forum.opennet.ru

Составление сообщения

Исходное сообщение

"Проблема с IpSec тунелем"
Отправлено Fiser, 23-Авг-06 08:38

И вот еще че пишит
Aug 23 04:31:34.675: ISAKMP (0:0): received packet from 87.103.179.117 dport 500
sport 500 Global (N) NEW SA
Aug 23 04:31:34.675: ISAKMP: Created a peer struct for 87.103.179.117, peer port
500
Aug 23 04:31:34.675: ISAKMP: Locking peer struct 0x81DE746C, IKE refcount 1 for
crypto_isakmp_process_block
Aug 23 04:31:34.679: ISAKMP: local port 500, remote port 500
Aug 23 04:31:34.679: insert sa successfully sa = 81D9AAE0
Aug 23 04:31:34.679: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Aug 23 04:31:34.679: ISAKMP:(0:0:N/A:0):Old State = IKE_READY  New State = IKE_R
_MM1
Aug 23 04:31:34.679: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0
Aug 23 04:31:34.679: ISAKMP:(0:0:N/A:0): processing vendor id payload
Aug 23 04:31:34.679: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 245
mismatch
Aug 23 04:31:34.679: ISAKMP (0:0): vendor ID is NAT-T v7
Aug 23 04:31:34.679: ISAKMP:(0:0:N/A:0): processing vendor id payload
Aug 23 04:31:34.679: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 157
mismatch
Aug 23 04:31:34.679: ISAKMP:(0:0:N/A:0): vendor ID is NAT-T v3
Aug 23 04:31:34.679: ISAKMP:(0:0:N/A:0): processing vendor id payload
Aug 23 04:31:34.679: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 123
mismatch
Aug 23 04:31:34.679: ISAKMP:(0:0:N/A:0): vendor ID is NAT-T v2
Aug 23 04:31:34.679: ISAKMP: Looking for a matching key for 87.103.179.117 in de
fault : success
Aug 23 04:31:34.679: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 87.10
3.179.117
Aug 23 04:31:34.679: ISAKMP:(0:0:N/A:0): local preshared key found
Aug 23 04:31:34.683: ISAKMP : Scanning profiles for xauth ...
Aug 23 04:31:34.683: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against prio
rity 10 policy
Aug 23 04:31:34.683: ISAKMP:      encryption 3DES-CBC
Aug 23 04:31:34.683: ISAKMP:      hash SHA
Aug 23 04:31:34.683: ISAKMP:      default group 2
Aug 23 04:31:34.683: ISAKMP:      auth pre-share
Aug 23 04:31:34.683: ISAKMP:      life type in seconds
Aug 23 04:31:34.683: ISAKMP:      life duration (VPI) of  0x0 0x1 0x51 0x80
Aug 23 04:31:34.683: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 3
Aug 23 04:31:34.715: ISAKMP:(0:1:HW:2): processing vendor id payload
Aug 23 04:31:34.715: ISAKMP:(0:1:HW:2): vendor ID seems Unity/DPD but major 245
mismatch
Aug 23 04:31:34.715: ISAKMP (0:268435457): vendor ID is NAT-T v7
Aug 23 04:31:34.715: ISAKMP:(0:1:HW:2): processing vendor id payload
Aug 23 04:31:34.715: ISAKMP:(0:1:HW:2): vendor ID seems Unity/DPD but major 157
mismatch
Aug 23 04:31:34.715: ISAKMP:(0:1:HW:2): vendor ID is NAT-T v3
Aug 23 04:31:34.715: ISAKMP:(0:1:HW:2): processing vendor id payload
Aug 23 04:31:34.715: ISAKMP:(0:1:HW:2): vendor ID seems Unity/DPD but major 123
mismatch
Aug 23 04:31:34.715: ISAKMP:(0:1:HW:2): vendor ID is NAT-T v2
Aug 23 04:31:34.715: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MA
IN_MODE
Aug 23 04:31:34.715: ISAKMP:(0:1:HW:2):Old State = IKE_R_MM1  New State = IKE_R_
MM1
Aug 23 04:31:34.715: ISAKMP:(0:1:HW:2): constructed NAT-T vendor-07 ID
Aug 23 04:31:34.715: ISAKMP:(0:1:HW:2): sending packet to 87.103.179.117 my_port
