
1 E spi=0xBBE84F0 src-address=1.1.1.1:4500
dst-address=2.2.2.2:4500 auth-algorithm=md5
enc-algorithm=aes-cbc replay=4 state=mature
auth-key="xxxxxxxxxxxxxxxx"
enc-key="xxxxxxxxxxxxxxxx"
add-lifetime=48m/1h
IPsec debug log:
11:22:19 ipsec,debug,packet 01108d28 a6a6589a e720a7b4 d71c856e 87abbe95 00000270 ebcacaf7 d69ab707
11:22:19 ipsec,debug,packet encryption(aes)
11:22:19 ipsec,debug,packet with key:
11:22:19 ipsec,debug,packet 61892ad1 3a9ce904 4c7b64f8 c566b22d 11ac3ce0 319d6e9d d6c7196b dcc06803
11:22:19 ipsec,debug,packet encrypted payload by IV:
11:22:19 ipsec,debug,packet 7ca7979d a1efeb74 89cec7e8 7d070ef8
11:22:19 ipsec,debug,packet save IV for next:
11:22:19 ipsec,debug,packet c60fcae4 4bd52f88 200d5b93 68fd559c
11:22:19 ipsec,debug,packet encrypted.
11:22:19 ipsec,debug,packet Adding NON-ESP marker
11:22:19 ipsec,debug,packet 96 bytes from 1.1.1.1[4500] to 2.2.2.2[4500]
11:22:19 ipsec,debug,packet sockname 1.1.1.1[4500]
11:22:19 ipsec,debug,packet send packet from 1.1.1.1[4500]
11:22:19 ipsec,debug,packet send packet to 2.2.2.2[4500]
11:22:19 ipsec,debug,packet src4 1.1.1.1[4500]
11:22:19 ipsec,debug,packet dst4 2.2.2.2[4500]
11:22:19 ipsec,debug,packet 1 times of 96 bytes message will be sent to 2.2.2.2[4500]
11:22:19 ipsec,debug,packet 00000000 a6a6589a e720a7b4 d71c856e 87abbe95 08100501 c459373f 0000005c
11:22:19 ipsec,debug,packet 1b3a8357 1ab9c54b 5282be6e d2c7a6c9 3727efc0 49c5e36e 9dd96d0d 67d19e63
11:22:19 ipsec,debug,packet 82a87130 08cf8e41 8a53c5ea 962863de c60fcae4 4bd52f88 200d5b93 68fd559c
11:22:19 ipsec,debug,packet sendto Information notify.
11:22:19 ipsec,debug,packet DPD R-U-There sent (0)
11:22:19 ipsec,debug,packet rescheduling send_r_u (5).
11:22:19 ipsec,debug,packet ==========
11:22:19 ipsec,debug,packet 92 bytes message received from 2.2.2.2[4500] to 1.1.1.1[4500]
11:22:19 ipsec,debug,packet a6a6589a e720a7b4 d71c856e 87abbe95 08100501 60b2bfe9 0000005c 72433117
11:22:19 ipsec,debug,packet c3696590 5397c85e 4df438e1 af59d7ae 5b150f29 4c59fdae 667bf2bc 47007610
11:22:19 ipsec,debug,packet 151aa5d9 af14e6f4 71edf9cd 6a8d4212 67ee8caf 9098ebfd fae6e0e4
11:22:19 ipsec,debug,packet receive Information.
11:22:19 ipsec,debug,packet compute IV for phase2
11:22:19 ipsec,debug,packet phase1 last IV:
11:22:19 ipsec,debug,packet e5446c37 36c39671 39d0ff76 b660bb7c 60b2bfe9
11:22:19 ipsec,debug,packet hash(sha1)
11:22:19 ipsec,debug,packet encryption(aes)
11:22:19 ipsec,debug,packet phase2 IV computed:
11:22:19 ipsec,debug,packet d9f9769f 35ecde0e 9b821cc6 4a2f3ba2
11:22:19 ipsec,debug,packet encryption(aes)
11:22:19 ipsec,debug,packet IV was saved for next processing:
11:22:19 ipsec,debug,packet 6a8d4212 67ee8caf 9098ebfd fae6e0e4
11:22:19 ipsec,debug,packet encryption(aes)
11:22:19 ipsec,debug,packet with key:
11:22:19 ipsec,debug,packet 61892ad1 3a9ce904 4c7b64f8 c566b22d 11ac3ce0 319d6e9d d6c7196b dcc06803
11:22:19 ipsec,debug,packet decrypted payload by IV:
11:22:19 ipsec,debug,packet d9f9769f 35ecde0e 9b821cc6 4a2f3ba2
11:22:19 ipsec,debug,packet decrypted payload, but not trimed.
