[strongSwan] [Strongswan] AUTH Failed connecting Strongswan to Cisco ASA 55xx on PSK method

Fedor Martynov outbox at dzhoda.ru
Sat Feb 6 16:37:56 CET 2016


Hi!

I have repeatedly failed to connect to Cisco ASA with AUTH_FAILED error.
Password is one for both sides and was checked dozens of times.

version strongSwan 5.2.1
ipsec.conf:

conn intel
#        left=Y.Y.Y.Y
        left=192.168.1.238
#        leftsubnet=/
        leftfirewall=yes
#        leftauth=psk
        leftid=Y.Y.Y.Y
        right=X.X.X.X
#        rightauth=psk
#        rightsubnet=/
        rightid=X.X.X.X
        auto=start
        ike=3des-sha1-modp1024
        esp=3des-sha1
        keyexchange=ikev2
        dpdaction=restart
        dpddelay=30s
        forceencaps=yes
        type=tunnel
        authby=secret

ipsec.secrets:

Y.Y.Y.Y X.X.X.X : PSK "REMOVED_PASSWORD"
X.X.X.X : PSK "REMOVED_PASSWORD"
#X.X.X.X Y.Y.Y.Y : PSK "REMOVED_PASSWORD"


connection log:
Feb  6 19:10:15 vpnServer charon: 10[CFG] received stroke: initiate 'intel'
Feb  6 19:10:15 vpnServer charon: 06[IKE] queueing IKE_VENDOR task
Feb  6 19:10:15 vpnServer charon: 06[IKE] queueing IKE_INIT task
Feb  6 19:10:15 vpnServer charon: 06[IKE] queueing IKE_NATD task
Feb  6 19:10:15 vpnServer charon: 06[IKE] queueing IKE_CERT_PRE task
Feb  6 19:10:15 vpnServer charon: 06[IKE] queueing IKE_AUTH task
Feb  6 19:10:15 vpnServer charon: 06[IKE] queueing IKE_CERT_POST task
Feb  6 19:10:15 vpnServer charon: 06[IKE] queueing IKE_CONFIG task
Feb  6 19:10:15 vpnServer charon: 06[IKE] queueing IKE_AUTH_LIFETIME task
Feb  6 19:10:15 vpnServer charon: 06[IKE] queueing IKE_MOBIKE task
Feb  6 19:10:15 vpnServer charon: 06[IKE] queueing IKE_ME task
Feb  6 19:10:15 vpnServer charon: 06[IKE] queueing CHILD_CREATE task
Feb  6 19:10:15 vpnServer charon: 06[IKE] activating new tasks
Feb  6 19:10:15 vpnServer charon: 06[IKE]   activating IKE_VENDOR task
Feb  6 19:10:15 vpnServer charon: 06[IKE]   activating IKE_INIT task
Feb  6 19:10:15 vpnServer charon: 06[IKE]   activating IKE_NATD task
Feb  6 19:10:15 vpnServer charon: 06[IKE]   activating IKE_CERT_PRE task
Feb  6 19:10:15 vpnServer charon: 06[IKE]   activating IKE_ME task
Feb  6 19:10:15 vpnServer charon: 06[IKE]   activating IKE_AUTH task
Feb  6 19:10:15 vpnServer charon: 06[IKE]   activating IKE_CERT_POST task
Feb  6 19:10:15 vpnServer charon: 06[IKE]   activating IKE_CONFIG task
Feb  6 19:10:15 vpnServer charon: 06[IKE]   activating CHILD_CREATE task
Feb  6 19:10:15 vpnServer charon: 06[IKE]   activating IKE_AUTH_LIFETIME
task
Feb  6 19:10:15 vpnServer charon: 06[IKE]   activating IKE_MOBIKE task
Feb  6 19:10:15 vpnServer charon: 06[IKE] initiating IKE_SA intel[3] to
X.X.X.X (Cisco ASA)
Feb  6 19:10:15 vpnServer charon: 06[IKE] IKE_SA intel[3] state change:
CREATED => CONNECTING
Feb  6 19:10:15 vpnServer charon: 06[CFG] configured proposals:
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP,
IKE:AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP
Feb  6 19:10:15 vpnServer charon: 06[IKE] natd_chunk => 22 bytes @
0x7f798078fea0
Feb  6 19:10:15 vpnServer charon: 06[IKE]    0: F2 3D FA D1 01 64 1B 32 00
00 00 00 00 00 00 00  .=...d.2........
