[strongSwan] [Strongswan] AUTH Failed connecting Strongswan to Cisco ASA 55xx on PSK method
Fedor Martynov
outbox at dzhoda.ru
Sat Feb 6 16:37:56 CET 2016
Hi!
I have repeatedly failed to connect to Cisco ASA with AUTH_FAILED error.
Password is one for both sides and was checked dozens of times.
version strongSwan 5.2.1
ipsec.conf:
conn intel
# left=Y.Y.Y.Y
left=192.168.1.238
# leftsubnet=/
leftfirewall=yes
# leftauth=psk
leftid=Y.Y.Y.Y
right=X.X.X.X
# rightauth=psk
# rightsubnet=/
rightid=X.X.X.X
auto=start
ike=3des-sha1-modp1024
esp=3des-sha1
keyexchange=ikev2
dpdaction=restart
dpddelay=30s
forceencaps=yes
type=tunnel
authby=secret
ipsec.secrets:
Y.Y.Y.Y X.X.X.X : PSK "REMOVED_PASSWORD"
X.X.X.X : PSK "REMOVED_PASSWORD"
#X.X.X.X Y.Y.Y.Y : PSK "REMOVED_PASSWORD"
connection log:
Feb 6 19:10:15 vpnServer charon: 10[CFG] received stroke: initiate 'intel'
Feb 6 19:10:15 vpnServer charon: 06[IKE] queueing IKE_VENDOR task
Feb 6 19:10:15 vpnServer charon: 06[IKE] queueing IKE_INIT task
Feb 6 19:10:15 vpnServer charon: 06[IKE] queueing IKE_NATD task
Feb 6 19:10:15 vpnServer charon: 06[IKE] queueing IKE_CERT_PRE task
Feb 6 19:10:15 vpnServer charon: 06[IKE] queueing IKE_AUTH task
Feb 6 19:10:15 vpnServer charon: 06[IKE] queueing IKE_CERT_POST task
Feb 6 19:10:15 vpnServer charon: 06[IKE] queueing IKE_CONFIG task
Feb 6 19:10:15 vpnServer charon: 06[IKE] queueing IKE_AUTH_LIFETIME task
Feb 6 19:10:15 vpnServer charon: 06[IKE] queueing IKE_MOBIKE task
Feb 6 19:10:15 vpnServer charon: 06[IKE] queueing IKE_ME task
Feb 6 19:10:15 vpnServer charon: 06[IKE] queueing CHILD_CREATE task
Feb 6 19:10:15 vpnServer charon: 06[IKE] activating new tasks
Feb 6 19:10:15 vpnServer charon: 06[IKE] activating IKE_VENDOR task
Feb 6 19:10:15 vpnServer charon: 06[IKE] activating IKE_INIT task
Feb 6 19:10:15 vpnServer charon: 06[IKE] activating IKE_NATD task
Feb 6 19:10:15 vpnServer charon: 06[IKE] activating IKE_CERT_PRE task
Feb 6 19:10:15 vpnServer charon: 06[IKE] activating IKE_ME task
Feb 6 19:10:15 vpnServer charon: 06[IKE] activating IKE_AUTH task
Feb 6 19:10:15 vpnServer charon: 06[IKE] activating IKE_CERT_POST task
Feb 6 19:10:15 vpnServer charon: 06[IKE] activating IKE_CONFIG task
Feb 6 19:10:15 vpnServer charon: 06[IKE] activating CHILD_CREATE task
Feb 6 19:10:15 vpnServer charon: 06[IKE] activating IKE_AUTH_LIFETIME
task
Feb 6 19:10:15 vpnServer charon: 06[IKE] activating IKE_MOBIKE task
Feb 6 19:10:15 vpnServer charon: 06[IKE] initiating IKE_SA intel[3] to
X.X.X.X (Cisco ASA)
Feb 6 19:10:15 vpnServer charon: 06[IKE] IKE_SA intel[3] state change:
CREATED => CONNECTING
Feb 6 19:10:15 vpnServer charon: 06[CFG] configured proposals:
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP,
IKE:AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP
Feb 6 19:10:15 vpnServer charon: 06[IKE] natd_chunk => 22 bytes @
0x7f798078fea0
Feb 6 19:10:15 vpnServer charon: 06[IKE] 0: F2 3D FA D1 01 64 1B 32 00
00 00 00 00 00 00 00 .=...d.2........