500 peer_port 500 (R) MM_SA_SETUP
Aug 23 04:31:34.719: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PROCESS_CO
MPLETE
Aug 23 04:31:34.719: ISAKMP:(0:1:HW:2):Old State = IKE_R_MM1  New State = IKE_R_
MM2
Aug 23 04:31:34.839: ISAKMP (0:268435457): received packet from 87.103.179.117 d
port 500 sport 500 Global (R) MM_SA_SETUP
Aug 23 04:31:34.839: ISAKMP:(0:1:HW:2):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Aug 23 04:31:34.839: ISAKMP:(0:1:HW:2):Old State = IKE_R_MM2  New State = IKE_R_
MM3
Aug 23 04:31:34.839: ISAKMP:(0:1:HW:2): processing KE payload. message ID = 0
Aug 23 04:31:34.867: ISAKMP:(0:1:HW:2): processing NONCE payload. message ID = 0
Aug 23 04:31:34.871: ISAKMP: Looking for a matching key for 87.103.179.117 in de
fault : success
Aug 23 04:31:34.871: ISAKMP:(0:1:HW:2):found peer pre-shared key matching 87.103
.179.117
Aug 23 04:31:34.871: ISAKMP:(0:1:HW:2):SKEYID state generated
Aug 23 04:31:34.871: ISAKMP:(0:1:HW:2): processing vendor id payload
Aug 23 04:31:34.871: ISAKMP:(0:1:HW:2): vendor ID is Unity
Aug 23 04:31:34.871: ISAKMP:(0:1:HW:2): processing vendor id payload
Aug 23 04:31:34.871: ISAKMP:(0:1:HW:2): vendor ID is DPD
Aug 23 04:31:34.871: ISAKMP:(0:1:HW:2): processing vendor id payload
Aug 23 04:31:34.871: ISAKMP:(0:1:HW:2): speaking to another IOS box!
Aug 23 04:31:34.871: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MA
IN_MODE
Aug 23 04:31:34.871: ISAKMP:(0:1:HW:2):Old State = IKE_R_MM3  New State = IKE_R_
MM3
Aug 23 04:31:34.875: ISAKMP:(0:1:HW:2): sending packet to 87.103.179.117 my_port
500 peer_port 500 (R) MM_KEY_EXCH
Aug 23 04:31:34.875: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PROCESS_CO
MPLETE
Aug 23 04:31:34.875: ISAKMP:(0:1:HW:2):Old State = IKE_R_MM3  New State = IKE_R_
MM4
Aug 23 04:31:34.995: ISAKMP (0:268435457): received packet from 87.103.179.117 d
port 500 sport 500 Global (R) MM_KEY_EXCH
Aug 23 04:31:34.995: ISAKMP:(0:1:HW:2):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Aug 23 04:31:34.995: ISAKMP:(0:1:HW:2):Old State = IKE_R_MM4  New State = IKE_R_
MM5
Aug 23 04:31:34.995: ISAKMP:(0:1:HW:2): processing ID payload. message ID = 0
Aug 23 04:31:34.999: ISAKMP (0:268435457): ID payload
        next-payload : 8
        type         : 1
        address      : 87.103.179.117
        protocol     : 17
        port         : 500
        length       : 12
Aug 23 04:31:34.999: ISAKMP:(0:1:HW:2):: peer matches *none* of the profiles
Aug 23 04:31:34.999: ISAKMP:(0:1:HW:2): processing HASH payload. message ID = 0
Aug 23 04:31:34.999: ISAKMP:(0:1:HW:2): processing NOTIFY INITIAL_CONTACT protoc
ol 1
        spi 0, message ID = 0, sa = 81D9AAE0
Aug 23 04:31:34.999: ISAKMP:(0:1:HW:2):SA authentication status:
        authenticated
Aug 23 04:31:34.999: ISAKMP:(0:1:HW:2): Process initial contact,
bring down existing phase 1 and 2 SA's with local 87.103.179.178 remote 87.103.1
79.117 remote port 500
Aug 23 04:31:34.999: ISAKMP:(0:1:HW:2):SA authentication status:
        authenticated
Aug 23 04:31:34.999: ISAKMP:(0:1:HW:2):SA has been authenticated with 87.103.179
.117
Aug 23 04:31:34.999: ISAKMP: Trying to insert a peer 87.103.179.178/87.103.179.1
17/500/,  and inserted successfully 81DE746C.