Feb  6 19:10:15 vpnServer charon: 06[IKE]   16: D5 4A C1 4C 01
F4                                .J.L..
Feb  6 19:10:15 vpnServer charon: 06[IKE] natd_hash => 20 bytes @
0x7f798078fec0
Feb  6 19:10:15 vpnServer charon: 06[IKE]    0: 3D 45 E5 8A 0E F1 0D F2 4E
EF 86 D8 E6 46 EE ED  =E......N....F..
Feb  6 19:10:15 vpnServer charon: 06[IKE]   16: 01 2B 17
0C                                      .+..
Feb  6 19:10:15 vpnServer charon: 06[ENC] generating IKE_SA_INIT request 0
[ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
Feb  6 19:10:15 vpnServer charon: 06[NET] sending packet: from
192.168.1.238[500] to X.X.X.X (Cisco ASA)[500] (936 bytes)
Feb  6 19:10:16 vpnServer charon: 02[NET] received packet: from X.X.X.X
(Cisco ASA)[500] to 192.168.1.238[500] (453 bytes)
Feb  6 19:10:16 vpnServer charon: 02[ENC] parsed IKE_SA_INIT response 0 [
SA KE No V V V N(NATD_S_IP) N(NATD_D_IP) V ]
Feb  6 19:10:16 vpnServer charon: 02[IKE] received Cisco Delete Reason
vendor ID
Feb  6 19:10:16 vpnServer charon: 02[IKE] received Cisco Copyright (c) 2009
vendor ID
Feb  6 19:10:16 vpnServer charon: 02[ENC] received unknown vendor ID:
43:49:53:43:4f:2d:47:52:45:2d:4d:4f:44:45:02
Feb  6 19:10:16 vpnServer charon: 02[IKE] received FRAGMENTATION vendor ID
Feb  6 19:10:16 vpnServer charon: 02[CFG] selecting proposal:
Feb  6 19:10:16 vpnServer charon: 02[CFG]   proposal matches
Feb  6 19:10:16 vpnServer charon: 02[CFG] received proposals:
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Feb  6 19:10:16 vpnServer charon: 02[CFG] configured proposals:
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP,
IKE:AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP
Feb  6 19:10:16 vpnServer charon: 02[CFG] selected proposal:
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Feb  6 19:10:16 vpnServer charon: 02[IKE] shared Diffie Hellman secret =>
128 bytes @ 0x7f7960003930
Feb  6 19:10:16 vpnServer charon: 02[IKE]    0: A1 80 8E FF 97 2B 44 1E 3E
F0 CA 25 8A D5 95 F8  .....+D.>..%....
Feb  6 19:10:16 vpnServer charon: 02[IKE]   16: 96 4F 15 9C 7F 26 33 3E 97
D7 5A 92 33 63 C5 5E  .O...&3>..Z.3c.^
Feb  6 19:10:16 vpnServer charon: 02[IKE]   32: 7F F9 6D 94 23 F4 D8 72 59
03 71 D1 85 BC D1 13  ..m.#..rY.q.....
Feb  6 19:10:16 vpnServer charon: 02[IKE]   48: 10 14 01 8B 18 C1 47 3F E5
7A 47 35 24 A1 E6 CE  ......G?.zG5$...
Feb  6 19:10:16 vpnServer charon: 02[IKE]   64: 1E 02 7A C4 03 80 00 74 3F
4D 0E EA C4 4C 03 C9  ..z....t?M...L..