Feb 6 19:10:15 vpnServer charon: 06[IKE] 16: D5 4A C1 4C 01
F4 .J.L..
Feb 6 19:10:15 vpnServer charon: 06[IKE] natd_hash => 20 bytes @
0x7f798078fec0
Feb 6 19:10:15 vpnServer charon: 06[IKE] 0: 3D 45 E5 8A 0E F1 0D F2 4E
EF 86 D8 E6 46 EE ED =E......N....F..
Feb 6 19:10:15 vpnServer charon: 06[IKE] 16: 01 2B 17
0C .+..
Feb 6 19:10:15 vpnServer charon: 06[ENC] generating IKE_SA_INIT request 0
[ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
Feb 6 19:10:15 vpnServer charon: 06[NET] sending packet: from
192.168.1.238[500] to X.X.X.X (Cisco ASA)[500] (936 bytes)
Feb 6 19:10:16 vpnServer charon: 02[NET] received packet: from X.X.X.X
(Cisco ASA)[500] to 192.168.1.238[500] (453 bytes)
Feb 6 19:10:16 vpnServer charon: 02[ENC] parsed IKE_SA_INIT response 0 [
SA KE No V V V N(NATD_S_IP) N(NATD_D_IP) V ]
Feb 6 19:10:16 vpnServer charon: 02[IKE] received Cisco Delete Reason
vendor ID
Feb 6 19:10:16 vpnServer charon: 02[IKE] received Cisco Copyright (c) 2009
vendor ID
Feb 6 19:10:16 vpnServer charon: 02[ENC] received unknown vendor ID:
43:49:53:43:4f:2d:47:52:45:2d:4d:4f:44:45:02
Feb 6 19:10:16 vpnServer charon: 02[IKE] received FRAGMENTATION vendor ID
Feb 6 19:10:16 vpnServer charon: 02[CFG] selecting proposal:
Feb 6 19:10:16 vpnServer charon: 02[CFG] proposal matches
Feb 6 19:10:16 vpnServer charon: 02[CFG] received proposals:
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Feb 6 19:10:16 vpnServer charon: 02[CFG] configured proposals:
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP,
IKE:AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP
Feb 6 19:10:16 vpnServer charon: 02[CFG] selected proposal:
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Feb 6 19:10:16 vpnServer charon: 02[IKE] shared Diffie Hellman secret =>
128 bytes @ 0x7f7960003930
Feb 6 19:10:16 vpnServer charon: 02[IKE] 0: A1 80 8E FF 97 2B 44 1E 3E
F0 CA 25 8A D5 95 F8 .....+D.>..%....
Feb 6 19:10:16 vpnServer charon: 02[IKE] 16: 96 4F 15 9C 7F 26 33 3E 97
D7 5A 92 33 63 C5 5E .O...&3>..Z.3c.^
Feb 6 19:10:16 vpnServer charon: 02[IKE] 32: 7F F9 6D 94 23 F4 D8 72 59
03 71 D1 85 BC D1 13 ..m.#..rY.q.....
Feb 6 19:10:16 vpnServer charon: 02[IKE] 48: 10 14 01 8B 18 C1 47 3F E5
7A 47 35 24 A1 E6 CE ......G?.zG5$...
Feb 6 19:10:16 vpnServer charon: 02[IKE] 64: 1E 02 7A C4 03 80 00 74 3F
4D 0E EA C4 4C 03 C9 ..z....t?M...L..
Feb 6 19:10:16 vpnServer charon: 02[IKE] 80: A5 EB 78 52 E7 E3 6E 62 F2
83 12 AA 40 C8 98 49 ..xR..nb.... at ..I
Feb 6 19:10:16 vpnServer charon: 02[IKE] 96: 23 49 4E A0 0B D9 EA 44 B9
11 56 24 EE 59 A8 82 #IN....D..V$.Y..