Aug 23 04:31:34.999: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MA
IN_MODE
Aug 23 04:31:34.999: ISAKMP:(0:1:HW:2):Old State = IKE_R_MM5  New State = IKE_R_
MM5
Aug 23 04:31:34.999: IPSEC(key_engine): got a queue event with 1 kei messages
Aug 23 04:31:35.003: ISAKMP:(0:1:HW:2):SA is doing pre-shared key authentication
using id type ID_IPV4_ADDR
Aug 23 04:31:35.003: ISAKMP (0:268435457): ID payload
        next-payload : 8
        type         : 1
        address      : 87.103.179.178
        protocol     : 17
        port         : 500
        length       : 12
Aug 23 04:31:35.003: ISAKMP:(0:1:HW:2):Total payload length: 12
Aug 23 04:31:35.003: ISAKMP:(0:1:HW:2): sending packet to 87.103.179.117 my_port
500 peer_port 500 (R) MM_KEY_EXCH
Aug 23 04:31:35.003: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PROCESS_CO
MPLETE
Aug 23 04:31:35.007: ISAKMP:(0:1:HW:2):Old State = IKE_R_MM5  New State = IKE_P1
_COMPLETE
Aug 23 04:31:35.007: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COM
PLETE
Aug 23 04:31:35.007: ISAKMP:(0:1:HW:2):Old State = IKE_P1_COMPLETE  New State =
IKE_P1_COMPLETE
Aug 23 04:31:35.095: ISAKMP (0:268435457): received packet from 87.103.179.117 d
port 500 sport 500 Global (R) QM_IDLE
Aug 23 04:31:35.095: ISAKMP: set new node -825314852 to QM_IDLE
Aug 23 04:31:35.099: ISAKMP:(0:1:HW:2): processing HASH payload. message ID = -8
25314852
Aug 23 04:31:35.099: ISAKMP:(0:1:HW:2): processing SA payload. message ID = -825
314852
Aug 23 04:31:35.099: ISAKMP:(0:1:HW:2):Checking IPSec proposal 1
Aug 23 04:31:35.099: ISAKMP: transform 1, ESP_3DES
Aug 23 04:31:35.099: ISAKMP:   attributes in transform:
Aug 23 04:31:35.099: ISAKMP:      encaps is 1 (Tunnel)
Aug 23 04:31:35.099: ISAKMP:      SA life type in seconds
Aug 23 04:31:35.099: ISAKMP:      SA life duration (basic) of 3600
Aug 23 04:31:35.099: ISAKMP:      SA life type in kilobytes
Aug 23 04:31:35.099: ISAKMP:      SA life duration (VPI) of  0x0 0x46 0x50 0x0
Aug 23 04:31:35.099: ISAKMP:      authenticator is HMAC-SHA
Aug 23 04:31:35.099: ISAKMP:(0:1:HW:2):atts are acceptable.
Aug 23 04:31:35.099: IPSEC(validate_proposal_request): proposal part #1,
  (key eng. msg.) INBOUND local= 87.103.179.178, remote= 87.103.179.117,
    local_proxy= 172.16.19.0/255.255.255.0/0/0 (type=4),
    remote_proxy= 172.16.29.0/255.255.255.0/0/0 (type=4),
    protocol= ESP, transform= esp-3des esp-sha-hmac  (Tunnel),
    lifedur= 0s and 0kb,
    spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2
Aug 23 04:31:35.099: Crypto mapdb : proxy_match
        src addr     : 172.16.19.0
        dst addr     : 172.16.29.0
        protocol     : 0
        src port     : 0
        dst port     : 0
Aug 23 04:31:35.103: ISAKMP:(0:1:HW:2): processing NONCE payload. message ID = -
825314852
Aug 23 04:31:35.103: ISAKMP:(0:1:HW:2): processing ID payload. message ID = -825
314852
Aug 23 04:31:35.103: ISAKMP:(0:1:HW:2): processing ID payload. message ID = -825
314852
Aug 23 04:31:35.103: ISAKMP:(0:1:HW:2): asking for 1 spis from ipsec
Aug 23 04:31:35.103: ISAKMP:(0:1:HW:2):Node -825314852, Input = IKE_MESG_FROM_PE
ER, IKE_QM_EXCH
Aug 23 04:31:35.103: ISAKMP:(0:1:HW:2):Old State = IKE_QM_READY  New State = IKE
_QM_SPI_STARVE
Aug 23 04:31:35.103: IPSEC(key_engine): got a queue event with 1 kei messages
Aug 23 04:31:35.103: IPSEC(spi_response): getting spi 4141340935 for SA
        from 87.103.179.178 to 87.103.179.117 for prot 3