11:22:19 ipsec,debug,packet 0b000018 d206797d 2293ea0d f75ce828 66e13c33 f560dc6b 00000020 00000001
11:22:19 ipsec,debug,packet 01108d29 a6a6589a e720a7b4 d71c856e 87abbe95 00000270 00000000 00000000
11:22:19 ipsec,debug,packet padding len=1
11:22:19 ipsec,debug,packet skip to trim padding.
11:22:19 ipsec,debug,packet decrypted.
11:22:19 ipsec,debug,packet a6a6589a e720a7b4 d71c856e 87abbe95 08100501 60b2bfe9 0000005c 0b000018
11:22:19 ipsec,debug,packet d206797d 2293ea0d f75ce828 66e13c33 f560dc6b 00000020 00000001 01108d29
11:22:19 ipsec,debug,packet a6a6589a e720a7b4 d71c856e 87abbe95 00000270 00000000 00000000
11:22:19 ipsec,debug,packet HASH with:
11:22:19 ipsec,debug,packet 60b2bfe9 00000020 00000001 01108d29 a6a6589a e720a7b4 d71c856e 87abbe95
11:22:19 ipsec,debug,packet 00000270
11:22:19 ipsec,debug,packet hmac(hmac_sha1)
11:22:19 ipsec,debug,packet HASH computed:
11:22:19 ipsec,debug,packet d206797d 2293ea0d f75ce828 66e13c33 f560dc6b
11:22:19 ipsec,debug,packet hash validated.
11:22:19 ipsec,debug,packet begin.
11:22:19 ipsec,debug,packet seen nptype=8(hash)
11:22:19 ipsec,debug,packet seen nptype=11(notify)
11:22:19 ipsec,debug,packet succeed.
11:22:19 ipsec,debug,packet DPD R-U-There-Ack received
11:22:19 ipsec,debug,packet received an R-U-THERE-ACK
11:22:19 firewall,info input: in:ether5 out:(none), src-mac 00:1c:2e:9c:5a:c0, proto UDP, 2.2.2.2:4500->1.1.1.1:4500, len 124
11:22:27 ipsec,debug,packet KA: 1.1.1.1[4500]->2.2.2.2[4500]
11:22:27 ipsec,debug,packet sockname 1.1.1.1[4500]
11:22:27 ipsec,debug,packet send packet from 1.1.1.1[4500]
11:22:27 ipsec,debug,packet send packet to 2.2.2.2[4500]
11:22:27 ipsec,debug,packet src4 1.1.1.1[4500]
11:22:27 ipsec,debug,packet dst4 2.2.2.2[4500]
11:22:27 ipsec,debug,packet 1 times of 1 bytes message will be sent to 2.2.2.2[4500]
11:22:27 ipsec,debug,packet ff
11:22:34 ipsec,debug,packet DPD monitoring....
11:22:34 ipsec,debug,packet compute IV for phase2
11:22:34 ipsec,debug,packet phase1 last IV:
11:22:34 ipsec,debug,packet e5446c37 36c39671 39d0ff76 b660bb7c c61f9e66
11:22:34 ipsec,debug,packet hash(sha1)
11:22:34 ipsec,debug,packet encryption(aes)
11:22:34 ipsec,debug,packet phase2 IV computed:
11:22:34 ipsec,debug,packet ba8cc016 5a405dae 62d2433a 8015bee6
11:22:34 ipsec,debug,packet HASH with:
11:22:34 ipsec,debug,packet c61f9e66 00000020 00000001 01108d28 a6a6589a e720a7b4 d71c856e 87abbe95
11:22:34 ipsec,debug,packet 00000271
11:22:34 ipsec,debug,packet hmac(hmac_sha1)
11:22:34 ipsec,debug,packet HASH computed:
11:22:34 ipsec,debug,packet 4505944f 72671c57 aab6a142 a078ed2b 7e569f39
11:22:34 ipsec,debug,packet begin encryption.