Feb 6 19:10:16 vpnServer charon: 02[IKE] 112: 23 DA 36 A9 A5 DA 4D FC CE
49 5D F8 A0 13 AA 18 #.6...M..I].....
Feb 6 19:10:16 vpnServer charon: 02[IKE] SKEYSEED => 20 bytes @
0x7f7960003d80
Feb 6 19:10:16 vpnServer charon: 02[IKE] 0: 74 95 B4 D3 87 77 7C AD 5D
EF 45 07 9D 3E 61 C8 t....w|.].E..>a.
Feb 6 19:10:16 vpnServer charon: 02[IKE] 16: 91 F2 47
F9 ..G.
Feb 6 19:10:16 vpnServer charon: 02[IKE] Sk_d secret => 20 bytes @
0x7f7960003d80
Feb 6 19:10:16 vpnServer charon: 02[IKE] 0: 8B F0 47 46 90 A6 10 07 8D
9D 27 EC 18 E0 DF 22 ..GF......'...."
Feb 6 19:10:16 vpnServer charon: 02[IKE] 16: 11 AF F9
42 ...B
Feb 6 19:10:16 vpnServer charon: 02[IKE] Sk_ai secret => 20 bytes @
0x7f79600043b0
Feb 6 19:10:16 vpnServer charon: 02[IKE] 0: CD 29 BB 57 92 24 92 A2 EF
0E A3 75 E5 C5 BA FC .).W.$.....u....
Feb 6 19:10:16 vpnServer charon: 02[IKE] 16: 58 26 0A
46 X&.F
Feb 6 19:10:16 vpnServer charon: 02[IKE] Sk_ar secret => 20 bytes @
0x7f79600043b0
Feb 6 19:10:16 vpnServer charon: 02[IKE] 0: 96 9E 3E F0 AA 90 F5 CD 1D
FA F0 51 DD D3 D7 EE ..>........Q....
Feb 6 19:10:16 vpnServer charon: 02[IKE] 16: DF 8C 8E
05 ....
Feb 6 19:10:16 vpnServer charon: 02[IKE] Sk_ei secret => 24 bytes @
0x7f79600043b0
Feb 6 19:10:16 vpnServer charon: 02[IKE] 0: 2F 71 E5 5F E2 A8 8D 98 8D
B1 AD 85 56 1C 5C A3 /q._........V.\.
Feb 6 19:10:16 vpnServer charon: 02[IKE] 16: E9 E0 A9 D5 6D A5 94
FE ....m...
Feb 6 19:10:16 vpnServer charon: 02[IKE] Sk_er secret => 24 bytes @
0x7f79600043b0
Feb 6 19:10:16 vpnServer charon: 02[IKE] 0: EE 76 40 0F 48 DC 33 44 57
6C 21 54 23 E1 52 3C .v at .H.3DWl!T#.R<
Feb 6 19:10:16 vpnServer charon: 02[IKE] 16: ED 91 F6 0A 53 01 99
9A ....S...
Feb 6 19:10:16 vpnServer charon: 02[IKE] Sk_pi secret => 20 bytes @
0x7f79600043b0
Feb 6 19:10:16 vpnServer charon: 02[IKE] 0: DD C8 D0 94 73 E0 9E A0 2F
49 D3 78 F3 F6 71 54 ....s.../I.x..qT
Feb 6 19:10:16 vpnServer charon: 02[IKE] 16: EC B9 29
9F ..).
Feb 6 19:10:16 vpnServer charon: 02[IKE] Sk_pr secret => 20 bytes @
0x7f79600044a0
Feb 6 19:10:16 vpnServer charon: 02[IKE] 0: 3A 3B AC 82 F5 5B 86 4E D5
79 2C BB 3F 07 F6 29 :;...[.N.y,.?..)