Aug 23 04:31:35.107: ISAKMP: received ke message (2/1)
Aug 23 04:31:35.107: ISAKMP: Locking peer struct 0x81DE746C, IPSEC refcount 1 fo
r for stuff_ke
Aug 23 04:31:35.107: ISAKMP:(0:1:HW:2): Creating IPSec SAs
Aug 23 04:31:35.107:         inbound SA from 87.103.179.117 to 87.103.179.178 (f
/i)  0/ 0
        (proxy 172.16.29.0 to 172.16.19.0)
Aug 23 04:31:35.107:         has spi 0xF6D7D907 and conn_id 0 and flags 2
Aug 23 04:31:35.107:         lifetime of 3600 seconds
Aug 23 04:31:35.107:         lifetime of 4608000 kilobytes
Aug 23 04:31:35.111:         has client flags 0x0
Aug 23 04:31:35.111:         outbound SA from 87.103.179.178 to 87.103.179.117 (
f/i) 0/0
        (proxy 172.16.19.0 to 172.16.29.0)
Aug 23 04:31:35.111:         has spi 61249941 and conn_id 0 and flags A
Aug 23 04:31:35.111:         lifetime of 3600 seconds
Aug 23 04:31:35.111:         lifetime of 4608000 kilobytes
Aug 23 04:31:35.111:         has client flags 0x0
Aug 23 04:31:35.111: IPSEC(key_engine): got a queue event with 2 kei messages
Aug 23 04:31:35.111: IPSEC(initialize_sas): ,
  (key eng. msg.) INBOUND local= 87.103.179.178, remote= 87.103.179.117,
    local_proxy= 172.16.19.0/255.255.255.0/0/0 (type=4),
    remote_proxy= 172.16.29.0/255.255.255.0/0/0 (type=4),
    protocol= ESP, transform= esp-3des esp-sha-hmac  (Tunnel),
    lifedur= 3600s and 4608000kb,
    spi= 0xF6D7D907(4141340935), conn_id= 0, keysize= 0, flags= 0x2
Aug 23 04:31:35.111: IPSEC(initialize_sas): ,
  (key eng. msg.) OUTBOUND local= 87.103.179.178, remote= 87.103.179.117,
    local_proxy= 172.16.19.0/255.255.255.0/0/0 (type=4),
    remote_proxy= 172.16.29.0/255.255.255.0/0/0 (type=4),
    protocol= ESP, transform= esp-3des esp-sha-hmac  (Tunnel),
    lifedur= 3600s and 4608000kb,
    spi= 0x3A69995(61249941), conn_id= 0, keysize= 0, flags= 0xA
Aug 23 04:31:35.111: Crypto mapdb : proxy_match
        src addr     : 172.16.19.0
        dst addr     : 172.16.29.0
        protocol     : 0
        src port     : 0
        dst port     : 0
Aug 23 04:31:35.111: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with t
he same proxies and 130.87.2.12
Aug 23 04:31:35.111: IPSec: Flow_switching Allocated flow for sibling 80000002
Aug 23 04:31:35.115: IPSEC(policy_db_add_ident): src 172.16.19.0, dest 172.16.29
.0, dest_port 0
Aug 23 04:31:35.115: IPSEC(create_sa): sa created,
  (sa) sa_dest= 87.103.179.178, sa_proto= 50,
    sa_spi= 0xF6D7D907(4141340935),
    sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 2001
Aug 23 04:31:35.115: IPSEC(create_sa): sa created,
  (sa) sa_dest= 87.103.179.117, sa_proto= 50,
    sa_spi= 0x3A69995(61249941),
    sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 2002
Aug 23 04:31:35.115: ISAKMP:(0:1:HW:2): sending packet to 87.103.179.117 my_port
500 peer_port 500 (R) QM_IDLE
Aug 23 04:31:35.115: ISAKMP:(0:1:HW:2):Node -825314852, Input = IKE_MESG_FROM_IP
SEC, IKE_SPI_REPLY
Aug 23 04:31:35.115: ISAKMP:(0:1:HW:2):Old State = IKE_QM_SPI_STARVE  New State
= IKE_QM_R_QM2
Aug 23 04:31:35.211: ISAKMP (0:268435457): received packet from 87.103.179.117 d
port 500 sport 500 Global (R) QM_IDLE
Aug 23 04:31:35.215: ISAKMP:(0:1:HW:2):deleting node -825314852 error FALSE reas
on "QM done (await)"
Aug 23 04:31:35.215: ISAKMP:(0:1:HW:2):Node -825314852, Input = IKE_MESG_FROM_PE
ER, IKE_QM_EXCH
Aug 23 04:31:35.215: ISAKMP:(0:1:HW:2):Old State = IKE_QM_R_QM2  New State = IKE
_QM_PHASE2_COMPLETE
Aug 23 04:31:35.215: IPSEC(key_engine): got a queue event with 1 kei messages