Feb  6 19:10:16 vpnServer charon: 02[IKE]   80: A5 EB 78 52 E7 E3 6E 62 F2
83 12 AA 40 C8 98 49  ..xR..nb.... at ..I
Feb  6 19:10:16 vpnServer charon: 02[IKE]   96: 23 49 4E A0 0B D9 EA 44 B9
11 56 24 EE 59 A8 82  #IN....D..V$.Y..
Feb  6 19:10:16 vpnServer charon: 02[IKE]  112: 23 DA 36 A9 A5 DA 4D FC CE
49 5D F8 A0 13 AA 18  #.6...M..I].....
Feb  6 19:10:16 vpnServer charon: 02[IKE] SKEYSEED => 20 bytes @
0x7f7960003d80
Feb  6 19:10:16 vpnServer charon: 02[IKE]    0: 74 95 B4 D3 87 77 7C AD 5D
EF 45 07 9D 3E 61 C8  t....w|.].E..>a.
Feb  6 19:10:16 vpnServer charon: 02[IKE]   16: 91 F2 47
F9                                      ..G.
Feb  6 19:10:16 vpnServer charon: 02[IKE] Sk_d secret => 20 bytes @
0x7f7960003d80
Feb  6 19:10:16 vpnServer charon: 02[IKE]    0: 8B F0 47 46 90 A6 10 07 8D
9D 27 EC 18 E0 DF 22  ..GF......'...."
Feb  6 19:10:16 vpnServer charon: 02[IKE]   16: 11 AF F9
42                                      ...B
Feb  6 19:10:16 vpnServer charon: 02[IKE] Sk_ai secret => 20 bytes @
0x7f79600043b0
Feb  6 19:10:16 vpnServer charon: 02[IKE]    0: CD 29 BB 57 92 24 92 A2 EF
0E A3 75 E5 C5 BA FC  .).W.$.....u....
Feb  6 19:10:16 vpnServer charon: 02[IKE]   16: 58 26 0A
46                                      X&.F
Feb  6 19:10:16 vpnServer charon: 02[IKE] Sk_ar secret => 20 bytes @
0x7f79600043b0
Feb  6 19:10:16 vpnServer charon: 02[IKE]    0: 96 9E 3E F0 AA 90 F5 CD 1D
FA F0 51 DD D3 D7 EE  ..>........Q....
Feb  6 19:10:16 vpnServer charon: 02[IKE]   16: DF 8C 8E
05                                      ....
Feb  6 19:10:16 vpnServer charon: 02[IKE] Sk_ei secret => 24 bytes @
0x7f79600043b0
Feb  6 19:10:16 vpnServer charon: 02[IKE]    0: 2F 71 E5 5F E2 A8 8D 98 8D
B1 AD 85 56 1C 5C A3  /q._........V.\.
Feb  6 19:10:16 vpnServer charon: 02[IKE]   16: E9 E0 A9 D5 6D A5 94
FE                          ....m...
Feb  6 19:10:16 vpnServer charon: 02[IKE] Sk_er secret => 24 bytes @
0x7f79600043b0
Feb  6 19:10:16 vpnServer charon: 02[IKE]    0: EE 76 40 0F 48 DC 33 44 57
6C 21 54 23 E1 52 3C  .v at .H.3DWl!T#.R<
Feb  6 19:10:16 vpnServer charon: 02[IKE]   16: ED 91 F6 0A 53 01 99
9A                          ....S...
Feb  6 19:10:16 vpnServer charon: 02[IKE] Sk_pi secret => 20 bytes @
0x7f79600043b0
Feb  6 19:10:16 vpnServer charon: 02[IKE]    0: DD C8 D0 94 73 E0 9E A0 2F
49 D3 78 F3 F6 71 54  ....s.../I.x..qT
Feb  6 19:10:16 vpnServer charon: 02[IKE]   16: EC B9 29
9F                                      ..).
Feb  6 19:10:16 vpnServer charon: 02[IKE] Sk_pr secret => 20 bytes @
0x7f79600044a0
Feb  6 19:10:16 vpnServer charon: 02[IKE]    0: 3A 3B AC 82 F5 5B 86 4E D5
79 2C BB 3F 07 F6 29  :;...[.N.y,.?..)