11:22:34 ipsec,debug,packet encryption(aes)
11:22:34 ipsec,debug,packet pad length = 8
11:22:34 ipsec,debug,packet 0b000018 4505944f 72671c57 aab6a142 a078ed2b 7e569f39 00000020 00000001
11:22:34 ipsec,debug,packet 01108d28 a6a6589a e720a7b4 d71c856e 87abbe95 00000271 b4c3b58b 9daa8207
11:22:34 ipsec,debug,packet encryption(aes)
11:22:34 ipsec,debug,packet with key:
11:22:34 ipsec,debug,packet 61892ad1 3a9ce904 4c7b64f8 c566b22d 11ac3ce0 319d6e9d d6c7196b dcc06803
11:22:34 ipsec,debug,packet encrypted payload by IV:
11:22:34 ipsec,debug,packet ba8cc016 5a405dae 62d2433a 8015bee6
11:22:34 ipsec,debug,packet save IV for next:
11:22:34 ipsec,debug,packet 0dc02949 e823c319 2ba09365 f1b9c498
11:22:34 ipsec,debug,packet encrypted.
11:22:34 ipsec,debug,packet Adding NON-ESP marker
11:22:34 ipsec,debug,packet 96 bytes from 1.1.1.1[4500] to 2.2.2.2[4500]
11:22:34 ipsec,debug,packet sockname 1.1.1.1[4500]
11:22:34 ipsec,debug,packet send packet from 1.1.1.1[4500]
11:22:34 ipsec,debug,packet send packet to 2.2.2.2[4500]
11:22:34 ipsec,debug,packet src4 1.1.1.1[4500]
11:22:34 ipsec,debug,packet dst4 2.2.2.2[4500]
11:22:34 ipsec,debug,packet 1 times of 96 bytes message will be sent to 2.2.2.2[4500]
11:22:34 ipsec,debug,packet 00000000 a6a6589a e720a7b4 d71c856e 87abbe95 08100501 c61f9e66 0000005c
11:22:34 ipsec,debug,packet e20c9e5f 593dac14 cd7a8bb3 1a217ddb 2f2ff16a a1e5fa23 c91ca9bc 10166b58
11:22:34 ipsec,debug,packet 0ea67678 add8007b ab0b7ef4 091ba8a5 0dc02949 e823c319 2ba09365 f1b9c498
11:22:34 ipsec,debug,packet sendto Information notify.
11:22:34 ipsec,debug,packet DPD R-U-There sent (0)
11:22:34 ipsec,debug,packet rescheduling send_r_u (5).
11:22:34 ipsec,debug,packet ==========
11:22:34 ipsec,debug,packet 92 bytes message received from 2.2.2.2[4500] to 1.1.1.1[4500]
11:22:34 ipsec,debug,packet a6a6589a e720a7b4 d71c856e 87abbe95 08100501 4b1aede6 0000005c 70f498bf
11:22:34 ipsec,debug,packet 8a89ae68 96bfb07c 75052377 66e9692e 30daf489 748dad27 e65feed2 8bb3114f
11:22:34 ipsec,debug,packet dcc4b3a5 aef80151 f4013289 96bcc67d d2fcf6d8 97e9fda6 6c7a956d
11:22:34 ipsec,debug,packet receive Information.
11:22:34 ipsec,debug,packet compute IV for phase2
11:22:34 ipsec,debug,packet phase1 last IV:
11:22:34 ipsec,debug,packet e5446c37 36c39671 39d0ff76 b660bb7c 4b1aede6
11:22:34 ipsec,debug,packet hash(sha1)
11:22:34 ipsec,debug,packet encryption(aes)
11:22:34 ipsec,debug,packet phase2 IV computed:
11:22:34 ipsec,debug,packet ccebbef3 58ff968a abcf7fd7 7485d840
11:22:34 ipsec,debug,packet encryption(aes)
11:22:34 ipsec,debug,packet IV was saved for next processing:
11:22:34 ipsec,debug,packet 96bcc67d d2fcf6d8 97e9fda6 6c7a956d
11:22:34 ipsec,debug,packet encryption(aes)
11:22:34 ipsec,debug,packet with key:
11:22:34 ipsec,debug,packet 61892ad1 3a9ce904 4c7b64f8 c566b22d 11ac3ce0 319d6e9d d6c7196b dcc06803
11:22:34 ipsec,debug,packet decrypted payload by IV:
11:22:34 ipsec,debug,packet ccebbef3 58ff968a abcf7fd7 7485d840
11:22:34 ipsec,debug,packet decrypted payload, but not trimed.