Feb 6 19:10:16 vpnServer charon: 02[IKE] 16: 75 1B A6
0C u...
Feb 6 19:10:16 vpnServer charon: 02[IKE] natd_chunk => 22 bytes @
0x7f7960003640
Feb 6 19:10:16 vpnServer charon: 02[IKE] 0: F2 3D FA D1 01 64 1B 32 6C
93 51 85 FF 5E CD 2B .=...d.2l.Q..^.+
Feb 6 19:10:16 vpnServer charon: 02[IKE] 16: C0 A8 01 EE 01
F4 ......
Feb 6 19:10:16 vpnServer charon: 02[IKE] natd_hash => 20 bytes @
0x7f7960003e20
Feb 6 19:10:16 vpnServer charon: 02[IKE] 0: DC 37 AA 5C 58 2A 8F D1 44
CA BF F9 ED 4B 74 98 .7.\X*..D....Kt.
Feb 6 19:10:16 vpnServer charon: 02[IKE] 16: 8B B2 98
D8 ....
Feb 6 19:10:16 vpnServer charon: 02[IKE] natd_chunk => 22 bytes @
0x7f7960003640
Feb 6 19:10:16 vpnServer charon: 02[IKE] 0: F2 3D FA D1 01 64 1B 32 6C
93 51 85 FF 5E CD 2B .=...d.2l.Q..^.+
Feb 6 19:10:16 vpnServer charon: 02[IKE] 16: D5 4A C1 4C 01
F4 .J.L..
Feb 6 19:10:16 vpnServer charon: 02[IKE] natd_hash => 20 bytes @
0x7f7960003900
Feb 6 19:10:16 vpnServer charon: 02[IKE] 0: 6D C9 D7 66 40 1B 4D 33 43
03 3E F4 51 AC A6 8E m..f at .M3C.>.Q...
Feb 6 19:10:16 vpnServer charon: 02[IKE] 16: F4 53 C0
C9 .S..
Feb 6 19:10:16 vpnServer charon: 02[IKE] precalculated src_hash => 20
bytes @ 0x7f7960003900
Feb 6 19:10:16 vpnServer charon: 02[IKE] 0: 6D C9 D7 66 40 1B 4D 33 43
03 3E F4 51 AC A6 8E m..f at .M3C.>.Q...
Feb 6 19:10:16 vpnServer charon: 02[IKE] 16: F4 53 C0
C9 .S..
Feb 6 19:10:16 vpnServer charon: 02[IKE] precalculated dst_hash => 20
bytes @ 0x7f7960003e20
Feb 6 19:10:16 vpnServer charon: 02[IKE] 0: DC 37 AA 5C 58 2A 8F D1 44
CA BF F9 ED 4B 74 98 .7.\X*..D....Kt.
Feb 6 19:10:16 vpnServer charon: 02[IKE] 16: 8B B2 98
D8 ....
Feb 6 19:10:16 vpnServer charon: 02[IKE] received src_hash => 20 bytes @
0x7f79600032d0
Feb 6 19:10:16 vpnServer charon: 02[IKE] 0: 6D C9 D7 66 40 1B 4D 33 43
03 3E F4 51 AC A6 8E m..f at .M3C.>.Q...
Feb 6 19:10:16 vpnServer charon: 02[IKE] 16: F4 53 C0
C9 .S..
Feb 6 19:10:16 vpnServer charon: 02[IKE] received dst_hash => 20 bytes @
0x7f79600033f0
Feb 6 19:10:16 vpnServer charon: 02[IKE] 0: 5A 10 AA 18 1E 69 43 49 DC
ED 4F 97 91 92 EC D4 Z....iCI..O.....
Feb 6 19:10:16 vpnServer charon: 02[IKE] 16: B9 9D 48
BD ..H.