Feb  6 19:10:16 vpnServer charon: 02[IKE]   16: 75 1B A6
0C                                      u...
Feb  6 19:10:16 vpnServer charon: 02[IKE] natd_chunk => 22 bytes @
0x7f7960003640
Feb  6 19:10:16 vpnServer charon: 02[IKE]    0: F2 3D FA D1 01 64 1B 32 6C
93 51 85 FF 5E CD 2B  .=...d.2l.Q..^.+
Feb  6 19:10:16 vpnServer charon: 02[IKE]   16: C0 A8 01 EE 01
F4                                ......
Feb  6 19:10:16 vpnServer charon: 02[IKE] natd_hash => 20 bytes @
0x7f7960003e20
Feb  6 19:10:16 vpnServer charon: 02[IKE]    0: DC 37 AA 5C 58 2A 8F D1 44
CA BF F9 ED 4B 74 98  .7.\X*..D....Kt.
Feb  6 19:10:16 vpnServer charon: 02[IKE]   16: 8B B2 98
D8                                      ....
Feb  6 19:10:16 vpnServer charon: 02[IKE] natd_chunk => 22 bytes @
0x7f7960003640
Feb  6 19:10:16 vpnServer charon: 02[IKE]    0: F2 3D FA D1 01 64 1B 32 6C
93 51 85 FF 5E CD 2B  .=...d.2l.Q..^.+
Feb  6 19:10:16 vpnServer charon: 02[IKE]   16: D5 4A C1 4C 01
F4                                .J.L..
Feb  6 19:10:16 vpnServer charon: 02[IKE] natd_hash => 20 bytes @
0x7f7960003900
Feb  6 19:10:16 vpnServer charon: 02[IKE]    0: 6D C9 D7 66 40 1B 4D 33 43
03 3E F4 51 AC A6 8E  m..f at .M3C.>.Q...
Feb  6 19:10:16 vpnServer charon: 02[IKE]   16: F4 53 C0
C9                                      .S..
Feb  6 19:10:16 vpnServer charon: 02[IKE] precalculated src_hash => 20
bytes @ 0x7f7960003900
Feb  6 19:10:16 vpnServer charon: 02[IKE]    0: 6D C9 D7 66 40 1B 4D 33 43
03 3E F4 51 AC A6 8E  m..f at .M3C.>.Q...
Feb  6 19:10:16 vpnServer charon: 02[IKE]   16: F4 53 C0
C9                                      .S..
Feb  6 19:10:16 vpnServer charon: 02[IKE] precalculated dst_hash => 20
bytes @ 0x7f7960003e20
Feb  6 19:10:16 vpnServer charon: 02[IKE]    0: DC 37 AA 5C 58 2A 8F D1 44
CA BF F9 ED 4B 74 98  .7.\X*..D....Kt.
Feb  6 19:10:16 vpnServer charon: 02[IKE]   16: 8B B2 98
D8                                      ....
Feb  6 19:10:16 vpnServer charon: 02[IKE] received src_hash => 20 bytes @
0x7f79600032d0
Feb  6 19:10:16 vpnServer charon: 02[IKE]    0: 6D C9 D7 66 40 1B 4D 33 43
03 3E F4 51 AC A6 8E  m..f at .M3C.>.Q...
Feb  6 19:10:16 vpnServer charon: 02[IKE]   16: F4 53 C0
C9                                      .S..
Feb  6 19:10:16 vpnServer charon: 02[IKE] received dst_hash => 20 bytes @
0x7f79600033f0
Feb  6 19:10:16 vpnServer charon: 02[IKE]    0: 5A 10 AA 18 1E 69 43 49 DC
ED 4F 97 91 92 EC D4  Z....iCI..O.....
Feb  6 19:10:16 vpnServer charon: 02[IKE]   16: B9 9D 48
BD                                      ..H.