11:22:34 ipsec,debug,packet 0b000018 fd0cf8f2 66db9b0d bb381086 1f440489 2f9d7b9b 00000020 00000001
11:22:34 ipsec,debug,packet 01108d29 a6a6589a e720a7b4 d71c856e 87abbe95 00000271 00000000 00000000
11:22:34 ipsec,debug,packet padding len=1
11:22:34 ipsec,debug,packet skip to trim padding.
11:22:34 ipsec,debug,packet decrypted.
11:22:34 ipsec,debug,packet a6a6589a e720a7b4 d71c856e 87abbe95 08100501 4b1aede6 0000005c 0b000018
11:22:34 ipsec,debug,packet fd0cf8f2 66db9b0d bb381086 1f440489 2f9d7b9b 00000020 00000001 01108d29
11:22:34 ipsec,debug,packet a6a6589a e720a7b4 d71c856e 87abbe95 00000271 00000000 00000000
11:22:34 ipsec,debug,packet HASH with:
11:22:34 ipsec,debug,packet 4b1aede6 00000020 00000001 01108d29 a6a6589a e720a7b4 d71c856e 87abbe95
11:22:34 ipsec,debug,packet 00000271
11:22:34 ipsec,debug,packet hmac(hmac_sha1)
11:22:34 ipsec,debug,packet HASH computed:
11:22:34 ipsec,debug,packet fd0cf8f2 66db9b0d bb381086 1f440489 2f9d7b9b
11:22:34 ipsec,debug,packet hash validated.
11:22:34 ipsec,debug,packet begin.
11:22:34 ipsec,debug,packet seen nptype=8(hash)
11:22:34 ipsec,debug,packet seen nptype=11(notify)
11:22:34 ipsec,debug,packet succeed.
11:22:34 ipsec,debug,packet DPD R-U-There-Ack received
11:22:34 ipsec,debug,packet received an R-U-THERE-ACK
11:22:34 firewall,info input: in:ether5 out:(none), src-mac 00:1c:2e:9c:5a:c0, proto UDP, 2.2.2.2:4500->1.1.1.1:4500, len 124
11:22:45 firewall,info input: in:ether5 out:(none), src-mac 00:1c:2e:9c:5a:c0, proto UDP, 2.2.2.2:4500->1.1.1.1:4500, len 128
11:22:45 firewall,info input: in:ether5 out:(none), proto 47, 2.2.2.2->1.1.1.1, len 68
11:22:47 ipsec,debug,packet KA: 1.1.1.1[4500]->2.2.2.2[4500]
11:22:47 ipsec,debug,packet sockname 1.1.1.1[4500]
11:22:47 ipsec,debug,packet send packet from 1.1.1.1[4500]
11:22:47 ipsec,debug,packet send packet to 2.2.2.2[4500]
11:22:47 ipsec,debug,packet src4 1.1.1.1[4500]
11:22:47 ipsec,debug,packet dst4 2.2.2.2[4500]
11:22:47 ipsec,debug,packet 1 times of 1 bytes message will be sent to 2.2.2.2[4500]
11:22:47 ipsec,debug,packet ff
11:22:47 firewall,info input: in:ether5 out:(none), src-mac 00:1c:2e:9c:5a:c0, proto UDP, 2.2.2.2:4500->1.1.1.1:4500, len 128
11:22:47 firewall,info input: in:ether5 out:(none), proto 47, 2.2.2.2->1.1.1.1, len 68
11:22:49 ipsec,debug,packet DPD monitoring....