Feb 6 19:10:16 vpnServer charon: 02[IKE] local host is behind NAT, sending
keep alives
Feb 6 19:10:16 vpnServer charon: 02[IKE] reinitiating already active tasks
Feb 6 19:10:16 vpnServer charon: 02[IKE] IKE_CERT_PRE task
Feb 6 19:10:16 vpnServer charon: 02[IKE] IKE_AUTH task
Feb 6 19:10:16 vpnServer charon: 02[IKE] authentication of 'Y.Y.Y.Y
(Strongswan)' (myself) with pre-shared key
Feb 6 19:10:16 vpnServer charon: 02[IKE] IDx' => 8 bytes @ 0x7f7979616a70
Feb 6 19:10:16 vpnServer charon: 02[IKE] 0: 01 00 00 00 5D B8 E7
72 ....]..r
Feb 6 19:10:16 vpnServer charon: 02[IKE] SK_p => 20 bytes @ 0x7f79600043b0
Feb 6 19:10:16 vpnServer charon: 02[IKE] 0: DD C8 D0 94 73 E0 9E A0 2F
49 D3 78 F3 F6 71 54 ....s.../I.x..qT
Feb 6 19:10:16 vpnServer charon: 02[IKE] 16: EC B9 29
9F ..).
Feb 6 19:10:16 vpnServer charon: 02[IKE] octets = message + nonce +
prf(Sk_px, IDx') => 1020 bytes @ 0x7f7960005420
Feb 6 19:10:16 vpnServer charon: 02[IKE] 0: F2 3D FA D1 01 64 1B 32 00
00 00 00 00 00 00 00 .=...d.2........
Feb 6 19:10:16 vpnServer charon: 02[IKE] 16: 21 20 22 08 00 00 00 00 00
00 03 A8 22 00 02 A8 ! "........."...
Feb 6 19:10:16 vpnServer charon: 02[IKE] 32: 02 00 00 28 01 01 00 04 03
00 00 08 01 00 00 03 ...(............
Feb 6 19:10:16 vpnServer charon: 02[IKE] 48: 03 00 00 08 03 00 00 02 03
00 00 08 02 00 00 02 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 64: 00 00 00 08 04 00 00 02 02
00 01 48 02 01 00 25 ...........H...%
Feb 6 19:10:16 vpnServer charon: 02[IKE] 80: 03 00 00 0C 01 00 00 0C 80
0E 00 80 03 00 00 0C ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 96: 01 00 00 0C 80 0E 00 C0 03
00 00 0C 01 00 00 0C ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 112: 80 0E 01 00 03 00 00 08 01
00 00 03 03 00 00 0C ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 128: 01 00 00 17 80 0E 00 80 03
00 00 0C 01 00 00 17 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 144: 80 0E 00 C0 03 00 00 0C 01
00 00 17 80 0E 01 00 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 160: 03 00 00 08 03 00 00 01 03
00 00 08 03 00 00 02 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 176: 03 00 00 08 03 00 00 0C 03
00 00 08 03 00 00 0D ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 192: 03 00 00 08 03 00 00 0E 03
00 00 08 03 00 00 05 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 208: 03 00 00 08 02 00 00 01 03
00 00 08 02 00 00 02 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 224: 03 00 00 08 02 00 00 05 03
00 00 08 02 00 00 06 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 240: 03 00 00 08 02 00 00 07 03
00 00 08 02 00 00 04 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 256: 03 00 00 08 04 00 00 0E 03
00 00 08 04 00 00 17 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 272: 03 00 00 08 04 00 00 18 03
00 00 08 04 00 00 05 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 288: 03 00 00 08 04 00 00 0F 03
00 00 08 04 00 00 10 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 304: 03 00 00 08 04 00 00 12 03
00 00 08 04 00 00 02 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 320: 03 00 00 08 04 00 00 16 03
00 00 08 04 00 00 13 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 336: 03 00 00 08 04 00 00 14 03
00 00 08 04 00 00 15 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 352: 03 00 00 08 04 00 00 1A 03
00 00 08 04 00 00 19 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 368: 03 00 00 08 04 00 00 1B 03
00 00 08 04 00 00 1C ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 384: 03 00 00 08 04 00 00 1D 00
00 00 08 04 00 00 1E ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 400: 00 00 01 34 03 01 00 21 03
00 00 0C 01 00 00 12 ...4...!........