Feb  6 19:10:16 vpnServer charon: 02[IKE] local host is behind NAT, sending
keep alives
Feb  6 19:10:16 vpnServer charon: 02[IKE] reinitiating already active tasks
Feb  6 19:10:16 vpnServer charon: 02[IKE]   IKE_CERT_PRE task
Feb  6 19:10:16 vpnServer charon: 02[IKE]   IKE_AUTH task
Feb  6 19:10:16 vpnServer charon: 02[IKE] authentication of 'Y.Y.Y.Y
(Strongswan)' (myself) with pre-shared key
Feb  6 19:10:16 vpnServer charon: 02[IKE] IDx' => 8 bytes @ 0x7f7979616a70
Feb  6 19:10:16 vpnServer charon: 02[IKE]    0: 01 00 00 00 5D B8 E7
72                          ....]..r
Feb  6 19:10:16 vpnServer charon: 02[IKE] SK_p => 20 bytes @ 0x7f79600043b0
Feb  6 19:10:16 vpnServer charon: 02[IKE]    0: DD C8 D0 94 73 E0 9E A0 2F
49 D3 78 F3 F6 71 54  ....s.../I.x..qT
Feb  6 19:10:16 vpnServer charon: 02[IKE]   16: EC B9 29
9F                                      ..).
Feb  6 19:10:16 vpnServer charon: 02[IKE] octets = message + nonce +
prf(Sk_px, IDx') => 1020 bytes @ 0x7f7960005420
Feb  6 19:10:16 vpnServer charon: 02[IKE]    0: F2 3D FA D1 01 64 1B 32 00
00 00 00 00 00 00 00  .=...d.2........
Feb  6 19:10:16 vpnServer charon: 02[IKE]   16: 21 20 22 08 00 00 00 00 00
00 03 A8 22 00 02 A8  ! "........."...
Feb  6 19:10:16 vpnServer charon: 02[IKE]   32: 02 00 00 28 01 01 00 04 03
00 00 08 01 00 00 03  ...(............
Feb  6 19:10:16 vpnServer charon: 02[IKE]   48: 03 00 00 08 03 00 00 02 03
00 00 08 02 00 00 02  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]   64: 00 00 00 08 04 00 00 02 02
00 01 48 02 01 00 25  ...........H...%
Feb  6 19:10:16 vpnServer charon: 02[IKE]   80: 03 00 00 0C 01 00 00 0C 80
0E 00 80 03 00 00 0C  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]   96: 01 00 00 0C 80 0E 00 C0 03
00 00 0C 01 00 00 0C  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  112: 80 0E 01 00 03 00 00 08 01
00 00 03 03 00 00 0C  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  128: 01 00 00 17 80 0E 00 80 03
00 00 0C 01 00 00 17  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  144: 80 0E 00 C0 03 00 00 0C 01
00 00 17 80 0E 01 00  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  160: 03 00 00 08 03 00 00 01 03
00 00 08 03 00 00 02  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  176: 03 00 00 08 03 00 00 0C 03
00 00 08 03 00 00 0D  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  192: 03 00 00 08 03 00 00 0E 03
00 00 08 03 00 00 05  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  208: 03 00 00 08 02 00 00 01 03
00 00 08 02 00 00 02  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  224: 03 00 00 08 02 00 00 05 03
00 00 08 02 00 00 06  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  240: 03 00 00 08 02 00 00 07 03
00 00 08 02 00 00 04  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  256: 03 00 00 08 04 00 00 0E 03
00 00 08 04 00 00 17  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  272: 03 00 00 08 04 00 00 18 03
00 00 08 04 00 00 05  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  288: 03 00 00 08 04 00 00 0F 03
00 00 08 04 00 00 10  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  304: 03 00 00 08 04 00 00 12 03
00 00 08 04 00 00 02  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  320: 03 00 00 08 04 00 00 16 03
00 00 08 04 00 00 13  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  336: 03 00 00 08 04 00 00 14 03
00 00 08 04 00 00 15  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  352: 03 00 00 08 04 00 00 1A 03
00 00 08 04 00 00 19  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  368: 03 00 00 08 04 00 00 1B 03
00 00 08 04 00 00 1C  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  384: 03 00 00 08 04 00 00 1D 00
00 00 08 04 00 00 1E  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  400: 00 00 01 34 03 01 00 21 03
00 00 0C 01 00 00 12  ...4...!........