11:22:49 ipsec,debug,packet compute IV for phase2
11:22:49 ipsec,debug,packet phase1 last IV:
11:22:49 ipsec,debug,packet e5446c37 36c39671 39d0ff76 b660bb7c 9655bcdf
11:22:49 ipsec,debug,packet hash(sha1)
11:22:49 ipsec,debug,packet encryption(aes)
11:22:49 ipsec,debug,packet phase2 IV computed:
11:22:49 ipsec,debug,packet a0c67ef0 64727165 e9904dbe 6a3b0a80
11:22:49 ipsec,debug,packet HASH with:
11:22:49 ipsec,debug,packet 9655bcdf 00000020 00000001 01108d28 a6a6589a e720a7b4 d71c856e 87abbe95
11:22:49 ipsec,debug,packet 00000272
11:22:49 ipsec,debug,packet hmac(hmac_sha1)
11:22:49 ipsec,debug,packet HASH computed:
11:22:49 ipsec,debug,packet 41f49990 908f2103 699bc758 40887676 3af6744d
11:22:49 ipsec,debug,packet begin encryption.
11:22:49 ipsec,debug,packet encryption(aes)
11:22:49 ipsec,debug,packet pad length = 8
11:22:49 ipsec,debug,packet 0b000018 41f49990 908f2103 699bc758 40887676 3af6744d 00000020 00000001
11:22:49 ipsec,debug,packet 01108d28 a6a6589a e720a7b4 d71c856e 87abbe95 00000272 ceff85a4 be8ff007
11:22:49 ipsec,debug,packet encryption(aes)
11:22:49 ipsec,debug,packet with key:
11:22:49 ipsec,debug,packet 61892ad1 3a9ce904 4c7b64f8 c566b22d 11ac3ce0 319d6e9d d6c7196b dcc06803
11:22:49 ipsec,debug,packet encrypted payload by IV:
11:22:49 ipsec,debug,packet a0c67ef0 64727165 e9904dbe 6a3b0a80
11:22:49 ipsec,debug,packet save IV for next:
11:22:49 ipsec,debug,packet 5062c7d7 9b3081a3 700f64cf ca72eb43
11:22:49 ipsec,debug,packet encrypted.
11:22:49 ipsec,debug,packet Adding NON-ESP marker
11:22:49 ipsec,debug,packet 96 bytes from 1.1.1.1[4500] to 2.2.2.2[4500]
11:22:49 ipsec,debug,packet sockname 1.1.1.1[4500]
11:22:49 ipsec,debug,packet send packet from 1.1.1.1[4500]
11:22:49 ipsec,debug,packet send packet to 2.2.2.2[4500]
11:22:49 ipsec,debug,packet src4 1.1.1.1[4500]
11:22:49 ipsec,debug,packet dst4 2.2.2.2[4500]
11:22:49 ipsec,debug,packet 1 times of 96 bytes message will be sent to 2.2.2.2[4500]
11:22:49 ipsec,debug,packet 00000000 a6a6589a e720a7b4 d71c856e 87abbe95 08100501 9655bcdf 0000005c
11:22:49 ipsec,debug,packet a0c76fea 1d0884d5 e1cbcace 5db621f9 8adcb78e 1867298a d238e22f bd3a0b41
11:22:49 ipsec,debug,packet 1d413a8c e2c4eeec ded832fd 7bb0c4f7 5062c7d7 9b3081a3 700f64cf ca72eb43
11:22:49 ipsec,debug,packet sendto Information notify.
11:22:49 ipsec,debug,packet DPD R-U-There sent (0)
11:22:49 ipsec,debug,packet rescheduling send_r_u (5).
11:22:49 ipsec,debug,packet ==========
11:22:49 ipsec,debug,packet 92 bytes message received from 2.2.2.2[4500] to 1.1.1.1[4500]
11:22:49 ipsec,debug,packet a6a6589a e720a7b4 d71c856e 87abbe95 08100501 14eed48b 0000005c ef8238c0
11:22:49 ipsec,debug,packet ba276b6c 0414a2e1 83423a4a c1a82cdc 10f2fcff d99a0aa5 e6c1a87b 44b4017e
11:22:49 ipsec,debug,packet eea33305 fb70ed88 b2f9ba7d 9e80c5f7 3bc78aaa c9d33a63 c2f8a922
11:22:49 ipsec,debug,packet receive Information.