Feb 6 19:10:16 vpnServer charon: 02[IKE] 416: 80 0E 00 80 03 00 00 0C 01
00 00 12 80 0E 00 C0 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 432: 03 00 00 0C 01 00 00 12 80
0E 01 00 03 00 00 0C ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 448: 01 00 00 13 80 0E 00 80 03
00 00 0C 01 00 00 13 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 464: 80 0E 00 C0 03 00 00 0C 01
00 00 13 80 0E 01 00 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 480: 03 00 00 0C 01 00 00 14 80
0E 00 80 03 00 00 0C ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 496: 01 00 00 14 80 0E 00 C0 03
00 00 0C 01 00 00 14 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 512: 80 0E 01 00 03 00 00 08 02
00 00 01 03 00 00 08 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 528: 02 00 00 02 03 00 00 08 02
00 00 05 03 00 00 08 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 544: 02 00 00 06 03 00 00 08 02
00 00 07 03 00 00 08 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 560: 02 00 00 04 03 00 00 08 04
00 00 0E 03 00 00 08 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 576: 04 00 00 17 03 00 00 08 04
00 00 18 03 00 00 08 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 592: 04 00 00 05 03 00 00 08 04
00 00 0F 03 00 00 08 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 608: 04 00 00 10 03 00 00 08 04
00 00 12 03 00 00 08 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 624: 04 00 00 02 03 00 00 08 04
00 00 16 03 00 00 08 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 640: 04 00 00 13 03 00 00 08 04
00 00 14 03 00 00 08 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 656: 04 00 00 15 03 00 00 08 04
00 00 1A 03 00 00 08 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 672: 04 00 00 19 03 00 00 08 04
00 00 1B 03 00 00 08 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 688: 04 00 00 1C 03 00 00 08 04
00 00 1D 00 00 00 08 ................
Feb 6 19:10:16 vpnServer charon: 02[IKE] 704: 04 00 00 1E 28 00 00 88 00
02 00 00 ED 20 05 F3 ....(........ ..
Feb 6 19:10:16 vpnServer charon: 02[IKE] 720: 76 97 8F CE E0 9D B2 F0 38
15 2B F3 EB 20 60 87 v.......8.+.. `.
Feb 6 19:10:16 vpnServer charon: 02[IKE] 736: 02 6E 2A 05 55 99 7B D9 53
E9 5C 21 91 E0 4F 0D .n*.U.{.S.\!..O.
Feb 6 19:10:16 vpnServer charon: 02[IKE] 752: 7F 96 13 5E 85 AD A9 CA 9D
8D A0 75 E3 43 10 5A ...^.......u.C.Z
Feb 6 19:10:16 vpnServer charon: 02[IKE] 768: AE AF C1 CF 37 65 C5 90 33
3C F4 C7 F3 31 81 87 ....7e..3<...1..
Feb 6 19:10:16 vpnServer charon: 02[IKE] 784: D5 50 7D 7D DD 78 FA 2C 5A
E2 45 E3 55 5C 54 55 .P}}.x.,Z.E.U\TU
Feb 6 19:10:16 vpnServer charon: 02[IKE] 800: 0B 91 60 42 9F D7 C4 9A DA
FA 63 92 4E 63 7A 10 ..`B......c.Ncz.
Feb 6 19:10:16 vpnServer charon: 02[IKE] 816: DE 28 68 BC 01 48 0E 57 C2
B1 C2 76 91 16 4F 8B .(h..H.W...v..O.