Feb  6 19:10:16 vpnServer charon: 02[IKE]  416: 80 0E 00 80 03 00 00 0C 01
00 00 12 80 0E 00 C0  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  432: 03 00 00 0C 01 00 00 12 80
0E 01 00 03 00 00 0C  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  448: 01 00 00 13 80 0E 00 80 03
00 00 0C 01 00 00 13  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  464: 80 0E 00 C0 03 00 00 0C 01
00 00 13 80 0E 01 00  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  480: 03 00 00 0C 01 00 00 14 80
0E 00 80 03 00 00 0C  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  496: 01 00 00 14 80 0E 00 C0 03
00 00 0C 01 00 00 14  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  512: 80 0E 01 00 03 00 00 08 02
00 00 01 03 00 00 08  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  528: 02 00 00 02 03 00 00 08 02
00 00 05 03 00 00 08  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  544: 02 00 00 06 03 00 00 08 02
00 00 07 03 00 00 08  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  560: 02 00 00 04 03 00 00 08 04
00 00 0E 03 00 00 08  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  576: 04 00 00 17 03 00 00 08 04
00 00 18 03 00 00 08  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  592: 04 00 00 05 03 00 00 08 04
00 00 0F 03 00 00 08  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  608: 04 00 00 10 03 00 00 08 04
00 00 12 03 00 00 08  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  624: 04 00 00 02 03 00 00 08 04
00 00 16 03 00 00 08  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  640: 04 00 00 13 03 00 00 08 04
00 00 14 03 00 00 08  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  656: 04 00 00 15 03 00 00 08 04
00 00 1A 03 00 00 08  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  672: 04 00 00 19 03 00 00 08 04
00 00 1B 03 00 00 08  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  688: 04 00 00 1C 03 00 00 08 04
00 00 1D 00 00 00 08  ................
Feb  6 19:10:16 vpnServer charon: 02[IKE]  704: 04 00 00 1E 28 00 00 88 00
02 00 00 ED 20 05 F3  ....(........ ..
Feb  6 19:10:16 vpnServer charon: 02[IKE]  720: 76 97 8F CE E0 9D B2 F0 38
15 2B F3 EB 20 60 87  v.......8.+.. `.
Feb  6 19:10:16 vpnServer charon: 02[IKE]  736: 02 6E 2A 05 55 99 7B D9 53
E9 5C 21 91 E0 4F 0D  .n*.U.{.S.\!..O.
Feb  6 19:10:16 vpnServer charon: 02[IKE]  752: 7F 96 13 5E 85 AD A9 CA 9D
8D A0 75 E3 43 10 5A  ...^.......u.C.Z
Feb  6 19:10:16 vpnServer charon: 02[IKE]  768: AE AF C1 CF 37 65 C5 90 33
3C F4 C7 F3 31 81 87  ....7e..3<...1..
Feb  6 19:10:16 vpnServer charon: 02[IKE]  784: D5 50 7D 7D DD 78 FA 2C 5A
E2 45 E3 55 5C 54 55  .P}}.x.,Z.E.U\TU
Feb  6 19:10:16 vpnServer charon: 02[IKE]  800: 0B 91 60 42 9F D7 C4 9A DA
FA 63 92 4E 63 7A 10  ..`B......c.Ncz.
Feb  6 19:10:16 vpnServer charon: 02[IKE]  816: DE 28 68 BC 01 48 0E 57 C2
B1 C2 76 91 16 4F 8B  .(h..H.W...v..O.
Feb  6 19:10:16 vpnServer charon: 02[IKE]  832: EE 2F 96 0D 1F 62 B3 84 E8
91 DE 18 29 00 00 24  ./...b......)..$
Feb  6 19:10:16 vpnServer charon: 02[IKE]  848: 79 DB D8 D0 7E 2F AA 90 90
B7 A8 54 31 7D 0B 30  y...~/.....T1}.0
Feb  6 19:10:16 vpnServer charon: 02[IKE]  864: A0 C3 73 2C CD 65 8C E5 48
83 EA B6 A2 70 98 68  ..s,.e..H....p.h
Feb  6 19:10:16 vpnServer charon: 02[IKE]  880: 29 00 00 1C 00 00 40 04 C8
0C 9E A3 17 FD 21 42  )..... at .......!B
Feb  6 19:10:16 vpnServer charon: 02[IKE]  896: A7 7C DE A0 50 9F BD 32 CC
56 8C 7C 00 00 00 1C  .|..P..2.V.|....