11:22:49 ipsec,debug,packet compute IV for phase2
11:22:49 ipsec,debug,packet phase1 last IV:
11:22:49 ipsec,debug,packet e5446c37 36c39671 39d0ff76 b660bb7c 14eed48b
11:22:49 ipsec,debug,packet hash(sha1)
11:22:49 ipsec,debug,packet encryption(aes)
11:22:49 ipsec,debug,packet phase2 IV computed:
11:22:49 ipsec,debug,packet 3d6a1c36 6f800601 69e9f6b7 1bca0c61
11:22:49 ipsec,debug,packet encryption(aes)
11:22:49 ipsec,debug,packet IV was saved for next processing:
11:22:49 ipsec,debug,packet 9e80c5f7 3bc78aaa c9d33a63 c2f8a922
11:22:49 ipsec,debug,packet encryption(aes)
11:22:49 ipsec,debug,packet with key:
11:22:49 ipsec,debug,packet 61892ad1 3a9ce904 4c7b64f8 c566b22d 11ac3ce0 319d6e9d d6c7196b dcc06803
11:22:49 ipsec,debug,packet decrypted payload by IV:
11:22:49 ipsec,debug,packet 3d6a1c36 6f800601 69e9f6b7 1bca0c61
11:22:49 ipsec,debug,packet decrypted payload, but not trimed.
11:22:49 ipsec,debug,packet 0b000018 b24c86bc 04a421b9 b0e2ac7e 871aea1d 3a9a7d98 00000020 00000001
11:22:49 ipsec,debug,packet 01108d29 a6a6589a e720a7b4 d71c856e 87abbe95 00000272 00000000 00000000
11:22:49 ipsec,debug,packet padding len=1
11:22:49 ipsec,debug,packet skip to trim padding.
11:22:49 ipsec,debug,packet decrypted.
11:22:49 ipsec,debug,packet a6a6589a e720a7b4 d71c856e 87abbe95 08100501 14eed48b 0000005c 0b000018
11:22:49 ipsec,debug,packet b24c86bc 04a421b9 b0e2ac7e 871aea1d 3a9a7d98 00000020 00000001 01108d29
11:22:49 ipsec,debug,packet a6a6589a e720a7b4 d71c856e 87abbe95 00000272 00000000 00000000
11:22:49 ipsec,debug,packet HASH with:
11:22:49 ipsec,debug,packet 14eed48b 00000020 00000001 01108d29 a6a6589a e720a7b4 d71c856e 87abbe95
11:22:49 ipsec,debug,packet 00000272
11:22:49 ipsec,debug,packet hmac(hmac_sha1)
11:22:49 ipsec,debug,packet HASH computed:
11:22:49 ipsec,debug,packet b24c86bc 04a421b9 b0e2ac7e 871aea1d 3a9a7d98
11:22:49 ipsec,debug,packet hash validated.
11:22:49 ipsec,debug,packet begin.
11:22:49 ipsec,debug,packet seen nptype=8(hash)
11:22:49 ipsec,debug,packet seen nptype=11(notify)
11:22:49 ipsec,debug,packet succeed.
11:22:49 ipsec,debug,packet DPD R-U-There-Ack received
11:22:49 ipsec,debug,packet received an R-U-THERE-ACK
11:22:49 firewall,info input: in:ether5 out:(none), src-mac 00:1c:2e:9c:5a:c0, proto UDP, 2.2.2.2:4500->1.1.1.1:4500, len 124
11:22:51 firewall,info input: in:ether5 out:(none), src-mac 00:1c:2e:9c:5a:c0, proto UDP, 2.2.2.2:4500->1.1.1.1:4500, len 128
11:22:51 firewall,info input: in:ether5 out:(none), proto 47, 2.2.2.2->1.1.1.1, len 68
11:22:59 firewall,info input: in:ether5 out:(none), src-mac 00:1c:2e:9c:5a:c0, proto UDP, 2.2.2.2:4500->1.1.1.1:4500, len 128
11:22:59 firewall,info input: in:ether5 out:(none), proto 47, 2.2.2.2->1.1.1.1, len 68
11:23:04 ipsec,debug,packet DPD monitoring....