Feb 6 19:10:16 vpnServer charon: 02[IKE] 832: EE 2F 96 0D 1F 62 B3 84 E8
91 DE 18 29 00 00 24 ./...b......)..$
Feb 6 19:10:16 vpnServer charon: 02[IKE] 848: 79 DB D8 D0 7E 2F AA 90 90
B7 A8 54 31 7D 0B 30 y...~/.....T1}.0
Feb 6 19:10:16 vpnServer charon: 02[IKE] 864: A0 C3 73 2C CD 65 8C E5 48
83 EA B6 A2 70 98 68 ..s,.e..H....p.h
Feb 6 19:10:16 vpnServer charon: 02[IKE] 880: 29 00 00 1C 00 00 40 04 C8
0C 9E A3 17 FD 21 42 )..... at .......!B
Feb 6 19:10:16 vpnServer charon: 02[IKE] 896: A7 7C DE A0 50 9F BD 32 CC
56 8C 7C 00 00 00 1C .|..P..2.V.|....
Feb 6 19:10:16 vpnServer charon: 02[IKE] 912: 00 00 40 05 3D 45 E5 8A 0E
F1 0D F2 4E EF 86 D8 .. at .=E......N...
Feb 6 19:10:16 vpnServer charon: 02[IKE] 928: E6 46 EE ED 01 2B 17 0C 8A
CA 01 25 85 59 AA FA .F...+.....%.Y..
Feb 6 19:10:16 vpnServer charon: 02[IKE] 944: ED B6 31 14 3E A2 56 68 CC
6A 69 59 C8 02 80 3A ..1.>.Vh.jiY...:
Feb 6 19:10:16 vpnServer charon: 02[IKE] 960: A7 D1 4A 04 08 AB 01 79 DD
D4 4F F0 39 51 FD 3B ..J....y..O.9Q.;
Feb 6 19:10:16 vpnServer charon: 02[IKE] 976: EA 95 21 EC E4 B2 87 36 11
A6 47 98 00 A6 99 33 ..!....6..G....3
Feb 6 19:10:16 vpnServer charon: 02[IKE] 992: 9F 29 93 B9 82 73 77 BF 4D
C0 72 B9 1C 36 4B BD .)...sw.M.r..6K.
Feb 6 19:10:16 vpnServer charon: 02[IKE] 1008: 42 E2 A1 A3 E0 EE AF A4 89
2D 38 E4 B........-8.
Feb 6 19:10:16 vpnServer charon: 02[IKE] secret => 10 bytes @
0x7f7986089770
Feb 6 19:10:16 vpnServer charon: 02[IKE] 0: 34 6D 38 4C 4B 52 46 32 31
55 REMOVED_PASSWORD
Feb 6 19:10:16 vpnServer charon: 02[IKE] prf(secret, keypad) => 20 bytes @
0x7f79600045f0
Feb 6 19:10:16 vpnServer charon: 02[IKE] 0: B8 F6 A4 52 DF BC B7 0D A8
08 F7 DE C6 02 75 60 ...R..........u`
Feb 6 19:10:16 vpnServer charon: 02[IKE] 16: 5F A2 7B
0D _.{.
Feb 6 19:10:16 vpnServer charon: 02[IKE] AUTH = prf(prf(secret, keypad),
octets) => 20 bytes @ 0x7f7960004610
Feb 6 19:10:16 vpnServer charon: 02[IKE] 0: D1 AA 46 1F 9A 8F 86 DE 0F
08 05 6E 79 EB 31 EB ..F........ny.1.
Feb 6 19:10:16 vpnServer charon: 02[IKE] 16: BF 3F 83
50 .?.P
Feb 6 19:10:16 vpnServer charon: 02[IKE] successfully created shared key
MAC
Feb 6 19:10:16 vpnServer charon: 02[IKE] establishing CHILD_SA intel
Feb 6 19:10:16 vpnServer charon: 02[CFG] proposing traffic selectors for
us:
Feb 6 19:10:16 vpnServer charon: 02[CFG] 192.168.1.238/32
Feb 6 19:10:16 vpnServer charon: 02[CFG] proposing traffic selectors for
other:
Feb 6 19:10:16 vpnServer charon: 02[CFG] X.X.X.X (Cisco ASA)/32
Feb 6 19:10:16 vpnServer charon: 02[CFG] configured proposals:
ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
Feb 6 19:10:16 vpnServer charon: 02[KNL] getting SPI for reqid {2}
Feb 6 19:10:16 vpnServer charon: 02[KNL] sending XFRM_MSG_ALLOCSPI: => 248
bytes @ 0x7f7979616750
Feb 6 19:10:16 vpnServer charon: 02[KNL] 0: F8 00 00 00 16 00 01 00 CB
00 00 00 C2 2B 00 00 .............+..