Feb  6 19:10:16 vpnServer charon: 02[IKE]  912: 00 00 40 05 3D 45 E5 8A 0E
F1 0D F2 4E EF 86 D8  .. at .=E......N...
Feb  6 19:10:16 vpnServer charon: 02[IKE]  928: E6 46 EE ED 01 2B 17 0C 8A
CA 01 25 85 59 AA FA  .F...+.....%.Y..
Feb  6 19:10:16 vpnServer charon: 02[IKE]  944: ED B6 31 14 3E A2 56 68 CC
6A 69 59 C8 02 80 3A  ..1.>.Vh.jiY...:
Feb  6 19:10:16 vpnServer charon: 02[IKE]  960: A7 D1 4A 04 08 AB 01 79 DD
D4 4F F0 39 51 FD 3B  ..J....y..O.9Q.;
Feb  6 19:10:16 vpnServer charon: 02[IKE]  976: EA 95 21 EC E4 B2 87 36 11
A6 47 98 00 A6 99 33  ..!....6..G....3
Feb  6 19:10:16 vpnServer charon: 02[IKE]  992: 9F 29 93 B9 82 73 77 BF 4D
C0 72 B9 1C 36 4B BD  .)...sw.M.r..6K.
Feb  6 19:10:16 vpnServer charon: 02[IKE] 1008: 42 E2 A1 A3 E0 EE AF A4 89
2D 38 E4              B........-8.
Feb  6 19:10:16 vpnServer charon: 02[IKE] secret => 10 bytes @
0x7f7986089770
Feb  6 19:10:16 vpnServer charon: 02[IKE]    0: 34 6D 38 4C 4B 52 46 32 31
55                    REMOVED_PASSWORD
Feb  6 19:10:16 vpnServer charon: 02[IKE] prf(secret, keypad) => 20 bytes @
0x7f79600045f0
Feb  6 19:10:16 vpnServer charon: 02[IKE]    0: B8 F6 A4 52 DF BC B7 0D A8
08 F7 DE C6 02 75 60  ...R..........u`
Feb  6 19:10:16 vpnServer charon: 02[IKE]   16: 5F A2 7B
0D                                      _.{.
Feb  6 19:10:16 vpnServer charon: 02[IKE] AUTH = prf(prf(secret, keypad),
octets) => 20 bytes @ 0x7f7960004610
Feb  6 19:10:16 vpnServer charon: 02[IKE]    0: D1 AA 46 1F 9A 8F 86 DE 0F
08 05 6E 79 EB 31 EB  ..F........ny.1.
Feb  6 19:10:16 vpnServer charon: 02[IKE]   16: BF 3F 83
50                                      .?.P
Feb  6 19:10:16 vpnServer charon: 02[IKE] successfully created shared key
MAC
Feb  6 19:10:16 vpnServer charon: 02[IKE] establishing CHILD_SA intel
Feb  6 19:10:16 vpnServer charon: 02[CFG] proposing traffic selectors for
us:
Feb  6 19:10:16 vpnServer charon: 02[CFG]  192.168.1.238/32
Feb  6 19:10:16 vpnServer charon: 02[CFG] proposing traffic selectors for
other:
Feb  6 19:10:16 vpnServer charon: 02[CFG]  X.X.X.X (Cisco ASA)/32
Feb  6 19:10:16 vpnServer charon: 02[CFG] configured proposals:
ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
Feb  6 19:10:16 vpnServer charon: 02[KNL] getting SPI for reqid {2}
Feb  6 19:10:16 vpnServer charon: 02[KNL] sending XFRM_MSG_ALLOCSPI: => 248
bytes @ 0x7f7979616750
Feb  6 19:10:16 vpnServer charon: 02[KNL]    0: F8 00 00 00 16 00 01 00 CB
00 00 00 C2 2B 00 00  .............+..