11:23:04 ipsec,debug,packet compute IV for phase2
11:23:04 ipsec,debug,packet phase1 last IV:
11:23:04 ipsec,debug,packet e5446c37 36c39671 39d0ff76 b660bb7c c00c88f9
11:23:04 ipsec,debug,packet hash(sha1)
11:23:04 ipsec,debug,packet encryption(aes)
11:23:04 ipsec,debug,packet phase2 IV computed:
11:23:04 ipsec,debug,packet bffb9cb4 8b11d339 3461a7f6 508b7d1b
11:23:04 ipsec,debug,packet HASH with:
11:23:04 ipsec,debug,packet c00c88f9 00000020 00000001 01108d28 a6a6589a e720a7b4 d71c856e 87abbe95
11:23:04 ipsec,debug,packet 00000273
11:23:04 ipsec,debug,packet hmac(hmac_sha1)
11:23:04 ipsec,debug,packet HASH computed:
11:23:04 ipsec,debug,packet 5ce5f867 3a642ef3 2e713be3 f867fb09 b06e760f
11:23:04 ipsec,debug,packet begin encryption.
11:23:04 ipsec,debug,packet encryption(aes)
11:23:04 ipsec,debug,packet pad length = 8
11:23:04 ipsec,debug,packet 0b000018 5ce5f867 3a642ef3 2e713be3 f867fb09 b06e760f 00000020 00000001
11:23:04 ipsec,debug,packet 01108d28 a6a6589a e720a7b4 d71c856e 87abbe95 00000273 fbc6f6a0 b2b39a07
11:23:04 ipsec,debug,packet encryption(aes)
11:23:04 ipsec,debug,packet with key:
11:23:04 ipsec,debug,packet 61892ad1 3a9ce904 4c7b64f8 c566b22d 11ac3ce0 319d6e9d d6c7196b dcc06803
11:23:04 ipsec,debug,packet encrypted payload by IV:
11:23:04 ipsec,debug,packet bffb9cb4 8b11d339 3461a7f6 508b7d1b
11:23:04 ipsec,debug,packet save IV for next:
11:23:04 ipsec,debug,packet b7d90d7c cf7dc9e9 3a1dc790 86e322ed
11:23:04 ipsec,debug,packet encrypted.
11:23:04 ipsec,debug,packet Adding NON-ESP marker
11:23:04 ipsec,debug,packet 96 bytes from 1.1.1.1[4500] to 2.2.2.2[4500]
11:23:04 ipsec,debug,packet sockname 1.1.1.1[4500]
11:23:04 ipsec,debug,packet send packet from 1.1.1.1[4500]
11:23:04 ipsec,debug,packet send packet to 2.2.2.2[4500]
11:23:04 ipsec,debug,packet src4 1.1.1.1[4500]
11:23:04 ipsec,debug,packet dst4 2.2.2.2[4500]
11:23:04 ipsec,debug,packet 1 times of 96 bytes message will be sent to 2.2.2.2[4500]
11:23:04 ipsec,debug,packet 00000000 a6a6589a e720a7b4 d71c856e 87abbe95 08100501 c00c88f9 0000005c
11:23:04 ipsec,debug,packet 61129290 20df3cf1 ada6a7bc c2687919 a5f1fdfb 0b637fa9 7a3767af bed73124
11:23:04 ipsec,debug,packet d331a1cb 78a05ea7 a6c04470 6993a4d0 b7d90d7c cf7dc9e9 3a1dc790 86e322ed
11:23:04 ipsec,debug,packet sendto Information notify.
11:23:04 ipsec,debug,packet DPD R-U-There sent (0)
11:23:04 ipsec,debug,packet rescheduling send_r_u (5).
11:23:04 ipsec,debug,packet ==========
11:23:04 ipsec,debug,packet 92 bytes message received from 2.2.2.2[4500] to 1.1.1.1[4500]
11:23:04 ipsec,debug,packet a6a6589a e720a7b4 d71c856e 87abbe95 08100501 8962acc8 0000005c 29407896
11:23:04 ipsec,debug,packet 600eb06f 1a9b0002 c65313db 6f180364 ef4cb541 57a4d43e def5b8df 87c14da0
11:23:04 ipsec,debug,packet 22f870a1 70aa5c99 88cdfd82 da550ade c3179450 252e01db 3486993c
11:23:04 ipsec,debug,packet receive Information.