Aug 23 04:31:35.215: IPSEC(key_engine_enable_outbound): rec'd enable notify from
ISAKMP
Aug 23 04:31:35.215: IPSEC(key_engine_enable_outbound): enable SA with spi 61249
941/50
Aug 23 04:32:25.201: ISAKMP:(0:1:HW:2):purging node -825314852

Исходное сообщение
"Проблема с IpSec тунелем" Отправлено Fiser, 23-Авг-06 08:38
И вот еще че пишит Aug 23 04:31:34.675: ISAKMP (0:0): received packet from 87.103.179.117 dport 500 sport 500 Global (N) NEW SA Aug 23 04:31:34.675: ISAKMP: Created a peer struct for 87.103.179.117, peer port 500 Aug 23 04:31:34.675: ISAKMP: Locking peer struct 0x81DE746C, IKE refcount 1 for crypto_isakmp_process_block Aug 23 04:31:34.679: ISAKMP: local port 500, remote port 500 Aug 23 04:31:34.679: insert sa successfully sa = 81D9AAE0 Aug 23 04:31:34.679: ISAKMP:(0:0:N/A:0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH Aug 23 04:31:34.679: ISAKMP:(0:0:N/A:0):Old State = IKE_READY New State = IKE_R _MM1 Aug 23 04:31:34.679: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0 Aug 23 04:31:34.679: ISAKMP:(0:0:N/A:0): processing vendor id payload Aug 23 04:31:34.679: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 245 mismatch Aug 23 04:31:34.679: ISAKMP (0:0): vendor ID is NAT-T v7 Aug 23 04:31:34.679: ISAKMP:(0:0:N/A:0): processing vendor id payload Aug 23 04:31:34.679: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 157 mismatch Aug 23 04:31:34.679: ISAKMP:(0:0:N/A:0): vendor ID is NAT-T v3 Aug 23 04:31:34.679: ISAKMP:(0:0:N/A:0): processing vendor id payload Aug 23 04:31:34.679: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 123 mismatch Aug 23 04:31:34.679: ISAKMP:(0:0:N/A:0): vendor ID is NAT-T v2 Aug 23 04:31:34.679: ISAKMP: Looking for a matching key for 87.103.179.117 in de fault : success Aug 23 04:31:34.679: ISAKMP:(0:0:N/A:0):found peer pre-shared key matching 87.10 3.179.117 Aug 23 04:31:34.679: ISAKMP:(0:0:N/A:0): local preshared key found Aug 23 04:31:34.683: ISAKMP : Scanning profiles for xauth ... Aug 23 04:31:34.683: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against prio rity 10 policy Aug 23 04:31:34.683: ISAKMP: encryption 3DES-CBC Aug 23 04:31:34.683: ISAKMP: hash SHA Aug 23 04:31:34.683: ISAKMP: default group 2 Aug 23 04:31:34.683: ISAKMP: auth pre-share Aug 23 04:31:34.683: ISAKMP: life type in seconds Aug 23 04:31:34.683: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80 Aug 23 04:31:34.683: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 3 Aug 23 04:31:34.715: ISAKMP:(0:1:HW:2): processing vendor id payload Aug 23 04:31:34.715: ISAKMP:(0:1:HW:2): vendor ID seems Unity/DPD but major 245 mismatch Aug 23 04:31:34.715: ISAKMP (0:268435457): vendor ID is NAT-T v7 Aug 23 04:31:34.715: ISAKMP:(0:1:HW:2): processing vendor id payload Aug 23 04:31:34.715: ISAKMP:(0:1:HW:2): vendor ID seems Unity/DPD but major 157 mismatch Aug 23 04:31:34.715: ISAKMP:(0:1:HW:2): vendor ID is NAT-T v3 Aug 23 04:31:34.715: ISAKMP:(0:1:HW:2): processing vendor id payload Aug 23 04:31:34.715: ISAKMP:(0:1:HW:2): vendor ID seems Unity/DPD but major 123 mismatch Aug 23 04:31:34.715: ISAKMP:(0:1:HW:2): vendor ID is NAT-T v2 Aug 23 04:31:34.715: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MA IN_MODE Aug 23 04:31:34.715: ISAKMP:(0:1:HW:2):Old State = IKE_R_MM1 New State = IKE_R_ MM1 Aug 23 04:31:34.715: ISAKMP:(0:1:HW:2): constructed NAT-T vendor-07 ID Aug 23 04:31:34.715: ISAKMP:(0:1:HW:2): sending