Feb  6 19:10:16 vpnServer charon: 02[KNL]   16: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00  ................
Feb  6 19:10:16 vpnServer charon: 02[KNL]   32: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00  ................
Feb  6 19:10:16 vpnServer charon: 02[KNL]   48: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00  ................
Feb  6 19:10:16 vpnServer charon: 02[KNL]   64: 00 00 00 00 00 00 00 00 C0
A8 01 EE 00 00 00 00  ................
Feb  6 19:10:16 vpnServer charon: 02[KNL]   80: 00 00 00 00 00 00 00 00 00
00 00 00 32 00 00 00  ............2...
Feb  6 19:10:16 vpnServer charon: 02[KNL]   96: D5 4A C1 4C 00 00 00 00 00
00 00 00 00 00 00 00  .J.L............
Feb  6 19:10:16 vpnServer charon: 02[KNL]  112: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00  ................
Feb  6 19:10:16 vpnServer charon: 02[KNL]  128: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00  ................
Feb  6 19:10:16 vpnServer charon: 02[KNL]  144: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00  ................
Feb  6 19:10:16 vpnServer charon: 02[KNL]  160: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00  ................
Feb  6 19:10:16 vpnServer charon: 02[KNL]  176: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00  ................
Feb  6 19:10:16 vpnServer charon: 02[KNL]  192: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00  ................
Feb  6 19:10:16 vpnServer charon: 02[KNL]  208: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00  ................
Feb  6 19:10:16 vpnServer charon: 02[KNL]  224: 02 00 00 00 02 00 01 00 00
00 00 00 00 00 00 00  ................
Feb  6 19:10:16 vpnServer charon: 02[KNL]  240: 00 00 00 C0 FF FF FF
CF                          ........
Feb  6 19:10:16 vpnServer charon: 02[KNL] got SPI cd60c1dd for reqid {2}
Feb  6 19:10:16 vpnServer charon: 02[ENC] generating IKE_AUTH request 1 [
IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR)
N(EAP_ONLY) ]
Feb  6 19:10:16 vpnServer charon: 02[NET] sending packet: from
192.168.1.238[4500] to X.X.X.X (Cisco ASA)[4500] (332 bytes)
Feb  6 19:10:16 vpnServer charon: 08[NET] received packet: from X.X.X.X
(Cisco ASA)[4500] to 192.168.1.238[4500] (68 bytes)
Feb  6 19:10:16 vpnServer charon: 08[ENC] parsed IKE_AUTH response 1 [
N(AUTH_FAILED) ]
Feb  6 19:10:16 vpnServer charon: 08[IKE] received AUTHENTICATION_FAILED
notify error
Feb  6 19:10:16 vpnServer charon: 08[KNL] deleting SAD entry with SPI
cd60c1dd  (mark 0/0x00000000)
Feb  6 19:10:16 vpnServer charon: 08[KNL] sending XFRM_MSG_DELSA: => 40
bytes @ 0x7f7976610810
Feb  6 19:10:16 vpnServer charon: 08[KNL]    0: 28 00 00 00 11 00 05 00 CC
00 00 00 C2 2B 00 00  (............+..
Feb  6 19:10:16 vpnServer charon: 08[KNL]   16: C0 A8 01 EE 00 00 00 00 00
00 00 00 00 00 00 00  ................
Feb  6 19:10:16 vpnServer charon: 08[KNL]   32: CD 60 C1 DD 02 00 32
00                          .`....2.
Feb  6 19:10:16 vpnServer charon: 08[KNL] deleted SAD entry with SPI
cd60c1dd (mark 0/0x00000000)
Feb  6 19:10:16 vpnServer charon: 08[IKE] IKE_SA intel[3] state change:
CONNECTING => DESTROYING

Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160206/38a1a4f0/attachment-0001.html>


More information about the Users mailing list