11:23:04 ipsec,debug,packet compute IV for phase2
11:23:04 ipsec,debug,packet phase1 last IV:
11:23:04 ipsec,debug,packet e5446c37 36c39671 39d0ff76 b660bb7c 8962acc8
11:23:04 ipsec,debug,packet hash(sha1)
11:23:04 ipsec,debug,packet encryption(aes)
11:23:04 ipsec,debug,packet phase2 IV computed:
11:23:04 ipsec,debug,packet 5acf7de8 4013e923 59be8678 cc80e3ef
11:23:04 ipsec,debug,packet encryption(aes)
11:23:04 ipsec,debug,packet IV was saved for next processing:
11:23:04 ipsec,debug,packet da550ade c3179450 252e01db 3486993c
11:23:04 ipsec,debug,packet encryption(aes)
11:23:04 ipsec,debug,packet with key:
11:23:04 ipsec,debug,packet 61892ad1 3a9ce904 4c7b64f8 c566b22d 11ac3ce0 319d6e9d d6c7196b dcc06803
11:23:04 ipsec,debug,packet decrypted payload by IV:
11:23:04 ipsec,debug,packet 5acf7de8 4013e923 59be8678 cc80e3ef
11:23:04 ipsec,debug,packet decrypted payload, but not trimed.
11:23:04 ipsec,debug,packet 0b000018 6f7c36bc 1235bc31 b18fc129 bce0d1ba 798226d3 00000020 00000001
11:23:04 ipsec,debug,packet 01108d29 a6a6589a e720a7b4 d71c856e 87abbe95 00000273 00000000 00000000
11:23:04 ipsec,debug,packet padding len=1
11:23:04 ipsec,debug,packet skip to trim padding.
11:23:04 ipsec,debug,packet decrypted.
11:23:04 ipsec,debug,packet a6a6589a e720a7b4 d71c856e 87abbe95 08100501 8962acc8 0000005c 0b000018
11:23:04 ipsec,debug,packet 6f7c36bc 1235bc31 b18fc129 bce0d1ba 798226d3 00000020 00000001 01108d29
11:23:04 ipsec,debug,packet a6a6589a e720a7b4 d71c856e 87abbe95 00000273 00000000 00000000
11:23:04 ipsec,debug,packet HASH with:
11:23:04 ipsec,debug,packet 8962acc8 00000020 00000001 01108d29 a6a6589a e720a7b4 d71c856e 87abbe95
11:23:04 ipsec,debug,packet 00000273
11:23:04 ipsec,debug,packet hmac(hmac_sha1)
11:23:04 ipsec,debug,packet HASH computed:
11:23:04 ipsec,debug,packet 6f7c36bc 1235bc31 b18fc129 bce0d1ba 798226d3
11:23:04 ipsec,debug,packet hash validated.
11:23:04 ipsec,debug,packet begin.
11:23:04 ipsec,debug,packet seen nptype=8(hash)
11:23:04 ipsec,debug,packet seen nptype=11(notify)
11:23:04 ipsec,debug,packet succeed.
11:23:04 ipsec,debug,packet DPD R-U-There-Ack received
11:23:04 ipsec,debug,packet received an R-U-THERE-ACK
11:23:05 firewall,info input: in:ether5 out:(none), src-mac 00:1c:2e:9c:5a:c0, proto UDP, 2.2.2.2:4500->1.1.1.1:4500, len 124
11:23:07 ipsec,debug,packet KA: 1.1.1.1[4500]->2.2.2.2[4500]
11:23:07 ipsec,debug,packet sockname 1.1.1.1[4500]
11:23:07 ipsec,debug,packet send packet from 1.1.1.1[4500]
11:23:07 ipsec,debug,packet send packet to 2.2.2.2[4500]
11:23:07 ipsec,debug,packet src4 1.1.1.1[4500]
11:23:07 ipsec,debug,packet dst4 2.2.2.2[4500]
11:23:07 ipsec,debug,packet 1 times of 1 bytes message will be sent to 2.2.2.2[4500]
11:23:07 ipsec,debug,packet ff