packet to 87.103.179.117 my_port 500 peer_port 500 (R) MM_SA_SETUP Aug 23 04:31:34.719: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PROCESS_CO MPLETE Aug 23 04:31:34.719: ISAKMP:(0:1:HW:2):Old State = IKE_R_MM1 New State = IKE_R_ MM2 Aug 23 04:31:34.839: ISAKMP (0:268435457): received packet from 87.103.179.117 d port 500 sport 500 Global (R) MM_SA_SETUP Aug 23 04:31:34.839: ISAKMP:(0:1:HW:2):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH Aug 23 04:31:34.839: ISAKMP:(0:1:HW:2):Old State = IKE_R_MM2 New State = IKE_R_ MM3 Aug 23 04:31:34.839: ISAKMP:(0:1:HW:2): processing KE payload. message ID = 0 Aug 23 04:31:34.867: ISAKMP:(0:1:HW:2): processing NONCE payload. message ID = 0 Aug 23 04:31:34.871: ISAKMP: Looking for a matching key for 87.103.179.117 in de fault : success Aug 23 04:31:34.871: ISAKMP:(0:1:HW:2):found peer pre-shared key matching 87.103 .179.117 Aug 23 04:31:34.871: ISAKMP:(0:1:HW:2):SKEYID state generated Aug 23 04:31:34.871: ISAKMP:(0:1:HW:2): processing vendor id payload Aug 23 04:31:34.871: ISAKMP:(0:1:HW:2): vendor ID is Unity Aug 23 04:31:34.871: ISAKMP:(0:1:HW:2): processing vendor id payload Aug 23 04:31:34.871: ISAKMP:(0:1:HW:2): vendor ID is DPD Aug 23 04:31:34.871: ISAKMP:(0:1:HW:2): processing vendor id payload Aug 23 04:31:34.871: ISAKMP:(0:1:HW:2): speaking to another IOS box! Aug 23 04:31:34.871: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MA IN_MODE Aug 23 04:31:34.871: ISAKMP:(0:1:HW:2):Old State = IKE_R_MM3 New State = IKE_R_ MM3 Aug 23 04:31:34.875: ISAKMP:(0:1:HW:2): sending packet to 87.103.179.117 my_port 500 peer_port 500 (R) MM_KEY_EXCH Aug 23 04:31:34.875: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PROCESS_CO MPLETE Aug 23 04:31:34.875: ISAKMP:(0:1:HW:2):Old State = IKE_R_MM3 New State = IKE_R_ MM4 Aug 23 04:31:34.995: ISAKMP (0:268435457): received packet from 87.103.179.117 d port 500 sport 500 Global (R) MM_KEY_EXCH Aug 23 04:31:34.995: ISAKMP:(0:1:HW:2):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH Aug 23 04:31:34.995: ISAKMP:(0:1:HW:2):Old State = IKE_R_MM4 New State = IKE_R_ MM5 Aug 23 04:31:34.995: ISAKMP:(0:1:HW:2): processing ID payload. message ID = 0 Aug 23 04:31:34.999: ISAKMP (0:268435457): ID payload next-payload : 8 type : 1 address : 87.103.179.117 protocol : 17 port : 500 length : 12 Aug 23 04:31:34.999: ISAKMP:(0:1:HW:2):: peer matches none of the profiles Aug 23 04:31:34.999: ISAKMP:(0:1:HW:2): processing HASH payload. message ID = 0 Aug 23 04:31:34.999: ISAKMP:(0:1:HW:2): processing NOTIFY INITIAL_CONTACT protoc ol 1 spi 0, message ID = 0, sa = 81D9AAE0 Aug 23 04:31:34.999: ISAKMP:(0:1:HW:2):SA authentication status: authenticated Aug 23 04:31:34.999: ISAKMP:(0:1:HW:2): Process initial contact, bring down existing phase 1 and 2 SA's with local 87.103.179.178 remote 87.103.1 79.117 remote port 500 Aug 23 04:31:34.999: ISAKMP:(0:1:HW:2):SA authentication status: authenticated Aug 23 04:31:34.999: ISAKMP:(0:1:HW:2):SA has been authenticated with 87.103.179 .117 Aug 23 04:31:34.999: ISAKMP: Trying to insert a peer 87.103.179.178/87.103.179.1 17/500/, and inserted successfully 81DE746C. Aug 23 04:31:34.999: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MA IN_MODE Aug 23 04:31:34.999: ISAKMP:(0:1:HW:2):Old State = IKE_R_MM5 New State = IKE_R_ MM5 Aug 23 04:31:34.999: IPSEC(key_engine): got a queue event with 1 kei messages Aug 23 04:31:35.003: ISAKMP:(0:1:HW:2):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR Aug 23 04:31:35.003: ISAKMP (0:268435457): ID payload next-payload : 8 type : 1 address : 87.103.179.178 protocol : 17 port : 500 length : 12 Aug 23 04:31:35.003: ISAKMP:(0:1:HW:2):Total payload length: 12 Aug 23 04:31:35.003: ISAKMP:(0:1:HW:2): sending packet to 87.103.179.117 my_port 500 peer_port 500 (R) MM_KEY_EXCH Aug 23 04:31:35.003: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PROCESS_CO MPLETE Aug 23 04:31:35.007: ISAKMP:(0:1:HW:2):Old State = IKE_R_MM5 New State = IKE_P1 _COMPLETE Aug 23 04:31:35.007: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COM PLETE Aug 23 04:31:35.007: ISAKMP:(0:1:HW:2):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE Aug 23 04:31:35.095: ISAKMP (0:268435457): received packet from 87.103.179.117 d port 500 sport 500 Global (R) QM_IDLE Aug 23 04:31:35.095: ISAKMP: set new node -825314852 to QM_IDLE Aug 23 04:31:35.099: ISAKMP:(0:1:HW:2): processing HASH payload. message ID = -8 25314852 Aug 23 04:31:35.099: ISAKMP:(0:1:HW:2): processing SA payload. message ID = -825 314852 Aug 23 04:31:35.099: ISAKMP:(0:1:HW:2):Checking IPSec proposal 1 Aug 23 04:31:35.099: ISAKMP: transform 1, ESP_3DES Aug 23 04:31:35.099: ISAKMP: attributes in transform: Aug 23 04:31:35.099: ISAKMP: encaps is 1 (Tunnel) Aug 23 04:31:35.099: ISAKMP: SA life type in seconds Aug 23 04:31:35.099: ISAKMP: SA life duration (basic) of 3600 Aug 23 04:31:35.099: ISAKMP: SA life type in kilobytes Aug 23 04:31:35.099: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 Aug 23 04:31:35.099: ISAKMP: authenticator is HMAC-SHA Aug 23 04:31:35.099: ISAKMP:(0:1:HW:2):atts are acceptable. Aug 23 04:31:35.099: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) INBOUND local= 87.103.179.178, remote= 87.103.179.117, local_proxy= 172.16.19.0/255.255.255.0/0/0 (type=4), remote_proxy= 172.16.29.0/255.255.255.0/0/0 (type=4), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2 Aug 23 04:31:35.099: Crypto mapdb : proxy_match src addr : 172.16.19.0 dst addr : 172.16.29.0 protocol : 0 src port : 0 dst port : 0 Aug 23 04:31:35.103: ISAKMP:(0:1:HW:2): processing NONCE payload. message ID = - 825314852 Aug 23 04:31:35.103: ISAKMP:(0:1:HW:2): processing ID payload. message ID = -825 314852 Aug 23 04:31:35.103: ISAKMP:(0:1:HW:2): processing ID payload. message ID = -825 314852 Aug 23 04:31:35.103: ISAKMP:(0:1:HW:2): asking for 1 spis from ipsec Aug 23 04:31:35.103: ISAKMP:(0:1:HW:2):Node -825314852, Input = IKE_MESG_FROM_PE ER, IKE_QM_EXCH Aug 23 04:31:35.103: ISAKMP:(0:1:HW:2):Old State = IKE_QM_READY New State = IKE _QM_SPI_STARVE Aug 23 04:31:35.103: IPSEC(key_engine): got a queue event with 1 kei messages Aug 23 04:31:35.103: IPSEC(spi_response): getting spi 4141340935 for SA from 87.103.179.178 to 87.103.179.117 for prot 3 Aug 23 04:31:35.107: ISAKMP: received ke message (2/1) Aug 23 04:31:35.107: ISAKMP: Locking peer struct 0x81DE746C, IPSEC refcount 1 fo r for stuff_ke Aug 23 04:31:35.107: ISAKMP:(0:1:HW:2): Creating IPSec SAs Aug 23 04:31:35.107: inbound SA from 87.103.179.117 to 87.103.179.178 (f /i) 0/ 0 (proxy 172.16.29.0 to 172.16.19.0) Aug 23 04:31:35.107: has spi 0xF6D7D907 and conn_id 0 and flags 2 Aug 23 04:31:35.107: lifetime of 3600 seconds Aug 23 04:31:35.107: lifetime of 4608000 kilobytes Aug 23 04:31:35.111: has client flags 0x0 Aug 23 04:31:35.111: outbound SA from 87.103.179.178 to 87.103.179.117 ( f/i) 0/0 (proxy 172.16.19.0 to 172.16.29.0) Aug 