Feb 6 19:10:16 vpnServer charon: 02[KNL] 16: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
Feb 6 19:10:16 vpnServer charon: 02[KNL] 32: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
Feb 6 19:10:16 vpnServer charon: 02[KNL] 48: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
Feb 6 19:10:16 vpnServer charon: 02[KNL] 64: 00 00 00 00 00 00 00 00 C0
A8 01 EE 00 00 00 00 ................
Feb 6 19:10:16 vpnServer charon: 02[KNL] 80: 00 00 00 00 00 00 00 00 00
00 00 00 32 00 00 00 ............2...
Feb 6 19:10:16 vpnServer charon: 02[KNL] 96: D5 4A C1 4C 00 00 00 00 00
00 00 00 00 00 00 00 .J.L............
Feb 6 19:10:16 vpnServer charon: 02[KNL] 112: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
Feb 6 19:10:16 vpnServer charon: 02[KNL] 128: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
Feb 6 19:10:16 vpnServer charon: 02[KNL] 144: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
Feb 6 19:10:16 vpnServer charon: 02[KNL] 160: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
Feb 6 19:10:16 vpnServer charon: 02[KNL] 176: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
Feb 6 19:10:16 vpnServer charon: 02[KNL] 192: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
Feb 6 19:10:16 vpnServer charon: 02[KNL] 208: 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 ................
Feb 6 19:10:16 vpnServer charon: 02[KNL] 224: 02 00 00 00 02 00 01 00 00
00 00 00 00 00 00 00 ................
Feb 6 19:10:16 vpnServer charon: 02[KNL] 240: 00 00 00 C0 FF FF FF
CF ........
Feb 6 19:10:16 vpnServer charon: 02[KNL] got SPI cd60c1dd for reqid {2}
Feb 6 19:10:16 vpnServer charon: 02[ENC] generating IKE_AUTH request 1 [
IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR)
N(EAP_ONLY) ]
Feb 6 19:10:16 vpnServer charon: 02[NET] sending packet: from
192.168.1.238[4500] to X.X.X.X (Cisco ASA)[4500] (332 bytes)
Feb 6 19:10:16 vpnServer charon: 08[NET] received packet: from X.X.X.X
(Cisco ASA)[4500] to 192.168.1.238[4500] (68 bytes)
Feb 6 19:10:16 vpnServer charon: 08[ENC] parsed IKE_AUTH response 1 [
N(AUTH_FAILED) ]
Feb 6 19:10:16 vpnServer charon: 08[IKE] received AUTHENTICATION_FAILED
notify error
Feb 6 19:10:16 vpnServer charon: 08[KNL] deleting SAD entry with SPI
cd60c1dd (mark 0/0x00000000)
Feb 6 19:10:16 vpnServer charon: 08[KNL] sending XFRM_MSG_DELSA: => 40
bytes @ 0x7f7976610810
Feb 6 19:10:16 vpnServer charon: 08[KNL] 0: 28 00 00 00 11 00 05 00 CC
00 00 00 C2 2B 00 00 (............+..
Feb 6 19:10:16 vpnServer charon: 08[KNL] 16: C0 A8 01 EE 00 00 00 00 00
00 00 00 00 00 00 00 ................
Feb 6 19:10:16 vpnServer charon: 08[KNL] 32: CD 60 C1 DD 02 00 32
00 .`....2.
Feb 6 19:10:16 vpnServer charon: 08[KNL] deleted SAD entry with SPI
cd60c1dd (mark 0/0x00000000)
Feb 6 19:10:16 vpnServer charon: 08[IKE] IKE_SA intel[3] state change:
CONNECTING => DESTROYING
Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160206/38a1a4f0/attachment-0001.html>
More information about the Users
mailing list