*Mar 7 18:45:59.675: ISAKMP (0:0): received packet from 192.168.1.203 dport 500 sport 54935 Global (N) NEW SA *Mar 7 18:45:59.675: ISAKMP: Created a peer struct for 192.168.1.203, peer port 54935 *Mar 7 18:45:59.675: ISAKMP: New peer created peer = 0x64E349C0 peer_handle = 0x80000004 *Mar 7 18:45:59.675: ISAKMP: Locking peer struct 0x64E349C0, IKE refcount 1 for crypto_isakmp_process_block *Mar 7 18:45:59.679: ISAKMP:(0:0:N/A:0):Setting client config settings 653B9D7C *Mar 7 18:45:59.679: ISAKMP:(0:0:N/A:0):(Re)Setting client xauth list and state *Mar 7 18:45:59.679: ISAKMP/xauth: initializing AAA request *Mar 7 18:45:59.679: ISAKMP: local port 500, remote port 54935 *Mar 7 18:45:59.679: insert sa successfully sa = 659AFF28 *Mar 7 18:45:59.679: ISAKMP:(0:0:N/A:0): processing SA payload. message ID = 0 *Mar 7 18:45:59.679: ISAKMP:(0:0:N/A:0): processing ID payload. message ID = 0 *Mar 7 18:45:59.679: ISAKMP (0:0): ID payload next-payload : 13 type : 11 group id : vpn-access protocol : 17 port : 500 length : 18 *Mar 7 18:45:59.679: ISAKMP:(0:0:N/A:0):: peer matches *none* of the profiles *Mar 7 18:45:59.679: ISAKMP:(0:0:N/A:0): processing vendor id payload *Mar 7 18:45:59.679: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 215 mismatch *Mar 7 18:45:59.679: ISAKMP:(0:0:N/A:0): vendor ID is XAUTH *Mar 7 18:45:59.679: ISAKMP:(0:0:N/A:0): processing vendor id payload *Mar 7 18:45:59.679: ISAKMP:(0:0:N/A:0): vendor ID is DPD *Mar 7 18:45:59.679: ISAKMP:(0:0:N/A:0): processing vendor id payload *Mar 7 18:45:59.679: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 194 mismatch *Mar 7 18:45:59.679: ISAKMP:(0:0:N/A:0): processing vendor id payload *Mar 7 18:45:59.679: ISAKMP:(0:0:N/A:0): vendor ID seems Unity/DPD but major 123 mismatch *Mar 7 18:45:59.679: ISAKMP:(0:0:N/A:0): vendor ID is NAT-T v2 *Mar 7 18:45:59.679: ISAKMP:(0:0:N/A:0): processing vendor id payload *Mar 7 18:45:59.679: ISAKMP:(0:0:N/A:0): vendor ID is Unity *Mar 7 18:45:59.683: ISAKMP:(0:0:N/A:0): Authentication by xauth preshared *Mar 7 18:45:59.683: ISAKMP:(0:0:N/A:0):Checking ISAKMP transform 1 against priority 10 policy *Mar 7 18:45:59.683: ISAKMP: encryption AES-CBC *Mar 7 18:45:59.683: ISAKMP: hash SHA *Mar 7 18:45:59.683: ISAKMP: default group 2 *Mar 7 18:45:59.683: ISAKMP: auth XAUTHInitPreShared *Mar 7 18:45:59.683: ISAKMP: life type in seconds *Mar 7 18:45:59.683: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B *Mar 7 18:45:59.683: ISAKMP: keylength of 256 *Mar 7 18:45:59.683: ISAKMP:(0:0:N/A:0):atts are acceptable. Next payload is 3 *Mar 7 18:45:59.691: ISAKMP:(0:3:HW:2): processing KE payload. message ID = 0 *Mar 7 18:45:59.699: ISAKMP:(0:3:HW:2): processing NONCE payload. message ID = 0 *Mar 7 18:45:59.699: ISAKMP:(0:3:HW:2): vendor ID is NAT-T v2 *Mar 7 18:45:59.699: ISAKMP:(0:3:HW:2):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH *Mar 7 18:45:59.699: ISAKMP:(0:3:HW:2):Old State = IKE_READY New State = IKE_R_AM_AAA_AWAIT *Mar 7 18:45:59.707: ISAKMP:(0:3:HW:2):SKEYID state generated *Mar 7 18:45:59.707: ISAKMP:(0:3:HW:2): constructed NAT-T vendor-02 ID *Mar 7 18:45:59.707: ISAKMP:(0:3:HW:2):SA is doing pre-shared key authentication plus XAUTH using id type ID_IPV4_ADDR *Mar 7 18:45:59.707: ISAKMP (0:268435459): ID payload next-payload : 10 type : 1 address : 192.168.1.10 protocol : 17 port : 0 length : 12 *Mar 7 18:45:59.707: ISAKMP:(0:3:HW:2):Total payload length: 12 *Mar 7 18:45:59.707: ISAKMP:(0:3:HW:2): sending packet to 192.168.1.203 my_port 500 peer_port 54935 (R) AG_INIT_EXCH *Mar 7 18:45:59.707: ISAKMP:(0:3:HW:2):Input = IKE_MESG_FROM_AAA, PRESHARED_KEY_REPLY *Mar 7 18:45:59.711: ISAKMP:(0:3:HW:2):Old State = IKE_R_AM_AAA_AWAIT New State = IKE_R_AM2 *Mar 7 18:45:59.719: ISAKMP (0:268435459): received packet from 192.168.1.203 dport 500 sport 54935 Global (R) AG_INIT_EXCH *Mar 7 18:45:59.719: ISAKMP:(0:3:HW:2): processing HASH payload. message ID = 0 *Mar 7 18:45:59.723: ISAKMP:(0:3:HW:2): processing NOTIFY INITIAL_CONTACT protocol 1 spi 0, message ID = 0, sa = 659AFF28 *Mar 7 18:45:59.723: ISAKMP:(0:3:HW:2):SA authentication status: authenticated *Mar 7 18:45:59.723: ISAKMP:(0:3:HW:2): Process initial contact, bring down existing phase 1 and 2 SA's with local 192.168.1.10 remote 192.168.1.203 remote port 54935 *Mar 7 18:45:59.723: ISAKMP:(0:3:HW:2):returning IP addr to the address pool *Mar 7 18:45:59.723: ISAKMP:received payload type 20 *Mar 7 18:45:59.723: ISAKMP:received payload type 20 *Mar 7 18:45:59.723: ISAKMP:(0:3:HW:2):SA authentication status: authenticated *Mar 7 18:45:59.723: ISAKMP:(0:3:HW:2):SA has been authenticated with 192.168.1.203 *Mar 7 18:45:59.723: ISAKMP: Trying to insert a peer 192.168.1.10/192.168.1.203/54935/, and inserted successfully 64E349C0. *Mar 7 18:45:59.723: ISAKMP:(0:3:HW:2):IKE_DPD is enabled, initializing timers *Mar 7 18:45:59.723: ISAKMP: set new node -873195901 to CONF_XAUTH *Mar 7 18:45:59.727: ISAKMP:(0:3:HW:2):Sending NOTIFY RESPONDER_LIFETIME protocol 1 spi 1701928872, message ID = -873195901 *Mar 7 18:45:59.727: ISAKMP:(0:3:HW:2): sending packet to 192.168.1.203 my_port 500 peer_port 54935 (R) QM_IDLE *Mar 7 18:45:59.727: ISAKMP:(0:3:HW:2):purging node -873195901 *Mar 7 18:45:59.727: ISAKMP: Sending phase 1 responder lifetime 86400 *Mar 7 18:45:59.727: ISAKMP:(0:3:HW:2):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH *Mar 7 18:45:59.727: ISAKMP:(0:3:HW:2):Old State = IKE_R_AM2 New State = IKE_P1_COMPLETE *Mar 7 18:45:59.731: ISAKMP:(0:3:HW:2):Need XAUTH *Mar 7 18:45:59.731: ISAKMP: set new node 315992159 to CONF_XAUTH *Mar 7 18:45:59.731: ISAKMP/xauth: request attribute XAUTH_USER_NAME_V2 *Mar 7 18:45:59.731: ISAKMP/xauth: request attribute XAUTH_USER_PASSWORD_V2 *Mar 7 18:45:59.731: ISAKMP:(0:3:HW:2): initiating peer config to 192.168.1.203. ID = 315992159 *Mar 7 18:45:59.731: ISAKMP:(0:3:HW:2): sending packet to 192.168.1.203 my_port 500 peer_port 54935 (R) CONF_XAUTH *Mar 7 18:45:59.731: ISAKMP:(0:3:HW:2):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE *Mar 7 18:45:59.735: ISAKMP:(0:3:HW:2):Old State = IKE_P1_COMPLETE New State = IKE_XAUTH_REQ_SENT *Mar 7 18:46:03.863: ISAKMP (0:268435459): received packet from 192.168.1.203 dport 500 sport 54935 Global (R) CONF_XAUTH *Mar 7 18:46:03.863: ISAKMP:(0:3:HW:2):processing transaction payload from 192.168.1.203. message ID = 315992159 *Mar 7 18:46:03.863: ISAKMP: Config payload REPLY *Mar 7 18:46:03.863: ISAKMP/xauth: reply attribute XAUTH_USER_NAME_V2 *Mar 7 18:46:03.863: ISAKMP/xauth: reply attribute XAUTH_USER_PASSWORD_V2 *Mar 7 18:46:03.867: ISAKMP:(0:3:HW:2):deleting node 315992159 error FALSE reason "Done with xauth request/reply exchange" *Mar 7 18:46:03.867: ISAKMP:(0:3:HW:2):Input = IKE_MESG_FROM_PEER, IKE_CFG_REPLY *Mar 7 18:46:03.867: ISAKMP:(0:3:HW:2):Old State = IKE_XAUTH_REQ_SENT New State = IKE_XAUTH_AAA_CONT_LOGIN_AWAIT *Mar 7 18:46:03.879: ISAKMP: set new node -698460873 to CONF_XAUTH *Mar 7 18:46:03.903: ISAKMP:(0:3:HW:2): initiating peer config to 192.168.1.203. ID = -698460873 *Mar 7 18:46:03.903: ISAKMP:(0:3:HW:2): sending packet to 192.168.1.203 my_port 500 peer_port 54935 (R) CONF_XAUTH *Mar 7 18:46:03.903: ISAKMP:(0:3:HW:2):Input = IKE_MESG_FROM_AAA, IKE_AAA_CONT_LOGIN *Mar 7 18:46:03.903: ISAKMP:(0:3:HW:2):Old State = IKE_XAUTH_AAA_CONT_LOGIN_AWAIT New State = IKE_XAUTH_SET_SENT *Mar 7 18:46:03.907: ISAKMP (0:268435459): received packet from 192.168.1.203 dport 500 sport 54935 Global (R) CONF_XAUTH *Mar 7 18:46:03.907: ISAKMP:(0:3:HW:2):processing transaction payload from 192.168.1.203. message ID = -698460873 *Mar 7 18:46:03.911: ISAKMP: Config payload ACK *Mar 7 18:46:03.911: ISAKMP:(0:3:HW:2): (blank) XAUTH ACK Processed *Mar 7 18:46:03.911: ISAKMP:(0:3:HW:2):deleting node -698460873 error FALSE reason "Transaction mode done" *Mar 7 18:46:03.911: ISAKMP:(0:3:HW:2):Input = IKE_MESG_FROM_PEER, IKE_CFG_ACK *Mar 7 18:46:03.911: ISAKMP:(0:3:HW:2):Old State = IKE_XAUTH_SET_SENT New State = IKE_P1_COMPLETE *Mar 7 18:46:03.911: ISAKMP:(0:3:HW:2):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE *Mar 7 18:46:03.911: ISAKMP:(0:3:HW:2):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Mar 7 18:46:03.915: ISAKMP (0:268435459): received packet from 192.168.1.203 dport 500 sport 54935 Global (R) QM_IDLE *Mar 7 18:46:03.915: ISAKMP: set new node 942814580 to QM_IDLE *Mar 7 18:46:03.915: ISAKMP:(0:3:HW:2):processing transaction payload from 192.168.1.203. message ID = 942814580 *Mar 7 18:46:03.915: ISAKMP: Config payload REQUEST *Mar 7 18:46:03.915: ISAKMP:(0:3:HW:2):checking request: *Mar 7 18:46:03.915: ISAKMP: IP4_ADDRESS *Mar 7 18:46:03.915: ISAKMP: IP4_NETMASK *Mar 7 18:46:03.915: ISAKMP: IP4_DNS *Mar 7 18:46:03.915: ISAKMP: IP4_NBNS *Mar 7 18:46:03.919: ISAKMP: ADDRESS_EXPIRY *Mar 7 18:46:03.919: ISAKMP: UNKNOWN Unknown Attr: 0x7000 *Mar 7 18:46:03.919: ISAKMP: MODECFG_SAVEPWD *Mar 7 18:46:03.919: ISAKMP: DEFAULT_DOMAIN *Mar 7 18:46:03.919: ISAKMP: SPLIT_INCLUDE *Mar 7 18:46:03.919: ISAKMP: SPLIT_DNS *Mar 7 18:46:03.919: ISAKMP: PFS *Mar 7 18:46:03.919: ISAKMP: UNKNOWN Unknown Attr: 0x700B *Mar 7 18:46:03.919: ISAKMP: BACKUP_SERVER *Mar 7 18:46:03.919: ISAKMP: UNKNOWN Unknown Attr: 0x700C *Mar 7 18:46:03.919: ISAKMP: APPLICATION_VERSION *Mar 7 18:46:03.919: ISAKMP: FW_RECORD *Mar 7 18:46:03.919: ISAKMP: UNKNOWN Unknown Attr: 0x700A *Mar 7 18:46:03.919: ISAKMP: UNKNOWN Unknown Attr: 0x7005 *Mar 7 18:46:03.919: ISAKMP/author: Author request for group vpn-accesssuccessfully sent to AAA *Mar 7 18:46:03.919: ISAKMP:(0:3:HW:2):Input = IKE_MESG_FROM_PEER, IKE_CFG_REQUEST *Mar 7 18:46:03.919: ISAKMP:(0:3:HW:2):Old State = IKE_P1_COMPLETE New State = IKE_CONFIG_AUTHOR_AAA_AWAIT *Mar 7 18:46:03.919: ISAKMP:(0:3:HW:2):AAA returned a policy error. Sending empty reply. *Mar 7 18:46:03.919: ISAKMP:(0:3:HW:2):deleting node 942814580 error FALSE reason "No Error" *Mar 7 18:46:03.923: ISAKMP:(0:3:HW:2):peer does not do paranoid keepalives. *Mar 7 18:46:03.923: ISAKMP:(0:3:HW:2):deleting SA reason "IKMP_ERR_NO_RETRANS" state (R) CONF_ADDR (peer 192.168.1.203) *Mar 7 18:46:03.923: ISAKMP (0:268435459): FSM action returned error: 2 *Mar 7 18:46:03.923: ISAKMP:(0:3:HW:2):Input = IKE_MESG_FROM_AAA, IKE_AAA_GROUP_ATTR *Mar 7 18:46:03.923: ISAKMP:(0:3:HW:2):Old State = IKE_CONFIG_AUTHOR_AAA_AWAIT New State = IKE_P1_COMPLETE *Mar 7 18:46:03.923: ISAKMP: set new node 157867265 to QM_IDLE *Mar 7 18:46:03.923: ISAKMP:(0:3:HW:2): sending packet to 192.168.1.203 my_port 500 peer_port 54935 (R) CONF_ADDR *Mar 7 18:46:03.927: ISAKMP:(0:3:HW:2):purging node 157867265 *Mar 7 18:46:03.927: ISAKMP:(0:3:HW:2):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Mar 7 18:46:03.927: ISAKMP:(0:3:HW:2):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA *Mar 7 18:46:03.927: ISAKMP:(0:3:HW:2):deleting SA reason "No reason" state (R) CONF_ADDR (peer 192.168.1.203) *Mar 7 18:46:03.927: ISAKMP: Unlocking IKE struct 0x64E349C0 for isadb_mark_sa_deleted(), count 0 *Mar 7 18:46:03.927: ISAKMP: Deleting peer node by peer_reap for 192.168.1.203: 64E349C0 *Mar 7 18:46:03.927: ISAKMP:(0:3:HW:2):deleting node 315992159 error FALSE reason "IKE deleted" *Mar 7 18:46:03.927: ISAKMP:(0:3:HW:2):deleting node -698460873 error FALSE reason "IKE deleted" *Mar 7 18:46:03.927: ISAKMP:(0:3:HW:2):deleting node 942814580 error FALSE reason "IKE deleted" *Mar 7 18:46:03.927: ISAKMP:(0:3:HW:2):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH *Mar 7 18:46:03.927: ISAKMP:(0:3:HW:2):Old State = IKE_DEST_SA New State = IKE_DEST_SA