23 04:31:35.111: has spi 61249941 and conn_id 0 and flags A Aug 23 04:31:35.111: lifetime of 3600 seconds Aug 23 04:31:35.111: lifetime of 4608000 kilobytes Aug 23 04:31:35.111: has client flags 0x0 Aug 23 04:31:35.111: IPSEC(key_engine): got a queue event with 2 kei messages Aug 23 04:31:35.111: IPSEC(initialize_sas): , (key eng. msg.) INBOUND local= 87.103.179.178, remote= 87.103.179.117, local_proxy= 172.16.19.0/255.255.255.0/0/0 (type=4), remote_proxy= 172.16.29.0/255.255.255.0/0/0 (type=4), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0xF6D7D907(4141340935), conn_id= 0, keysize= 0, flags= 0x2 Aug 23 04:31:35.111: IPSEC(initialize_sas): , (key eng. msg.) OUTBOUND local= 87.103.179.178, remote= 87.103.179.117, local_proxy= 172.16.19.0/255.255.255.0/0/0 (type=4), remote_proxy= 172.16.29.0/255.255.255.0/0/0 (type=4), protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x3A69995(61249941), conn_id= 0, keysize= 0, flags= 0xA Aug 23 04:31:35.111: Crypto mapdb : proxy_match src addr : 172.16.19.0 dst addr : 172.16.29.0 protocol : 0 src port : 0 dst port : 0 Aug 23 04:31:35.111: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with t he same proxies and 130.87.2.12 Aug 23 04:31:35.111: IPSec: Flow_switching Allocated flow for sibling 80000002 Aug 23 04:31:35.115: IPSEC(policy_db_add_ident): src 172.16.19.0, dest 172.16.29 .0, dest_port 0 Aug 23 04:31:35.115: IPSEC(create_sa): sa created, (sa) sa_dest= 87.103.179.178, sa_proto= 50, sa_spi= 0xF6D7D907(4141340935), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 2001 Aug 23 04:31:35.115: IPSEC(create_sa): sa created, (sa) sa_dest= 87.103.179.117, sa_proto= 50, sa_spi= 0x3A69995(61249941), sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 2002 Aug 23 04:31:35.115: ISAKMP:(0:1:HW:2): sending packet to 87.103.179.117 my_port 500 peer_port 500 (R) QM_IDLE Aug 23 04:31:35.115: ISAKMP:(0:1:HW:2):Node -825314852, Input = IKE_MESG_FROM_IP SEC, IKE_SPI_REPLY Aug 23 04:31:35.115: ISAKMP:(0:1:HW:2):Old State = IKE_QM_SPI_STARVE New State = IKE_QM_R_QM2 Aug 23 04:31:35.211: ISAKMP (0:268435457): received packet from 87.103.179.117 d port 500 sport 500 Global (R) QM_IDLE Aug 23 04:31:35.215: ISAKMP:(0:1:HW:2):deleting node -825314852 error FALSE reas on "QM done (await)" Aug 23 04:31:35.215: ISAKMP:(0:1:HW:2):Node -825314852, Input = IKE_MESG_FROM_PE ER, IKE_QM_EXCH Aug 23 04:31:35.215: ISAKMP:(0:1:HW:2):Old State = IKE_QM_R_QM2 New State = IKE _QM_PHASE2_COMPLETE Aug 23 04:31:35.215: IPSEC(key_engine): got a queue event with 1 kei messages Aug 23 04:31:35.215: IPSEC(key_engine_enable_outbound): rec'd enable notify from ISAKMP Aug 23 04:31:35.215: IPSEC(key_engine_enable_outbound): enable SA with spi 61249 941/50 Aug 23 04:32:25.201: ISAKMP:(0:1:HW:2):purging node -825314852

Ваше сообщение

Имя*:

EMail:

Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, [email protected] (!! - не показывать email).
Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.

Заголовок*:

Сообщение*:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

На сайте действует частичное премодерирование - после публикации некоторые сообщения от анонимов могут автоматически скрываться ботом. После проверки модератором ошибочно скрытые сообщения раскрываются. Для ускорения раскрытия можно воспользоваться ссылкой "Сообщить модератору", указав в качестве причины обращения "скрыто по ошибке".

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру