[strongSwan] MacOS: IKEv1 fails after wakeup
Harald Dunkel
harald.dunkel at aixigo.de
Fri Mar 11 08:35:58 CET 2016
Hi Tobias,
I am still struggling with this. The messages with "no
response to retransmit" are still there :-(.
On 03/10/2016 09:31 AM, Tobias Brunner wrote:
>
>> dpddelay = 30s
>
> This together with dpdtimeout (which defaults to 150s) is probably too
> low. The Mac OS X client apparently expects some state to still be
> available when it reconnects after waking up (maybe it does not expect
> the server to use DPD and remove its state at all). Since the client
> doesn't do a Mode Config exchange when reconnecting (this looks the same
> when Mac OS X clients reauthenticate) this only works if the server
> still has the the previous IKE_SA available (including the previously
> assigned virtual IP), which allows it to detect this new connection as
> reauthentication and migrate the virtual IP to the new SA.
If I got you correctly, then dpdtimeout affects the lifetime
of the IKE_SA. Using "dpdaction = clear" the IKE_SA is dropped
150s (by default) after the last notification package was
received. Is this correct?
> Since that's
> not the case here you'll end up with the following error:
>
>> Mar 7 07:37:47 srvl047 charon: 15[CFG] looking for a child config for 172.19.96.0/19 === 172.19.97.68/32
>> Mar 7 07:37:47 srvl047 charon: 15[CFG] proposing traffic selectors for us:
>> Mar 7 07:37:47 srvl047 charon: 15[CFG] 172.19.96.0/19
>> Mar 7 07:37:47 srvl047 charon: 15[CFG] proposing traffic selectors for other:
>> Mar 7 07:37:47 srvl047 charon: 15[CFG] dynamic
>> Mar 7 07:37:47 srvl047 charon: 15[IKE] no matching CHILD_SA config found
>
> As you can see the client proposes its previous virtual IP
> 172.19.97.68/32 as local traffic selector, but because the server has no
> knowledge about that VIP it can't replace the dynamic traffic selector
> in its own configuration and there is no match.
>
Apparently the peers reach a dead point in the protocol,
until the Mac gives up and deletes the IKE_SA:
:
Mar 11 07:27:24 srvl047 ipsec[11514]: 02[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500]
Mar 11 07:27:24 srvl047 ipsec[11514]: 02[NET] waiting for data on sockets
Mar 11 07:27:24 srvl047 ipsec[11514]: 28[MGR] checkout IKE_SA by message
Mar 11 07:27:24 srvl047 ipsec[11514]: 28[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:27:24 srvl047 ipsec[11514]: 28[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500] (300 bytes)
Mar 11 07:27:24 srvl047 ipsec[11514]: 28[IKE] received retransmit of request with ID 4271440881, but no response to retransmit
Mar 11 07:27:24 srvl047 ipsec[11514]: 28[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:27:24 srvl047 ipsec[11514]: 28[MGR] check-in of IKE_SA successful.
Mar 11 07:27:24 srvl047 charon: 11[MGR] checkout IKE_SA
Mar 11 07:27:24 srvl047 charon: 11[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:27:24 srvl047 charon: 11[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:27:24 srvl047 charon: 11[MGR] check-in of IKE_SA successful.
Mar 11 07:27:24 srvl047 charon: 02[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500]
Mar 11 07:27:24 srvl047 charon: 02[NET] waiting for data on sockets
Mar 11 07:27:24 srvl047 charon: 07[MGR] checkout IKE_SA by message
Mar 11 07:27:24 srvl047 charon: 07[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:27:24 srvl047 charon: 07[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500] (92 bytes)
Mar 11 07:27:24 srvl047 charon: 07[ENC] parsed INFORMATIONAL_V1 request 3393291886 [ HASH D ]
Mar 11 07:27:24 srvl047 charon: 07[IKE] Hash => 20 bytes @ 0x7f0300003770
Mar 11 07:27:24 srvl047 charon: 07[IKE] 0: 54 9D 83 95 4D 52 F5 4F 31 C9 5B 9E 58 18 22 62 T...MR.O1.[.X."b
Mar 11 07:27:24 srvl047 charon: 07[IKE] 16: 43 CF 51 63 C.Qc
Mar 11 07:27:24 srvl047 charon: 07[IKE] received DELETE for IKE_SA CiscoIPSec[65]
Mar 11 07:27:24 srvl047 charon: 07[IKE] deleting IKE_SA CiscoIPSec[65] between 10.0.0.17[gate1.example.com]...10.0.0.13[C=DE, O=example AG, OU=TI, CN=ppcm018.ws.example.com]
Mar 11 07:27:24 srvl047 charon: 07[IKE] IKE_SA CiscoIPSec[65] state change: ESTABLISHED => DELETING
Mar 11 07:27:24 srvl047 charon: 07[IKE] IKE_SA CiscoIPSec[65] state change: DELETING => DELETING
Mar 11 07:27:24 srvl047 charon: 07[MGR] checkin and destroy IKE_SA CiscoIPSec[65]
Mar 11 07:27:24 srvl047 charon: 07[IKE] IKE_SA CiscoIPSec[65] state change: DELETING => DESTROYING
Mar 11 07:27:24 srvl047 charon: 07[MGR] check-in and destroy of IKE_SA successful
How comes that destroying the IKE_SA works, even though strongswan
on the left side has lost the IKE_SA (following your description)?
It appears to me that the IKE_SA was still available. ???
Attached you can find the current configuration and a new
sample session.
Every helpful comment is highly appreciated
Harri
-------------- next part --------------
config setup
charondebug="dmn 2, mgr 2, ike 3, chd 2, cfg 3, net 2"
conn %default
left = gate1.example.com
leftcert = gate1.example.com.pem
leftsendcert = always
leftsubnet = 172.19.96.0/19
leftfirewall = yes
ikelifetime = 3h
lifetime = 1h
rekey = yes
dpdaction = clear
dpdtimeout = 500s
dpddelay = 100s
#
# IKEv2 using RSA authentication
conn IPSec-IKEv2
keyexchange = ikev2
ike = aes256-sha256-modp2048,aes256-sha1-modp1024,aes128-sha1-modp1024!
esp = aes256-sha256-modp2048,aes256-sha1-modp1024,aes128-sha1-modp1024,aes256-sha256,aes256-sha1,aes128-sha1!
right = %any
rightauth = pubkey
rightsendcert = ifasked
rightsourceip = %dhcp
# fragmentation = yes
auto = add
#
# IKEv1 using xauth
conn CiscoIPSec
keyexchange = ikev1
ike = aes256-sha1-modp1536!
esp = aes256-sha1!
rightauth = pubkey
right = %any
rightsourceip = %dhcp
rightauth2 = xauth
auto = add
-------------- next part --------------
Mar 11 07:26:15 srvl047 charon: 09[MGR] IKE_SA CiscoIPSec[61] successfully checked out
Mar 11 07:26:15 srvl047 charon: 09[MGR] checkin IKE_SA CiscoIPSec[61]
Mar 11 07:26:15 srvl047 charon: 09[MGR] check-in of IKE_SA successful.
Mar 11 07:26:47 srvl047 charon: 27[MGR] checkout IKE_SA
Mar 11 07:26:47 srvl047 charon: 27[MGR] IKE_SA CiscoIPSec[64] successfully checked out
Mar 11 07:26:47 srvl047 charon: 27[MGR] checkin IKE_SA CiscoIPSec[64]
Mar 11 07:26:47 srvl047 charon: 27[MGR] check-in of IKE_SA successful.
Mar 11 07:26:49 srvl047 charon: 25[MGR] checkout IKE_SA
Mar 11 07:26:54 srvl047 charon: 02[NET] received packet: from 10.0.0.13[63156] to 10.0.0.17[500]
Mar 11 07:26:54 srvl047 charon: 02[NET] waiting for data on sockets
Mar 11 07:26:54 srvl047 charon: 12[MGR] checkout IKE_SA by message
Mar 11 07:26:54 srvl047 charon: 12[MGR] created IKE_SA (unnamed)[65]
Mar 11 07:26:54 srvl047 charon: 12[NET] received packet: from 10.0.0.13[63156] to 10.0.0.17[500] (668 bytes)
Mar 11 07:26:54 srvl047 charon: 12[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V V V V ]
Mar 11 07:26:54 srvl047 charon: 12[CFG] looking for an ike config for 10.0.0.17...10.0.0.13
Mar 11 07:26:54 srvl047 charon: 12[CFG] ike config match: 0 (10.0.0.17 10.0.0.13 IKEv1)
Mar 11 07:26:54 srvl047 charon: 12[CFG] ike config match: 0 (10.0.0.17 10.0.0.13 IKEv1)
Mar 11 07:26:54 srvl047 charon: 12[CFG] ike config match: 1052 (10.0.0.17 10.0.0.13 IKEv1)
Mar 11 07:26:54 srvl047 charon: 12[CFG] candidate: gate1.example.com...%any, prio 1052
Mar 11 07:26:54 srvl047 charon: 12[CFG] ike config match: 1052 (10.0.0.17 10.0.0.13 IKEv1)
Mar 11 07:26:54 srvl047 charon: 12[CFG] candidate: gate1.example.com...%any, prio 1052
Mar 11 07:26:54 srvl047 charon: 12[CFG] ike config match: 0 (10.0.0.17 10.0.0.13 IKEv1)
Mar 11 07:26:54 srvl047 charon: 12[CFG] found matching ike config: gate1.example.com...%any with prio 1052
Mar 11 07:26:54 srvl047 charon: 12[IKE] received NAT-T (RFC 3947) vendor ID
Mar 11 07:26:54 srvl047 charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID
Mar 11 07:26:54 srvl047 charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID
Mar 11 07:26:54 srvl047 charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID
Mar 11 07:26:54 srvl047 charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID
Mar 11 07:26:54 srvl047 charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID
Mar 11 07:26:54 srvl047 charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID
Mar 11 07:26:54 srvl047 charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Mar 11 07:26:54 srvl047 charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Mar 11 07:26:54 srvl047 charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Mar 11 07:26:54 srvl047 charon: 12[IKE] received XAuth vendor ID
Mar 11 07:26:54 srvl047 charon: 12[IKE] received Cisco Unity vendor ID
Mar 11 07:26:54 srvl047 charon: 12[IKE] received FRAGMENTATION vendor ID
Mar 11 07:26:54 srvl047 charon: 12[IKE] received DPD vendor ID
Mar 11 07:26:54 srvl047 charon: 12[IKE] 10.0.0.13 is initiating a Main Mode IKE_SA
Mar 11 07:26:54 srvl047 charon: 12[IKE] IKE_SA (unnamed)[65] state change: CREATED => CONNECTING
Mar 11 07:26:54 srvl047 charon: 12[CFG] selecting proposal:
Mar 11 07:26:54 srvl047 charon: 12[CFG] proposal matches
Mar 11 07:26:54 srvl047 charon: 12[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1536, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
Mar 11 07:26:54 srvl047 charon: 12[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
Mar 11 07:26:54 srvl047 charon: 12[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
Mar 11 07:26:54 srvl047 charon: 12[IKE] sending strongSwan vendor ID
Mar 11 07:26:54 srvl047 charon: 12[IKE] sending XAuth vendor ID
Mar 11 07:26:54 srvl047 charon: 12[IKE] sending DPD vendor ID
Mar 11 07:26:54 srvl047 charon: 12[IKE] sending NAT-T (RFC 3947) vendor ID
Mar 11 07:26:54 srvl047 charon: 12[ENC] generating ID_PROT response 0 [ SA V V V V ]
Mar 11 07:26:54 srvl047 charon: 12[NET] sending packet: from 10.0.0.17[500] to 10.0.0.13[63156] (156 bytes)
Mar 11 07:26:54 srvl047 charon: 12[MGR] checkin IKE_SA (unnamed)[65]
Mar 11 07:26:54 srvl047 charon: 03[NET] sending packet: from 10.0.0.17[500] to 10.0.0.13[63156]
Mar 11 07:26:54 srvl047 charon: 12[MGR] check-in of IKE_SA successful.
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] 432: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] 448: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] 464: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] 480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] 496: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] 512: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] 528: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] 544: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] 560: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] 576: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] 592: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] 608: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] 624: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] 640: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] 656: 00 00 ..
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] proposing traffic selectors for us:
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] 172.19.96.0/19
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] proposing traffic selectors for other:
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] dynamic
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] proposing traffic selectors for us:
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] 172.19.96.0/19
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] proposing traffic selectors for other:
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] dynamic
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] proposing traffic selectors for us:
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] 172.19.96.0/19
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] proposing traffic selectors for other:
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] dynamic
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] proposing traffic selectors for us:
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] 172.19.96.0/19
Mar 11 07:26:54 srvl047 charon: 02[NET] received packet: from 10.0.0.13[63156] to 10.0.0.17[500]
Mar 11 07:26:54 srvl047 charon: 02[NET] waiting for data on sockets
Mar 11 07:26:54 srvl047 charon: 15[MGR] checkout IKE_SA by message
Mar 11 07:26:54 srvl047 charon: 15[MGR] IKE_SA (unnamed)[65] successfully checked out
Mar 11 07:26:54 srvl047 charon: 15[NET] received packet: from 10.0.0.13[63156] to 10.0.0.17[500] (292 bytes)
Mar 11 07:26:54 srvl047 charon: 15[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] proposing traffic selectors for other:
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] dynamic
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] proposing traffic selectors for us:
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] 172.19.96.0/22
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] proposing traffic selectors for other:
Mar 11 07:26:54 srvl047 ipsec[11514]: 22[CFG] 172.23.15.0/24
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[MGR] checkout IKE_SA
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[MGR] IKE_SA CiscoIPSec[64] successfully checked out
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[MGR] checkin IKE_SA CiscoIPSec[64]
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[MGR] check-in of IKE_SA successful.
Mar 11 07:26:54 srvl047 ipsec[11514]: 18[MGR] checkout IKE_SA
Mar 11 07:26:54 srvl047 ipsec[11514]: 18[MGR] IKE_SA CiscoIPSec[63] successfully checked out
Mar 11 07:26:54 srvl047 ipsec[11514]: 18[MGR] checkin IKE_SA CiscoIPSec[63]
Mar 11 07:26:54 srvl047 ipsec[11514]: 18[MGR] check-in of IKE_SA successful.
Mar 11 07:26:54 srvl047 ipsec[11514]: 29[MGR] checkout IKE_SA
Mar 11 07:26:54 srvl047 ipsec[11514]: 29[MGR] IKE_SA CiscoIPSec[61] successfully checked out
Mar 11 07:26:54 srvl047 ipsec[11514]: 29[MGR] checkin IKE_SA CiscoIPSec[61]
Mar 11 07:26:54 srvl047 ipsec[11514]: 29[MGR] check-in of IKE_SA successful.
Mar 11 07:26:54 srvl047 ipsec[11514]: 23[MGR] checkout IKE_SA
Mar 11 07:26:54 srvl047 ipsec[11514]: 23[MGR] IKE_SA CiscoIPSec[64] successfully checked out
Mar 11 07:26:54 srvl047 ipsec[11514]: 23[MGR] checkin IKE_SA CiscoIPSec[64]
Mar 11 07:26:54 srvl047 ipsec[11514]: 23[MGR] check-in of IKE_SA successful.
Mar 11 07:26:54 srvl047 ipsec[11514]: 20[MGR] checkout IKE_SA
Mar 11 07:26:54 srvl047 ipsec[11514]: 20[MGR] IKE_SA CiscoIPSec[63] successfully checked out
Mar 11 07:26:54 srvl047 ipsec[11514]: 20[MGR] checkin IKE_SA CiscoIPSec[63]
Mar 11 07:26:54 srvl047 ipsec[11514]: 20[MGR] check-in of IKE_SA successful.
Mar 11 07:26:54 srvl047 ipsec[11514]: 09[MGR] checkout IKE_SA
Mar 11 07:26:54 srvl047 ipsec[11514]: 09[MGR] IKE_SA CiscoIPSec[61] successfully checked out
Mar 11 07:26:54 srvl047 ipsec[11514]: 09[MGR] checkin IKE_SA CiscoIPSec[61]
Mar 11 07:26:54 srvl047 ipsec[11514]: 09[MGR] check-in of IKE_SA successful.
Mar 11 07:26:54 srvl047 ipsec[11514]: 27[MGR] checkout IKE_SA
Mar 11 07:26:54 srvl047 ipsec[11514]: 27[MGR] IKE_SA CiscoIPSec[64] successfully checked out
Mar 11 07:26:54 srvl047 ipsec[11514]: 27[MGR] checkin IKE_SA CiscoIPSec[64]
Mar 11 07:26:54 srvl047 ipsec[11514]: 27[MGR] check-in of IKE_SA successful.
Mar 11 07:26:54 srvl047 ipsec[11514]: 25[MGR] checkout IKE_SA
Mar 11 07:26:54 srvl047 ipsec[11514]: 02[NET] received packet: from 10.0.0.13[63156] to 10.0.0.17[500]
Mar 11 07:26:54 srvl047 ipsec[11514]: 02[NET] waiting for data on sockets
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[MGR] checkout IKE_SA by message
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[MGR] created IKE_SA (unnamed)[65]
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[NET] received packet: from 10.0.0.13[63156] to 10.0.0.17[500] (668 bytes)
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V V V V ]
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[CFG] looking for an ike config for 10.0.0.17...10.0.0.13
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[CFG] ike config match: 0 (10.0.0.17 10.0.0.13 IKEv1)
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[CFG] ike config match: 0 (10.0.0.17 10.0.0.13 IKEv1)
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[CFG] ike config match: 1052 (10.0.0.17 10.0.0.13 IKEv1)
Mar 11 07:26:54 srvl047 charon: 15[IKE] natd_chunk => 22 bytes @ 0x7f032b56bb70
Mar 11 07:26:54 srvl047 charon: 15[IKE] 0: 0C 87 40 47 A7 29 03 0F 9F C5 44 A7 3A D5 22 AA .. at G.)....D.:.".
Mar 11 07:26:54 srvl047 charon: 15[IKE] 16: 05 91 8E 11 01 F4 ......
Mar 11 07:26:54 srvl047 charon: 15[IKE] natd_hash => 20 bytes @ 0x7f02dc0020b0
Mar 11 07:26:54 srvl047 charon: 15[IKE] 0: 2C C0 6E C8 43 91 35 32 0F 36 90 D9 F9 C6 AF B7 ,.n.C.52.6......
Mar 11 07:26:54 srvl047 charon: 15[IKE] 16: FD 9A 86 2A ...*
Mar 11 07:26:54 srvl047 charon: 15[IKE] natd_chunk => 22 bytes @ 0x7f032b56bb70
Mar 11 07:26:54 srvl047 charon: 15[IKE] 0: 0C 87 40 47 A7 29 03 0F 9F C5 44 A7 3A D5 22 AA .. at G.)....D.:.".
Mar 11 07:26:54 srvl047 charon: 15[IKE] 16: 05 91 8E 0D F6 B4 ......
Mar 11 07:26:54 srvl047 charon: 15[IKE] natd_hash => 20 bytes @ 0x7f02dc002080
Mar 11 07:26:54 srvl047 charon: 15[IKE] 0: 8D 42 AF 0B 6E 5B 77 B3 34 58 6B 05 E6 9C EC 2D .B..n[w.4Xk....-
Mar 11 07:26:54 srvl047 charon: 15[IKE] 16: 4F B1 96 2D O..-
Mar 11 07:26:54 srvl047 charon: 15[IKE] precalculated src_hash => 20 bytes @ 0x7f02dc002080
Mar 11 07:26:54 srvl047 charon: 15[IKE] 0: 8D 42 AF 0B 6E 5B 77 B3 34 58 6B 05 E6 9C EC 2D .B..n[w.4Xk....-
Mar 11 07:26:54 srvl047 charon: 15[IKE] 16: 4F B1 96 2D O..-
Mar 11 07:26:54 srvl047 charon: 15[IKE] precalculated dst_hash => 20 bytes @ 0x7f02dc0020b0
Mar 11 07:26:54 srvl047 charon: 15[IKE] 0: 2C C0 6E C8 43 91 35 32 0F 36 90 D9 F9 C6 AF B7 ,.n.C.52.6......
Mar 11 07:26:54 srvl047 charon: 15[IKE] 16: FD 9A 86 2A ...*
Mar 11 07:26:54 srvl047 charon: 15[IKE] received dst_hash => 20 bytes @ 0x7f02dc001f30
Mar 11 07:26:54 srvl047 charon: 15[IKE] 0: 2C C0 6E C8 43 91 35 32 0F 36 90 D9 F9 C6 AF B7 ,.n.C.52.6......
Mar 11 07:26:54 srvl047 charon: 15[IKE] 16: FD 9A 86 2A ...*
Mar 11 07:26:54 srvl047 charon: 15[IKE] received src_hash => 20 bytes @ 0x7f02dc002020
Mar 11 07:26:54 srvl047 charon: 15[IKE] 0: 8E 9A 7B 4F 48 85 AC 1C C3 27 7A A7 34 CA 2E 3E ..{OH....'z.4..>
Mar 11 07:26:54 srvl047 charon: 15[IKE] 16: 8D 72 B9 9D .r..
Mar 11 07:26:54 srvl047 charon: 15[IKE] remote host is behind NAT
Mar 11 07:26:54 srvl047 charon: 15[IKE] sending cert request for "C=DE, O=example AG, OU=example Certificate Authority, CN=example Root CA"
Mar 11 07:26:54 srvl047 charon: 15[IKE] sending cert request for "C=DE, ST=NRW, L=Aachen, O=example AG, OU=TI, CN=IPsec_ca, E=security at example.com"
Mar 11 07:26:54 srvl047 charon: 15[IKE] sending cert request for "C=DE, O=example AG, OU=example Certificate Authority, CN=ws-example-CA"
Mar 11 07:26:54 srvl047 charon: 15[IKE] natd_chunk => 22 bytes @ 0x7f032b56bb90
Mar 11 07:26:54 srvl047 charon: 15[IKE] 0: 0C 87 40 47 A7 29 03 0F 9F C5 44 A7 3A D5 22 AA .. at G.)....D.:.".
Mar 11 07:26:54 srvl047 charon: 15[IKE] 16: 05 91 8E 0D F6 B4 ......
Mar 11 07:26:54 srvl047 charon: 15[IKE] natd_hash => 20 bytes @ 0x7f02dc001020
Mar 11 07:26:54 srvl047 charon: 15[IKE] 0: 8D 42 AF 0B 6E 5B 77 B3 34 58 6B 05 E6 9C EC 2D .B..n[w.4Xk....-
Mar 11 07:26:54 srvl047 charon: 15[IKE] 16: 4F B1 96 2D O..-
Mar 11 07:26:54 srvl047 charon: 15[IKE] natd_chunk => 22 bytes @ 0x7f032b56bb90
Mar 11 07:26:54 srvl047 charon: 15[IKE] 0: 0C 87 40 47 A7 29 03 0F 9F C5 44 A7 3A D5 22 AA .. at G.)....D.:.".
Mar 11 07:26:54 srvl047 charon: 15[IKE] 16: 05 91 8E 11 01 F4 ......
Mar 11 07:26:54 srvl047 charon: 15[IKE] natd_hash => 20 bytes @ 0x7f02dc003190
Mar 11 07:26:54 srvl047 charon: 15[IKE] 0: 2C C0 6E C8 43 91 35 32 0F 36 90 D9 F9 C6 AF B7 ,.n.C.52.6......
Mar 11 07:26:54 srvl047 charon: 15[IKE] 16: FD 9A 86 2A ...*
Mar 11 07:26:54 srvl047 charon: 15[ENC] generating ID_PROT response 0 [ KE No CERTREQ CERTREQ CERTREQ NAT-D NAT-D ]
Mar 11 07:26:54 srvl047 charon: 15[NET] sending packet: from 10.0.0.17[500] to 10.0.0.13[63156] (653 bytes)
Mar 11 07:26:54 srvl047 charon: 15[MGR] checkin IKE_SA (unnamed)[65]
Mar 11 07:26:54 srvl047 charon: 03[NET] sending packet: from 10.0.0.17[500] to 10.0.0.13[63156]
Mar 11 07:26:54 srvl047 charon: 15[MGR] check-in of IKE_SA successful.
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[CFG] candidate: gate1.example.com...%any, prio 1052
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[CFG] ike config match: 1052 (10.0.0.17 10.0.0.13 IKEv1)
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[CFG] candidate: gate1.example.com...%any, prio 1052
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[CFG] ike config match: 0 (10.0.0.17 10.0.0.13 IKEv1)
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[CFG] found matching ike config: gate1.example.com...%any with prio 1052
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[IKE] received NAT-T (RFC 3947) vendor ID
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[IKE] received XAuth vendor ID
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[IKE] received Cisco Unity vendor ID
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[IKE] received FRAGMENTATION vendor ID
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[IKE] received DPD vendor ID
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[IKE] 10.0.0.13 is initiating a Main Mode IKE_SA
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[IKE] IKE_SA (unnamed)[65] state change: CREATED => CONNECTING
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[CFG] selecting proposal:
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[CFG] proposal matches
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1536, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[IKE] sending strongSwan vendor ID
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[IKE] sending XAuth vendor ID
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[IKE] sending DPD vendor ID
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[IKE] sending NAT-T (RFC 3947) vendor ID
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[ENC] generating ID_PROT response 0 [ SA V V V V ]
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[NET] sending packet: from 10.0.0.17[500] to 10.0.0.13[63156] (156 bytes)
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[MGR] checkin IKE_SA (unnamed)[65]
Mar 11 07:26:54 srvl047 ipsec[11514]: 03[NET] sending packet: from 10.0.0.17[500] to 10.0.0.13[63156]
Mar 11 07:26:54 srvl047 ipsec[11514]: 12[MGR] check-in of IKE_SA successful.
Mar 11 07:26:54 srvl047 ipsec[11514]: 02[NET] received packet: from 10.0.0.13[63156] to 10.0.0.17[500]
Mar 11 07:26:54 srvl047 ipsec[11514]: 02[NET] waiting for data on sockets
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[MGR] checkout IKE_SA by message
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[MGR] IKE_SA (unnamed)[65] successfully checked out
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[NET] received packet: from 10.0.0.13[63156] to 10.0.0.17[500] (292 bytes)
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] natd_chunk => 22 bytes @ 0x7f032b56bb70
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] 0: 0C 87 40 47 A7 29 03 0F 9F C5 44 A7 3A D5 22 AA .. at G.)....D.:.".
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] 16: 05 91 8E 11 01 F4 ......
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] natd_hash => 20 bytes @ 0x7f02dc0020b0
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] 0: 2C C0 6E C8 43 91 35 32 0F 36 90 D9 F9 C6 AF B7 ,.n.C.52.6......
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] 16: FD 9A 86 2A ...*
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] natd_chunk => 22 bytes @ 0x7f032b56bb70
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] 0: 0C 87 40 47 A7 29 03 0F 9F C5 44 A7 3A D5 22 AA .. at G.)....D.:.".
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] 16: 05 91 8E 0D F6 B4 ......
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] natd_hash => 20 bytes @ 0x7f02dc002080
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] 0: 8D 42 AF 0B 6E 5B 77 B3 34 58 6B 05 E6 9C EC 2D .B..n[w.4Xk....-
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] 16: 4F B1 96 2D O..-
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] precalculated src_hash => 20 bytes @ 0x7f02dc002080
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] 0: 8D 42 AF 0B 6E 5B 77 B3 34 58 6B 05 E6 9C EC 2D .B..n[w.4Xk....-
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] 16: 4F B1 96 2D O..-
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] precalculated dst_hash => 20 bytes @ 0x7f02dc0020b0
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] 0: 2C C0 6E C8 43 91 35 32 0F 36 90 D9 F9 C6 AF B7 ,.n.C.52.6......
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] 16: FD 9A 86 2A ...*
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] received dst_hash => 20 bytes @ 0x7f02dc001f30
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] 0: 2C C0 6E C8 43 91 35 32 0F 36 90 D9 F9 C6 AF B7 ,.n.C.52.6......
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] 16: FD 9A 86 2A ...*
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] received src_hash => 20 bytes @ 0x7f02dc002020
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] 0: 8E 9A 7B 4F 48 85 AC 1C C3 27 7A A7 34 CA 2E 3E ..{OH....'z.4..>
Mar 11 07:26:54 srvl047 charon: 02[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500]
Mar 11 07:26:54 srvl047 charon: 02[NET] waiting for data on sockets
Mar 11 07:26:54 srvl047 charon: 31[MGR] checkout IKE_SA by message
Mar 11 07:26:54 srvl047 charon: 31[MGR] IKE_SA (unnamed)[65] successfully checked out
Mar 11 07:26:54 srvl047 charon: 31[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500] (2220 bytes)
Mar 11 07:26:54 srvl047 charon: 31[ENC] parsed ID_PROT request 0 [ ID CERT SIG CERTREQ ]
Mar 11 07:26:54 srvl047 charon: 31[IKE] ignoring certificate request without data
Mar 11 07:26:54 srvl047 charon: 31[IKE] received end entity cert "C=DE, O=example AG, OU=TI, CN=ppcm018.ws.example.com"
Mar 11 07:26:54 srvl047 charon: 31[CFG] looking for XAuthInitRSA peer configs matching 10.0.0.17...10.0.0.13[C=DE, O=example AG, OU=TI, CN=ppcm018.ws.example.com]
Mar 11 07:26:54 srvl047 charon: 31[CFG] peer config match local: 1 (ID_ANY)
Mar 11 07:26:54 srvl047 charon: 31[CFG] peer config match remote: 1 (ID_DER_ASN1_DN -> 30:4d:31:0b:30:09:06:03:55:04:06:13:02:44:45:31:12:30:10:06:03:55:04:0a:13:09:61:69:78:69:67:6f:20:41:47:31:0b:30:09:06:03:55:04:0b:13:02:54:49:31:1d:30:1b:06:03:55:04:03:13:14:70:70:63:6d:30:31:38:2e:77:73:2e:61:69:78:69:67:6f:2e:64:65)
Mar 11 07:26:54 srvl047 charon: 31[CFG] ike config match: 0 (10.0.0.17 10.0.0.13 IKEv1)
Mar 11 07:26:54 srvl047 charon: 31[CFG] peer config match local: 1 (ID_ANY)
Mar 11 07:26:54 srvl047 charon: 31[CFG] peer config match remote: 1 (ID_DER_ASN1_DN -> 30:4d:31:0b:30:09:06:03:55:04:06:13:02:44:45:31:12:30:10:06:03:55:04:0a:13:09:61:69:78:69:67:6f:20:41:47:31:0b:30:09:06:03:55:04:0b:13:02:54:49:31:1d:30:1b:06:03:55:04:03:13:14:70:70:63:6d:30:31:38:2e:77:73:2e:61:69:78:69:67:6f:2e:64:65)
Mar 11 07:26:54 srvl047 charon: 31[CFG] ike config match: 0 (10.0.0.17 10.0.0.13 IKEv1)
Mar 11 07:26:54 srvl047 charon: 31[CFG] peer config match local: 1 (ID_ANY)
Mar 11 07:26:54 srvl047 charon: 31[CFG] peer config match remote: 1 (ID_DER_ASN1_DN -> 30:4d:31:0b:30:09:06:03:55:04:06:13:02:44:45:31:12:30:10:06:03:55:04:0a:13:09:61:69:78:69:67:6f:20:41:47:31:0b:30:09:06:03:55:04:0b:13:02:54:49:31:1d:30:1b:06:03:55:04:03:13:14:70:70:63:6d:30:31:38:2e:77:73:2e:61:69:78:69:67:6f:2e:64:65)
Mar 11 07:26:54 srvl047 charon: 31[CFG] ike config match: 1052 (10.0.0.17 10.0.0.13 IKEv1)
Mar 11 07:26:54 srvl047 charon: 31[CFG] candidate "CiscoIPSec", match: 1/1/1052 (me/other/ike)
Mar 11 07:26:54 srvl047 charon: 31[CFG] peer config match local: 1 (ID_ANY)
Mar 11 07:26:54 srvl047 charon: 31[CFG] peer config match remote: 1 (ID_DER_ASN1_DN -> 30:4d:31:0b:30:09:06:03:55:04:06:13:02:44:45:31:12:30:10:06:03:55:04:0a:13:09:61:69:78:69:67:6f:20:41:47:31:0b:30:09:06:03:55:04:0b:13:02:54:49:31:1d:30:1b:06:03:55:04:03:13:14:70:70:63:6d:30:31:38:2e:77:73:2e:61:69:78:69:67:6f:2e:64:65)
Mar 11 07:26:54 srvl047 charon: 31[CFG] ike config match: 1052 (10.0.0.17 10.0.0.13 IKEv1)
Mar 11 07:26:54 srvl047 charon: 31[CFG] candidate "CiscoIPSec-pam", match: 1/1/1052 (me/other/ike)
Mar 11 07:26:54 srvl047 charon: 31[CFG] peer config match local: 1 (ID_ANY)
Mar 11 07:26:54 srvl047 charon: 31[CFG] peer config match remote: 0 (ID_DER_ASN1_DN -> 30:4d:31:0b:30:09:06:03:55:04:06:13:02:44:45:31:12:30:10:06:03:55:04:0a:13:09:61:69:78:69:67:6f:20:41:47:31:0b:30:09:06:03:55:04:0b:13:02:54:49:31:1d:30:1b:06:03:55:04:03:13:14:70:70:63:6d:30:31:38:2e:77:73:2e:61:69:78:69:67:6f:2e:64:65)
Mar 11 07:26:54 srvl047 charon: 31[CFG] ike config match: 0 (10.0.0.17 10.0.0.13 IKEv1)
Mar 11 07:26:54 srvl047 charon: 31[CFG] selected peer config "CiscoIPSec"
Mar 11 07:26:54 srvl047 charon: 31[IKE] HASH_I data => 843 bytes @ 0x7f02b0002180
Mar 11 07:26:54 srvl047 charon: 31[IKE] 0: E1 13 86 4E 0C 81 F1 28 1C 62 A3 5B 74 ED 7C F8 ...N...(.b.[t.|.
Mar 11 07:26:54 srvl047 charon: 31[IKE] 16: 74 1B D3 56 80 0C 9E AE 82 91 9F 3E 14 EB 67 14 t..V.......>..g.
Mar 11 07:26:54 srvl047 charon: 31[IKE] 32: 25 D9 1E 1E 4C 4A 75 36 A6 A3 BE A0 FE 35 8A A9 %...LJu6.....5..
Mar 11 07:26:54 srvl047 charon: 31[IKE] 48: C6 44 74 1F 1B DC 58 90 F1 B4 9B 82 A6 AC 6C 9D .Dt...X.......l.
Mar 11 07:26:54 srvl047 charon: 31[IKE] 64: 27 CB FF 59 79 D8 D3 EA D6 A6 5F 92 FB FF CD 59 '..Yy....._....Y
Mar 11 07:26:54 srvl047 charon: 31[IKE] 80: 82 97 49 3D 9F 95 90 57 57 5D 1F 8C 18 07 A3 BE ..I=...WW]......
Mar 11 07:26:54 srvl047 charon: 31[IKE] 96: E4 B2 B5 A9 E9 50 20 99 8C 59 4D 4D 70 E2 FC AA .....P ..YMMp...
Mar 11 07:26:54 srvl047 charon: 31[IKE] 112: CB ED 2D 61 07 17 98 6A 61 4E 24 1E C1 B3 55 52 ..-a...jaN$...UR
Mar 11 07:26:54 srvl047 charon: 31[IKE] 128: 9D 74 1F 3E 7F 4E 50 4C 73 CF 45 FF 79 5E E4 6C .t.>.NPLs.E.y^.l
Mar 11 07:26:54 srvl047 charon: 31[IKE] 144: 7B E3 FA E0 B0 CD 39 36 32 04 AC 0B 3D 20 15 02 {.....962...= ..
Mar 11 07:26:54 srvl047 charon: 31[IKE] 160: 57 3F 09 E7 76 52 AA D4 1B 51 D2 E0 A4 B9 64 76 W?..vR...Q....dv
Mar 11 07:26:54 srvl047 charon: 31[IKE] 176: C8 50 D2 7E 86 3C F6 D3 AA F9 D7 D3 9F BC D3 82 .P.~.<..........
Mar 11 07:26:54 srvl047 charon: 31[IKE] 192: B9 7C 6A 28 BB EB 95 EB 0E 45 E6 4F D7 E9 3A 9E .|j(.....E.O..:.
Mar 11 07:26:54 srvl047 charon: 31[IKE] 208: 82 BB CC AD 2C E6 67 79 82 A7 52 AF D2 B1 27 03 ....,.gy..R...'.
Mar 11 07:26:54 srvl047 charon: 31[IKE] 224: 0F 7C 95 B2 7E A8 A7 16 08 78 C5 B3 D5 2C F7 09 .|..~....x...,..
Mar 11 07:26:54 srvl047 charon: 31[IKE] 240: E5 2C 58 B4 2A D5 94 2B B8 48 A6 97 2A 39 F4 AB .,X.*..+.H..*9..
Mar 11 07:26:54 srvl047 charon: 31[IKE] 256: 5B DE 0C 18 DA EB 1C A4 C9 80 5B 45 8E AB B2 2F [.........[E.../
Mar 11 07:26:54 srvl047 charon: 31[IKE] 272: 73 D8 EE AA 98 05 E3 8D A5 A2 91 6F A1 F0 36 0B s..........o..6.
Mar 11 07:26:54 srvl047 charon: 31[IKE] 288: D2 6D 11 C7 CB BD 43 47 F5 39 0C FC E7 4B 22 2D .m....CG.9...K"-
Mar 11 07:26:54 srvl047 charon: 31[IKE] 304: 26 03 EB 62 96 0F 89 65 25 ED C5 FC 66 7B 0D 60 &..b...e%...f{.`
Mar 11 07:26:54 srvl047 charon: 31[IKE] 320: EA 34 03 26 1C 28 EA 5B C5 AC 70 59 1A 4D 73 63 .4.&.(.[..pY.Msc
Mar 11 07:26:54 srvl047 charon: 31[IKE] 336: 88 03 D0 6A 08 14 42 A7 F2 ED 8E EB AD 36 56 5A ...j..B......6VZ
Mar 11 07:26:54 srvl047 charon: 31[IKE] 352: 4A 53 5F F2 E0 59 4F 6D BA 60 18 DE 9C BC BA D0 JS_..YOm.`......
Mar 11 07:26:54 srvl047 charon: 31[IKE] 368: D5 F9 0A D3 21 33 36 3A A3 27 60 2E 3E C5 44 C2 ....!36:.'`.>.D.
Mar 11 07:26:54 srvl047 charon: 31[IKE] 384: 0C 87 40 47 A7 29 03 0F 9F C5 44 A7 3A D5 22 AA .. at G.)....D.:.".
Mar 11 07:26:54 srvl047 charon: 31[IKE] 400: 00 00 00 01 00 00 00 01 00 00 01 60 01 01 00 0A ...........`....
Mar 11 07:26:54 srvl047 charon: 31[IKE] 416: 03 00 00 24 01 01 00 00 80 0B 00 01 80 0C 0E 10 ...$............
Mar 11 07:26:54 srvl047 charon: 31[IKE] 432: 80 01 00 07 80 0E 01 00 80 03 FD ED 80 02 00 02 ................
Mar 11 07:26:54 srvl047 charon: 31[IKE] 448: 80 04 00 05 03 00 00 24 02 01 00 00 80 0B 00 01 .......$........
Mar 11 07:26:54 srvl047 charon: 31[IKE] 464: 80 0C 0E 10 80 01 00 07 80 0E 01 00 80 03 FD ED ................
Mar 11 07:26:54 srvl047 charon: 31[IKE] 480: 80 02 00 02 80 04 00 02 03 00 00 24 03 01 00 00 ...........$....
Mar 11 07:26:54 srvl047 charon: 31[IKE] 496: 80 0B 00 01 80 0C 0E 10 80 01 00 07 80 0E 00 80 ................
Mar 11 07:26:54 srvl047 charon: 31[IKE] 512: 80 03 FD ED 80 02 00 02 80 04 00 02 03 00 00 24 ...............$
Mar 11 07:26:54 srvl047 charon: 31[IKE] 528: 04 01 00 00 80 0B 00 01 80 0C 0E 10 80 01 00 07 ................
Mar 11 07:26:54 srvl047 charon: 31[IKE] 544: 80 0E 01 00 80 03 FD ED 80 02 00 01 80 04 00 05 ................
Mar 11 07:26:54 srvl047 charon: 31[IKE] 560: 03 00 00 24 05 01 00 00 80 0B 00 01 80 0C 0E 10 ...$............
Mar 11 07:26:54 srvl047 charon: 31[IKE] 576: 80 01 00 07 80 0E 01 00 80 03 FD ED 80 02 00 01 ................
Mar 11 07:26:54 srvl047 charon: 31[IKE] 592: 80 04 00 02 03 00 00 24 06 01 00 00 80 0B 00 01 .......$........
Mar 11 07:26:54 srvl047 charon: 31[IKE] 608: 80 0C 0E 10 80 01 00 07 80 0E 00 80 80 03 FD ED ................
Mar 11 07:26:54 srvl047 charon: 31[IKE] 624: 80 02 00 01 80 04 00 02 03 00 00 20 07 01 00 00 ........... ....
Mar 11 07:26:54 srvl047 charon: 31[IKE] 640: 80 0B 00 01 80 0C 0E 10 80 01 00 05 80 03 FD ED ................
Mar 11 07:26:54 srvl047 charon: 31[IKE] 656: 80 02 00 02 80 04 00 02 03 00 00 20 08 01 00 00 ........... ....
Mar 11 07:26:54 srvl047 charon: 31[IKE] 672: 80 0B 00 01 80 0C 0E 10 80 01 00 05 80 03 FD ED ................
Mar 11 07:26:54 srvl047 charon: 31[IKE] 688: 80 02 00 01 80 04 00 02 03 00 00 20 09 01 00 00 ........... ....
Mar 11 07:26:54 srvl047 charon: 31[IKE] 704: 80 0B 00 01 80 0C 0E 10 80 01 00 01 80 03 FD ED ................
Mar 11 07:26:54 srvl047 charon: 31[IKE] 720: 80 02 00 02 80 04 00 02 00 00 00 20 0A 01 00 00 ........... ....
Mar 11 07:26:54 srvl047 charon: 31[IKE] 736: 80 0B 00 01 80 0C 0E 10 80 01 00 01 80 03 FD ED ................
Mar 11 07:26:54 srvl047 charon: 31[IKE] 752: 80 02 00 01 80 04 00 02 09 00 00 00 30 4D 31 0B ............0M1.
Mar 11 07:26:54 srvl047 charon: 31[IKE] 768: 30 09 06 03 55 04 06 13 02 44 45 31 12 30 10 06 0...U....DE1.0..
Mar 11 07:26:54 srvl047 charon: 31[IKE] 784: 03 55 04 0A 13 09 61 69 78 69 67 6F 20 41 47 31 .U....example AG1
Mar 11 07:26:54 srvl047 charon: 31[IKE] 800: 0B 30 09 06 03 55 04 0B 13 02 54 49 31 1D 30 1B .0...U....TI1.0.
Mar 11 07:26:54 srvl047 charon: 31[IKE] 816: 06 03 55 04 03 13 14 70 70 63 6D 30 31 38 2E 77 ..U....ppcm018.w
Mar 11 07:26:54 srvl047 charon: 31[IKE] 832: 73 2E 61 69 78 69 67 6F 2E 64 65 s.example.com
Mar 11 07:26:54 srvl047 charon: 31[IKE] HASH_I => 20 bytes @ 0x7f02b0002140
Mar 11 07:26:54 srvl047 charon: 31[IKE] 0: 02 EB 33 11 16 E1 7A 7D 2E D5 91 12 32 46 BC D8 ..3...z}....2F..
Mar 11 07:26:54 srvl047 charon: 31[IKE] 16: B4 67 4C 1E .gL.
Mar 11 07:26:54 srvl047 charon: 31[CFG] using certificate "C=DE, O=example AG, OU=TI, CN=ppcm018.ws.example.com"
Mar 11 07:26:54 srvl047 charon: 31[CFG] certificate "C=DE, O=example AG, OU=TI, CN=ppcm018.ws.example.com" key: 2048 bit RSA
Mar 11 07:26:54 srvl047 charon: 31[CFG] using trusted intermediate ca certificate "C=DE, O=example AG, OU=example Certificate Authority, CN=ws-example-CA"
Mar 11 07:26:54 srvl047 charon: 31[CFG] checking certificate status of "C=DE, O=example AG, OU=TI, CN=ppcm018.ws.example.com"
Mar 11 07:26:54 srvl047 charon: 31[CFG] ocsp check skipped, no ocsp found
Mar 11 07:26:54 srvl047 charon: 31[CFG] certificate "C=DE, O=example AG, OU=example Certificate Authority, CN=ws-example-CA" key: 4096 bit RSA
Mar 11 07:26:54 srvl047 charon: 31[CFG] using trusted ca certificate "C=DE, O=example AG, OU=example Certificate Authority, CN=example Root CA"
Mar 11 07:26:54 srvl047 charon: 31[CFG] certificate "C=DE, O=example AG, OU=example Certificate Authority, CN=example Root CA" key: 4096 bit RSA
Mar 11 07:26:54 srvl047 charon: 31[CFG] reached self-signed root ca with a path length of 0
Mar 11 07:26:54 srvl047 charon: 31[CFG] using trusted certificate "C=DE, O=example AG, OU=example Certificate Authority, CN=ws-example-CA"
Mar 11 07:26:54 srvl047 charon: 31[CFG] crl correctly signed by "C=DE, O=example AG, OU=example Certificate Authority, CN=ws-example-CA"
Mar 11 07:26:54 srvl047 charon: 31[CFG] crl is valid: until Mar 15 08:42:47 2016
Mar 11 07:26:54 srvl047 charon: 31[CFG] using cached crl
Mar 11 07:26:54 srvl047 charon: 31[CFG] certificate "C=DE, O=example AG, OU=example Certificate Authority, CN=ws-example-CA" key: 4096 bit RSA
Mar 11 07:26:54 srvl047 charon: 31[CFG] using trusted ca certificate "C=DE, O=example AG, OU=example Certificate Authority, CN=example Root CA"
Mar 11 07:26:54 srvl047 charon: 31[CFG] certificate "C=DE, O=example AG, OU=example Certificate Authority, CN=example Root CA" key: 4096 bit RSA
Mar 11 07:26:54 srvl047 charon: 31[CFG] reached self-signed root ca with a path length of 0
Mar 11 07:26:54 srvl047 charon: 31[CFG] using trusted certificate "C=DE, O=example AG, OU=example Certificate Authority, CN=ws-example-CA"
Mar 11 07:26:54 srvl047 charon: 31[CFG] crl correctly signed by "C=DE, O=example AG, OU=example Certificate Authority, CN=ws-example-CA"
Mar 11 07:26:54 srvl047 charon: 31[CFG] crl is valid: until Mar 11 08:42:47 2016
Mar 11 07:26:54 srvl047 charon: 31[CFG] using cached crl
Mar 11 07:26:54 srvl047 charon: 31[CFG] certificate status is good
Mar 11 07:26:54 srvl047 charon: 31[CFG] certificate "C=DE, O=example AG, OU=example Certificate Authority, CN=ws-example-CA" key: 4096 bit RSA
Mar 11 07:26:54 srvl047 charon: 31[CFG] using trusted ca certificate "C=DE, O=example AG, OU=example Certificate Authority, CN=example Root CA"
Mar 11 07:26:54 srvl047 charon: 31[CFG] checking certificate status of "C=DE, O=example AG, OU=example Certificate Authority, CN=ws-example-CA"
Mar 11 07:26:54 srvl047 charon: 31[CFG] ocsp check skipped, no ocsp found
Mar 11 07:26:54 srvl047 charon: 31[CFG] using trusted certificate "C=DE, O=example AG, OU=example Certificate Authority, CN=example Root CA"
Mar 11 07:26:54 srvl047 charon: 31[CFG] crl correctly signed by "C=DE, O=example AG, OU=example Certificate Authority, CN=example Root CA"
Mar 11 07:26:54 srvl047 charon: 31[CFG] crl is valid: until Dec 20 11:33:09 2045
Mar 11 07:26:54 srvl047 charon: 31[CFG] using cached crl
Mar 11 07:26:54 srvl047 charon: 31[CFG] certificate status is good
Mar 11 07:26:54 srvl047 charon: 31[CFG] certificate "C=DE, O=example AG, OU=example Certificate Authority, CN=example Root CA" key: 4096 bit RSA
Mar 11 07:26:54 srvl047 charon: 31[CFG] reached self-signed root ca with a path length of 1
Mar 11 07:26:54 srvl047 charon: 31[IKE] authentication of 'C=DE, O=example AG, OU=TI, CN=ppcm018.ws.example.com' with RSA successful
Mar 11 07:26:54 srvl047 charon: 31[IKE] HASH_R data => 783 bytes @ 0x7f02b0002b10
Mar 11 07:26:54 srvl047 charon: 31[IKE] 0: B9 7C 6A 28 BB EB 95 EB 0E 45 E6 4F D7 E9 3A 9E .|j(.....E.O..:.
Mar 11 07:26:54 srvl047 charon: 31[IKE] 16: 82 BB CC AD 2C E6 67 79 82 A7 52 AF D2 B1 27 03 ....,.gy..R...'.
Mar 11 07:26:54 srvl047 charon: 31[IKE] 32: 0F 7C 95 B2 7E A8 A7 16 08 78 C5 B3 D5 2C F7 09 .|..~....x...,..
Mar 11 07:26:54 srvl047 charon: 31[IKE] 48: E5 2C 58 B4 2A D5 94 2B B8 48 A6 97 2A 39 F4 AB .,X.*..+.H..*9..
Mar 11 07:26:54 srvl047 charon: 31[IKE] 64: 5B DE 0C 18 DA EB 1C A4 C9 80 5B 45 8E AB B2 2F [.........[E.../
Mar 11 07:26:54 srvl047 charon: 31[IKE] 80: 73 D8 EE AA 98 05 E3 8D A5 A2 91 6F A1 F0 36 0B s..........o..6.
Mar 11 07:26:54 srvl047 charon: 31[IKE] 96: D2 6D 11 C7 CB BD 43 47 F5 39 0C FC E7 4B 22 2D .m....CG.9...K"-
Mar 11 07:26:54 srvl047 charon: 31[IKE] 112: 26 03 EB 62 96 0F 89 65 25 ED C5 FC 66 7B 0D 60 &..b...e%...f{.`
Mar 11 07:26:54 srvl047 charon: 31[IKE] 128: EA 34 03 26 1C 28 EA 5B C5 AC 70 59 1A 4D 73 63 .4.&.(.[..pY.Msc
Mar 11 07:26:54 srvl047 charon: 31[IKE] 144: 88 03 D0 6A 08 14 42 A7 F2 ED 8E EB AD 36 56 5A ...j..B......6VZ
Mar 11 07:26:54 srvl047 charon: 31[IKE] 160: 4A 53 5F F2 E0 59 4F 6D BA 60 18 DE 9C BC BA D0 JS_..YOm.`......
Mar 11 07:26:54 srvl047 charon: 31[IKE] 176: D5 F9 0A D3 21 33 36 3A A3 27 60 2E 3E C5 44 C2 ....!36:.'`.>.D.
Mar 11 07:26:54 srvl047 charon: 31[IKE] 192: E1 13 86 4E 0C 81 F1 28 1C 62 A3 5B 74 ED 7C F8 ...N...(.b.[t.|.
Mar 11 07:26:54 srvl047 charon: 31[IKE] 208: 74 1B D3 56 80 0C 9E AE 82 91 9F 3E 14 EB 67 14 t..V.......>..g.
Mar 11 07:26:54 srvl047 charon: 31[IKE] 224: 25 D9 1E 1E 4C 4A 75 36 A6 A3 BE A0 FE 35 8A A9 %...LJu6.....5..
Mar 11 07:26:54 srvl047 charon: 31[IKE] 240: C6 44 74 1F 1B DC 58 90 F1 B4 9B 82 A6 AC 6C 9D .Dt...X.......l.
Mar 11 07:26:54 srvl047 charon: 31[IKE] 256: 27 CB FF 59 79 D8 D3 EA D6 A6 5F 92 FB FF CD 59 '..Yy....._....Y
Mar 11 07:26:54 srvl047 charon: 31[IKE] 272: 82 97 49 3D 9F 95 90 57 57 5D 1F 8C 18 07 A3 BE ..I=...WW]......
Mar 11 07:26:54 srvl047 charon: 31[IKE] 288: E4 B2 B5 A9 E9 50 20 99 8C 59 4D 4D 70 E2 FC AA .....P ..YMMp...
Mar 11 07:26:54 srvl047 charon: 31[IKE] 304: CB ED 2D 61 07 17 98 6A 61 4E 24 1E C1 B3 55 52 ..-a...jaN$...UR
Mar 11 07:26:54 srvl047 charon: 31[IKE] 320: 9D 74 1F 3E 7F 4E 50 4C 73 CF 45 FF 79 5E E4 6C .t.>.NPLs.E.y^.l
Mar 11 07:26:54 srvl047 charon: 31[IKE] 336: 7B E3 FA E0 B0 CD 39 36 32 04 AC 0B 3D 20 15 02 {.....962...= ..
Mar 11 07:26:54 srvl047 charon: 31[IKE] 352: 57 3F 09 E7 76 52 AA D4 1B 51 D2 E0 A4 B9 64 76 W?..vR...Q....dv
Mar 11 07:26:54 srvl047 charon: 31[IKE] 368: C8 50 D2 7E 86 3C F6 D3 AA F9 D7 D3 9F BC D3 82 .P.~.<..........
Mar 11 07:26:54 srvl047 charon: 31[IKE] 384: 9F C5 44 A7 3A D5 22 AA 0C 87 40 47 A7 29 03 0F ..D.:."... at G.)..
Mar 11 07:26:54 srvl047 charon: 31[IKE] 400: 00 00 00 01 00 00 00 01 00 00 01 60 01 01 00 0A ...........`....
Mar 11 07:26:54 srvl047 charon: 31[IKE] 416: 03 00 00 24 01 01 00 00 80 0B 00 01 80 0C 0E 10 ...$............
Mar 11 07:26:54 srvl047 charon: 31[IKE] 432: 80 01 00 07 80 0E 01 00 80 03 FD ED 80 02 00 02 ................
Mar 11 07:26:54 srvl047 charon: 31[IKE] 448: 80 04 00 05 03 00 00 24 02 01 00 00 80 0B 00 01 .......$........
Mar 11 07:26:54 srvl047 charon: 31[IKE] 464: 80 0C 0E 10 80 01 00 07 80 0E 01 00 80 03 FD ED ................
Mar 11 07:26:54 srvl047 charon: 31[IKE] 480: 80 02 00 02 80 04 00 02 03 00 00 24 03 01 00 00 ...........$....
Mar 11 07:26:54 srvl047 charon: 31[IKE] 496: 80 0B 00 01 80 0C 0E 10 80 01 00 07 80 0E 00 80 ................
Mar 11 07:26:54 srvl047 charon: 31[IKE] 512: 80 03 FD ED 80 02 00 02 80 04 00 02 03 00 00 24 ...............$
Mar 11 07:26:54 srvl047 charon: 31[IKE] 528: 04 01 00 00 80 0B 00 01 80 0C 0E 10 80 01 00 07 ................
Mar 11 07:26:54 srvl047 charon: 31[IKE] 544: 80 0E 01 00 80 03 FD ED 80 02 00 01 80 04 00 05 ................
Mar 11 07:26:54 srvl047 charon: 31[IKE] 560: 03 00 00 24 05 01 00 00 80 0B 00 01 80 0C 0E 10 ...$............
Mar 11 07:26:54 srvl047 charon: 31[IKE] 576: 80 01 00 07 80 0E 01 00 80 03 FD ED 80 02 00 01 ................
Mar 11 07:26:54 srvl047 charon: 31[IKE] 592: 80 04 00 02 03 00 00 24 06 01 00 00 80 0B 00 01 .......$........
Mar 11 07:26:54 srvl047 charon: 31[IKE] 608: 80 0C 0E 10 80 01 00 07 80 0E 00 80 80 03 FD ED ................
Mar 11 07:26:54 srvl047 charon: 31[IKE] 624: 80 02 00 01 80 04 00 02 03 00 00 20 07 01 00 00 ........... ....
Mar 11 07:26:54 srvl047 charon: 31[IKE] 640: 80 0B 00 01 80 0C 0E 10 80 01 00 05 80 03 FD ED ................
Mar 11 07:26:54 srvl047 charon: 31[IKE] 656: 80 02 00 02 80 04 00 02 03 00 00 20 08 01 00 00 ........... ....
Mar 11 07:26:54 srvl047 charon: 31[IKE] 672: 80 0B 00 01 80 0C 0E 10 80 01 00 05 80 03 FD ED ................
Mar 11 07:26:54 srvl047 charon: 31[IKE] 688: 80 02 00 01 80 04 00 02 03 00 00 20 09 01 00 00 ........... ....
Mar 11 07:26:54 srvl047 charon: 31[IKE] 704: 80 0B 00 01 80 0C 0E 10 80 01 00 01 80 03 FD ED ................
Mar 11 07:26:54 srvl047 charon: 31[IKE] 720: 80 02 00 02 80 04 00 02 00 00 00 20 0A 01 00 00 ........... ....
Mar 11 07:26:54 srvl047 charon: 31[IKE] 736: 80 0B 00 01 80 0C 0E 10 80 01 00 01 80 03 FD ED ................
Mar 11 07:26:54 srvl047 charon: 31[IKE] 752: 80 02 00 01 80 04 00 02 02 00 00 00 73 74 61 72 ............star
Mar 11 07:26:54 srvl047 charon: 31[IKE] 768: 67 61 74 65 2E 61 69 78 69 67 6F 2E 63 6F 6D gate.example.com
Mar 11 07:26:54 srvl047 charon: 31[IKE] HASH_R => 20 bytes @ 0x7f02b0001b00
Mar 11 07:26:54 srvl047 charon: 31[IKE] 0: DD DC 88 22 22 13 E2 A0 63 30 FC B8 1A A3 74 F0 ...""...c0....t.
Mar 11 07:26:54 srvl047 charon: 31[IKE] 16: CB 4C 27 9F .L'.
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] 16: 8D 72 B9 9D .r..
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] remote host is behind NAT
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] sending cert request for "C=DE, O=example AG, OU=example Certificate Authority, CN=example Root CA"
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] sending cert request for "C=DE, ST=NRW, L=Aachen, O=example AG, OU=TI, CN=IPsec_ca, E=security at example.com"
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] sending cert request for "C=DE, O=example AG, OU=example Certificate Authority, CN=ws-example-CA"
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] natd_chunk => 22 bytes @ 0x7f032b56bb90
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] 0: 0C 87 40 47 A7 29 03 0F 9F C5 44 A7 3A D5 22 AA .. at G.)....D.:.".
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] 16: 05 91 8E 0D F6 B4 ......
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] natd_hash => 20 bytes @ 0x7f02dc001020
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] 0: 8D 42 AF 0B 6E 5B 77 B3 34 58 6B 05 E6 9C EC 2D .B..n[w.4Xk....-
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] 16: 4F B1 96 2D O..-
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] natd_chunk => 22 bytes @ 0x7f032b56bb90
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] 0: 0C 87 40 47 A7 29 03 0F 9F C5 44 A7 3A D5 22 AA .. at G.)....D.:.".
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] 16: 05 91 8E 11 01 F4 ......
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] natd_hash => 20 bytes @ 0x7f02dc003190
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] 0: 2C C0 6E C8 43 91 35 32 0F 36 90 D9 F9 C6 AF B7 ,.n.C.52.6......
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[IKE] 16: FD 9A 86 2A ...*
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[ENC] generating ID_PROT response 0 [ KE No CERTREQ CERTREQ CERTREQ NAT-D NAT-D ]
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[NET] sending packet: from 10.0.0.17[500] to 10.0.0.13[63156] (653 bytes)
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[MGR] checkin IKE_SA (unnamed)[65]
Mar 11 07:26:54 srvl047 ipsec[11514]: 03[NET] sending packet: from 10.0.0.17[500] to 10.0.0.13[63156]
Mar 11 07:26:54 srvl047 ipsec[11514]: 15[MGR] check-in of IKE_SA successful.
Mar 11 07:26:54 srvl047 ipsec[11514]: 02[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500]
Mar 11 07:26:54 srvl047 ipsec[11514]: 02[NET] waiting for data on sockets
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[MGR] checkout IKE_SA by message
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[MGR] IKE_SA (unnamed)[65] successfully checked out
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500] (2220 bytes)
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[ENC] parsed ID_PROT request 0 [ ID CERT SIG CERTREQ ]
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] ignoring certificate request without data
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] received end entity cert "C=DE, O=example AG, OU=TI, CN=ppcm018.ws.example.com"
Mar 11 07:26:54 srvl047 charon: 31[IKE] authentication of 'gate1.example.com' (myself) successful
Mar 11 07:26:54 srvl047 charon: 31[IKE] queueing XAUTH task
Mar 11 07:26:54 srvl047 charon: 31[IKE] sending end entity cert "C=DE, ST=NRW, L=Aachen, O=example AG, CN=gate1.example.com/emailAddress=security at example.com"
Mar 11 07:26:54 srvl047 charon: 31[IKE] sending issuer cert "C=DE, O=example AG, OU=example Certificate Authority, CN=ws-example-CA"
Mar 11 07:26:54 srvl047 charon: 31[ENC] generating ID_PROT response 0 [ ID CERT CERT SIG ]
Mar 11 07:26:54 srvl047 charon: 31[NET] sending packet: from 10.0.0.17[4500] to 10.0.0.13[52555] (3708 bytes)
Mar 11 07:26:54 srvl047 charon: 31[IKE] activating new tasks
Mar 11 07:26:54 srvl047 charon: 03[NET] sending packet: from 10.0.0.17[4500] to 10.0.0.13[52555]
Mar 11 07:26:54 srvl047 charon: 31[IKE] activating XAUTH task
Mar 11 07:26:54 srvl047 charon: 31[IKE] Hash => 20 bytes @ 0x7f02b0001880
Mar 11 07:26:54 srvl047 charon: 31[IKE] 0: AB 86 B7 D1 CF 49 A0 E1 F9 1C D4 9F 94 2D C3 5D .....I.......-.]
Mar 11 07:26:54 srvl047 charon: 31[IKE] 16: 84 9C 36 94 ..6.
Mar 11 07:26:54 srvl047 charon: 31[ENC] generating TRANSACTION request 3253509257 [ HASH CPRQ(X_USER X_PWD) ]
Mar 11 07:26:54 srvl047 charon: 31[NET] sending packet: from 10.0.0.17[4500] to 10.0.0.13[52555] (76 bytes)
Mar 11 07:26:54 srvl047 charon: 03[NET] sending packet: from 10.0.0.17[4500] to 10.0.0.13[52555]
Mar 11 07:26:54 srvl047 charon: 31[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:26:54 srvl047 charon: 31[MGR] check-in of IKE_SA successful.
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[CFG] looking for XAuthInitRSA peer configs matching 10.0.0.17...10.0.0.13[C=DE, O=example AG, OU=TI, CN=ppcm018.ws.example.com]
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[CFG] peer config match local: 1 (ID_ANY)
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[CFG] peer config match remote: 1 (ID_DER_ASN1_DN -> 30:4d:31:0b:30:09:06:03:55:04:06:13:02:44:45:31:12:30:10:06:03:55:04:0a:13:09:61:69:78:69:67:6f:20:41:47:31:0b:30:09:06:03:55:04:0b:13:02:54:49:31:1d:30:1b:06:03:55:04:03:13:14:70:70:63:6d:30:31:38:2e:77:73:2e:61:69:78:69:67:6f:2e:64:65)
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[CFG] ike config match: 0 (10.0.0.17 10.0.0.13 IKEv1)
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[CFG] peer config match local: 1 (ID_ANY)
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[CFG] peer config match remote: 1 (ID_DER_ASN1_DN -> 30:4d:31:0b:30:09:06:03:55:04:06:13:02:44:45:31:12:30:10:06:03:55:04:0a:13:09:61:69:78:69:67:6f:20:41:47:31:0b:30:09:06:03:55:04:0b:13:02:54:49:31:1d:30:1b:06:03:55:04:03:13:14:70:70:63:6d:30:31:38:2e:77:73:2e:61:69:78:69:67:6f:2e:64:65)
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[CFG] ike config match: 0 (10.0.0.17 10.0.0.13 IKEv1)
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[CFG] peer config match local: 1 (ID_ANY)
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[CFG] peer config match remote: 1 (ID_DER_ASN1_DN -> 30:4d:31:0b:30:09:06:03:55:04:06:13:02:44:45:31:12:30:10:06:03:55:04:0a:13:09:61:69:78:69:67:6f:20:41:47:31:0b:30:09:06:03:55:04:0b:13:02:54:49:31:1d:30:1b:06:03:55:04:03:13:14:70:70:63:6d:30:31:38:2e:77:73:2e:61:69:78:69:67:6f:2e:64:65)
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[CFG] ike config match: 1052 (10.0.0.17 10.0.0.13 IKEv1)
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[CFG] candidate "CiscoIPSec", match: 1/1/1052 (me/other/ike)
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[CFG] peer config match local: 1 (ID_ANY)
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[CFG] peer config match remote: 1 (ID_DER_ASN1_DN -> 30:4d:31:0b:30:09:06:03:55:04:06:13:02:44:45:31:12:30:10:06:03:55:04:0a:13:09:61:69:78:69:67:6f:20:41:47:31:0b:30:09:06:03:55:04:0b:13:02:54:49:31:1d:30:1b:06:03:55:04:03:13:14:70:70:63:6d:30:31:38:2e:77:73:2e:61:69:78:69:67:6f:2e:64:65)
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[CFG] ike config match: 1052 (10.0.0.17 10.0.0.13 IKEv1)
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[CFG] candidate "CiscoIPSec-pam", match: 1/1/1052 (me/other/ike)
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[CFG] peer config match local: 1 (ID_ANY)
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[CFG] peer config match remote: 0 (ID_DER_ASN1_DN -> 30:4d:31:0b:30:09:06:03:55:04:06:13:02:44:45:31:12:30:10:06:03:55:04:0a:13:09:61:69:78:69:67:6f:20:41:47:31:0b:30:09:06:03:55:04:0b:13:02:54:49:31:1d:30:1b:06:03:55:04:03:13:14:70:70:63:6d:30:31:38:2e:77:73:2e:61:69:78:69:67:6f:2e:64:65)
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[CFG] ike config match: 0 (10.0.0.17 10.0.0.13 IKEv1)
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[CFG] selected peer config "CiscoIPSec"
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] HASH_I data => 843 bytes @ 0x7f02b0002180
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 0: E1 13 86 4E 0C 81 F1 28 1C 62 A3 5B 74 ED 7C F8 ...N...(.b.[t.|.
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 16: 74 1B D3 56 80 0C 9E AE 82 91 9F 3E 14 EB 67 14 t..V.......>..g.
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 32: 25 D9 1E 1E 4C 4A 75 36 A6 A3 BE A0 FE 35 8A A9 %...LJu6.....5..
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 48: C6 44 74 1F 1B DC 58 90 F1 B4 9B 82 A6 AC 6C 9D .Dt...X.......l.
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 64: 27 CB FF 59 79 D8 D3 EA D6 A6 5F 92 FB FF CD 59 '..Yy....._....Y
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 80: 82 97 49 3D 9F 95 90 57 57 5D 1F 8C 18 07 A3 BE ..I=...WW]......
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 96: E4 B2 B5 A9 E9 50 20 99 8C 59 4D 4D 70 E2 FC AA .....P ..YMMp...
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 112: CB ED 2D 61 07 17 98 6A 61 4E 24 1E C1 B3 55 52 ..-a...jaN$...UR
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 128: 9D 74 1F 3E 7F 4E 50 4C 73 CF 45 FF 79 5E E4 6C .t.>.NPLs.E.y^.l
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 144: 7B E3 FA E0 B0 CD 39 36 32 04 AC 0B 3D 20 15 02 {.....962...= ..
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 160: 57 3F 09 E7 76 52 AA D4 1B 51 D2 E0 A4 B9 64 76 W?..vR...Q....dv
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 176: C8 50 D2 7E 86 3C F6 D3 AA F9 D7 D3 9F BC D3 82 .P.~.<..........
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 192: B9 7C 6A 28 BB EB 95 EB 0E 45 E6 4F D7 E9 3A 9E .|j(.....E.O..:.
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 208: 82 BB CC AD 2C E6 67 79 82 A7 52 AF D2 B1 27 03 ....,.gy..R...'.
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 224: 0F 7C 95 B2 7E A8 A7 16 08 78 C5 B3 D5 2C F7 09 .|..~....x...,..
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 240: E5 2C 58 B4 2A D5 94 2B B8 48 A6 97 2A 39 F4 AB .,X.*..+.H..*9..
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 256: 5B DE 0C 18 DA EB 1C A4 C9 80 5B 45 8E AB B2 2F [.........[E.../
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 272: 73 D8 EE AA 98 05 E3 8D A5 A2 91 6F A1 F0 36 0B s..........o..6.
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 288: D2 6D 11 C7 CB BD 43 47 F5 39 0C FC E7 4B 22 2D .m....CG.9...K"-
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 304: 26 03 EB 62 96 0F 89 65 25 ED C5 FC 66 7B 0D 60 &..b...e%...f{.`
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 320: EA 34 03 26 1C 28 EA 5B C5 AC 70 59 1A 4D 73 63 .4.&.(.[..pY.Msc
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 336: 88 03 D0 6A 08 14 42 A7 F2 ED 8E EB AD 36 56 5A ...j..B......6VZ
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 352: 4A 53 5F F2 E0 59 4F 6D BA 60 18 DE 9C BC BA D0 JS_..YOm.`......
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 368: D5 F9 0A D3 21 33 36 3A A3 27 60 2E 3E C5 44 C2 ....!36:.'`.>.D.
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 384: 0C 87 40 47 A7 29 03 0F 9F C5 44 A7 3A D5 22 AA .. at G.)....D.:.".
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 400: 00 00 00 01 00 00 00 01 00 00 01 60 01 01 00 0A ...........`....
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 416: 03 00 00 24 01 01 00 00 80 0B 00 01 80 0C 0E 10 ...$............
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 432: 80 01 00 07 80 0E 01 00 80 03 FD ED 80 02 00 02 ................
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 448: 80 04 00 05 03 00 00 24 02 01 00 00 80 0B 00 01 .......$........
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 464: 80 0C 0E 10 80 01 00 07 80 0E 01 00 80 03 FD ED ................
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 480: 80 02 00 02 80 04 00 02 03 00 00 24 03 01 00 00 ...........$....
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 496: 80 0B 00 01 80 0C 0E 10 80 01 00 07 80 0E 00 80 ................
Mar 11 07:26:54 srvl047 ipsec[11514]: 31[IKE] 512: 80 03 FD ED 80 02 00 02 80 04 00 02 03 00 00 24 ...............$
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 528: 04 01 00 00 80 0B 00 01 80 0C 0E 10 80 01 00 07 ................
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 544: 80 0E 01 00 80 03 FD ED 80 02 00 01 80 04 00 05 ................
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 560: 03 00 00 24 05 01 00 00 80 0B 00 01 80 0C 0E 10 ...$............
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 576: 80 01 00 07 80 0E 01 00 80 03 FD ED 80 02 00 01 ................
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 592: 80 04 00 02 03 00 00 24 06 01 00 00 80 0B 00 01 .......$........
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 608: 80 0C 0E 10 80 01 00 07 80 0E 00 80 80 03 FD ED ................
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 624: 80 02 00 01 80 04 00 02 03 00 00 20 07 01 00 00 ........... ....
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 640: 80 0B 00 01 80 0C 0E 10 80 01 00 05 80 03 FD ED ................
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 656: 80 02 00 02 80 04 00 02 03 00 00 20 08 01 00 00 ........... ....
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 672: 80 0B 00 01 80 0C 0E 10 80 01 00 05 80 03 FD ED ................
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 688: 80 02 00 01 80 04 00 02 03 00 00 20 09 01 00 00 ........... ....
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 704: 80 0B 00 01 80 0C 0E 10 80 01 00 01 80 03 FD ED ................
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 720: 80 02 00 02 80 04 00 02 00 00 00 20 0A 01 00 00 ........... ....
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 736: 80 0B 00 01 80 0C 0E 10 80 01 00 01 80 03 FD ED ................
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 752: 80 02 00 01 80 04 00 02 09 00 00 00 30 4D 31 0B ............0M1.
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 768: 30 09 06 03 55 04 06 13 02 44 45 31 12 30 10 06 0...U....DE1.0..
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 784: 03 55 04 0A 13 09 61 69 78 69 67 6F 20 41 47 31 .U....example AG1
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 800: 0B 30 09 06 03 55 04 0B 13 02 54 49 31 1D 30 1B .0...U....TI1.0.
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 816: 06 03 55 04 03 13 14 70 70 63 6D 30 31 38 2E 77 ..U....ppcm018.w
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 832: 73 2E 61 69 78 69 67 6F 2E 64 65 s.example.com
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] HASH_I => 20 bytes @ 0x7f02b0002140
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 0: 02 EB 33 11 16 E1 7A 7D 2E D5 91 12 32 46 BC D8 ..3...z}....2F..
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 16: B4 67 4C 1E .gL.
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] using certificate "C=DE, O=example AG, OU=TI, CN=ppcm018.ws.example.com"
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] certificate "C=DE, O=example AG, OU=TI, CN=ppcm018.ws.example.com" key: 2048 bit RSA
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] using trusted intermediate ca certificate "C=DE, O=example AG, OU=example Certificate Authority, CN=ws-example-CA"
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] checking certificate status of "C=DE, O=example AG, OU=TI, CN=ppcm018.ws.example.com"
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] ocsp check skipped, no ocsp found
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] certificate "C=DE, O=example AG, OU=example Certificate Authority, CN=ws-example-CA" key: 4096 bit RSA
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] using trusted ca certificate "C=DE, O=example AG, OU=example Certificate Authority, CN=example Root CA"
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] certificate "C=DE, O=example AG, OU=example Certificate Authority, CN=example Root CA" key: 4096 bit RSA
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] reached self-signed root ca with a path length of 0
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] using trusted certificate "C=DE, O=example AG, OU=example Certificate Authority, CN=ws-example-CA"
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] crl correctly signed by "C=DE, O=example AG, OU=example Certificate Authority, CN=ws-example-CA"
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] crl is valid: until Mar 15 08:42:47 2016
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] using cached crl
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] certificate "C=DE, O=example AG, OU=example Certificate Authority, CN=ws-example-CA" key: 4096 bit RSA
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] using trusted ca certificate "C=DE, O=example AG, OU=example Certificate Authority, CN=example Root CA"
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] certificate "C=DE, O=example AG, OU=example Certificate Authority, CN=example Root CA" key: 4096 bit RSA
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] reached self-signed root ca with a path length of 0
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] using trusted certificate "C=DE, O=example AG, OU=example Certificate Authority, CN=ws-example-CA"
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] crl correctly signed by "C=DE, O=example AG, OU=example Certificate Authority, CN=ws-example-CA"
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] crl is valid: until Mar 11 08:42:47 2016
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] using cached crl
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] certificate status is good
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] certificate "C=DE, O=example AG, OU=example Certificate Authority, CN=ws-example-CA" key: 4096 bit RSA
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] using trusted ca certificate "C=DE, O=example AG, OU=example Certificate Authority, CN=example Root CA"
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] checking certificate status of "C=DE, O=example AG, OU=example Certificate Authority, CN=ws-example-CA"
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] ocsp check skipped, no ocsp found
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] using trusted certificate "C=DE, O=example AG, OU=example Certificate Authority, CN=example Root CA"
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] crl correctly signed by "C=DE, O=example AG, OU=example Certificate Authority, CN=example Root CA"
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] crl is valid: until Dec 20 11:33:09 2045
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] using cached crl
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] certificate status is good
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] certificate "C=DE, O=example AG, OU=example Certificate Authority, CN=example Root CA" key: 4096 bit RSA
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[CFG] reached self-signed root ca with a path length of 1
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] authentication of 'C=DE, O=example AG, OU=TI, CN=ppcm018.ws.example.com' with RSA successful
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] HASH_R data => 783 bytes @ 0x7f02b0002b10
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 0: B9 7C 6A 28 BB EB 95 EB 0E 45 E6 4F D7 E9 3A 9E .|j(.....E.O..:.
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 16: 82 BB CC AD 2C E6 67 79 82 A7 52 AF D2 B1 27 03 ....,.gy..R...'.
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 32: 0F 7C 95 B2 7E A8 A7 16 08 78 C5 B3 D5 2C F7 09 .|..~....x...,..
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 48: E5 2C 58 B4 2A D5 94 2B B8 48 A6 97 2A 39 F4 AB .,X.*..+.H..*9..
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 64: 5B DE 0C 18 DA EB 1C A4 C9 80 5B 45 8E AB B2 2F [.........[E.../
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 80: 73 D8 EE AA 98 05 E3 8D A5 A2 91 6F A1 F0 36 0B s..........o..6.
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 96: D2 6D 11 C7 CB BD 43 47 F5 39 0C FC E7 4B 22 2D .m....CG.9...K"-
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 112: 26 03 EB 62 96 0F 89 65 25 ED C5 FC 66 7B 0D 60 &..b...e%...f{.`
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 128: EA 34 03 26 1C 28 EA 5B C5 AC 70 59 1A 4D 73 63 .4.&.(.[..pY.Msc
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 144: 88 03 D0 6A 08 14 42 A7 F2 ED 8E EB AD 36 56 5A ...j..B......6VZ
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 160: 4A 53 5F F2 E0 59 4F 6D BA 60 18 DE 9C BC BA D0 JS_..YOm.`......
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 176: D5 F9 0A D3 21 33 36 3A A3 27 60 2E 3E C5 44 C2 ....!36:.'`.>.D.
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 192: E1 13 86 4E 0C 81 F1 28 1C 62 A3 5B 74 ED 7C F8 ...N...(.b.[t.|.
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 208: 74 1B D3 56 80 0C 9E AE 82 91 9F 3E 14 EB 67 14 t..V.......>..g.
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 224: 25 D9 1E 1E 4C 4A 75 36 A6 A3 BE A0 FE 35 8A A9 %...LJu6.....5..
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 240: C6 44 74 1F 1B DC 58 90 F1 B4 9B 82 A6 AC 6C 9D .Dt...X.......l.
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 256: 27 CB FF 59 79 D8 D3 EA D6 A6 5F 92 FB FF CD 59 '..Yy....._....Y
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 272: 82 97 49 3D 9F 95 90 57 57 5D 1F 8C 18 07 A3 BE ..I=...WW]......
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 288: E4 B2 B5 A9 E9 50 20 99 8C 59 4D 4D 70 E2 FC AA .....P ..YMMp...
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 304: CB ED 2D 61 07 17 98 6A 61 4E 24 1E C1 B3 55 52 ..-a...jaN$...UR
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 320: 9D 74 1F 3E 7F 4E 50 4C 73 CF 45 FF 79 5E E4 6C .t.>.NPLs.E.y^.l
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 336: 7B E3 FA E0 B0 CD 39 36 32 04 AC 0B 3D 20 15 02 {.....962...= ..
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 352: 57 3F 09 E7 76 52 AA D4 1B 51 D2 E0 A4 B9 64 76 W?..vR...Q....dv
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 368: C8 50 D2 7E 86 3C F6 D3 AA F9 D7 D3 9F BC D3 82 .P.~.<..........
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 384: 9F C5 44 A7 3A D5 22 AA 0C 87 40 47 A7 29 03 0F ..D.:."... at G.)..
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 400: 00 00 00 01 00 00 00 01 00 00 01 60 01 01 00 0A ...........`....
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 416: 03 00 00 24 01 01 00 00 80 0B 00 01 80 0C 0E 10 ...$............
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 432: 80 01 00 07 80 0E 01 00 80 03 FD ED 80 02 00 02 ................
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 448: 80 04 00 05 03 00 00 24 02 01 00 00 80 0B 00 01 .......$........
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 464: 80 0C 0E 10 80 01 00 07 80 0E 01 00 80 03 FD ED ................
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 480: 80 02 00 02 80 04 00 02 03 00 00 24 03 01 00 00 ...........$....
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 496: 80 0B 00 01 80 0C 0E 10 80 01 00 07 80 0E 00 80 ................
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 512: 80 03 FD ED 80 02 00 02 80 04 00 02 03 00 00 24 ...............$
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 528: 04 01 00 00 80 0B 00 01 80 0C 0E 10 80 01 00 07 ................
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 544: 80 0E 01 00 80 03 FD ED 80 02 00 01 80 04 00 05 ................
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 560: 03 00 00 24 05 01 00 00 80 0B 00 01 80 0C 0E 10 ...$............
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 576: 80 01 00 07 80 0E 01 00 80 03 FD ED 80 02 00 01 ................
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 592: 80 04 00 02 03 00 00 24 06 01 00 00 80 0B 00 01 .......$........
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 608: 80 0C 0E 10 80 01 00 07 80 0E 00 80 80 03 FD ED ................
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 624: 80 02 00 01 80 04 00 02 03 00 00 20 07 01 00 00 ........... ....
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 640: 80 0B 00 01 80 0C 0E 10 80 01 00 05 80 03 FD ED ................
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 656: 80 02 00 02 80 04 00 02 03 00 00 20 08 01 00 00 ........... ....
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 672: 80 0B 00 01 80 0C 0E 10 80 01 00 05 80 03 FD ED ................
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 688: 80 02 00 01 80 04 00 02 03 00 00 20 09 01 00 00 ........... ....
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 704: 80 0B 00 01 80 0C 0E 10 80 01 00 01 80 03 FD ED ................
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 720: 80 02 00 02 80 04 00 02 00 00 00 20 0A 01 00 00 ........... ....
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 736: 80 0B 00 01 80 0C 0E 10 80 01 00 01 80 03 FD ED ................
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 752: 80 02 00 01 80 04 00 02 02 00 00 00 73 74 61 72 ............star
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 768: 67 61 74 65 2E 61 69 78 69 67 6F 2E 63 6F 6D gate.example.com
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] HASH_R => 20 bytes @ 0x7f02b0001b00
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 0: DD DC 88 22 22 13 E2 A0 63 30 FC B8 1A A3 74 F0 ...""...c0....t.
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 16: CB 4C 27 9F .L'.
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] authentication of 'gate1.example.com' (myself) successful
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] queueing XAUTH task
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] sending end entity cert "C=DE, ST=NRW, L=Aachen, O=example AG, CN=gate1.example.com/emailAddress=security at example.com"
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] sending issuer cert "C=DE, O=example AG, OU=example Certificate Authority, CN=ws-example-CA"
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[ENC] generating ID_PROT response 0 [ ID CERT CERT SIG ]
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[NET] sending packet: from 10.0.0.17[4500] to 10.0.0.13[52555] (3708 bytes)
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] activating new tasks
Mar 11 07:26:55 srvl047 ipsec[11514]: 03[NET] sending packet: from 10.0.0.17[4500] to 10.0.0.13[52555]
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] activating XAUTH task
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] Hash => 20 bytes @ 0x7f02b0001880
Mar 11 07:26:55 srvl047 charon: 02[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500]
Mar 11 07:26:55 srvl047 charon: 02[NET] waiting for data on sockets
Mar 11 07:26:55 srvl047 charon: 11[MGR] checkout IKE_SA by message
Mar 11 07:26:55 srvl047 charon: 11[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:26:55 srvl047 charon: 11[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500] (92 bytes)
Mar 11 07:26:55 srvl047 charon: 11[ENC] parsed TRANSACTION response 3253509257 [ HASH CPRP(X_USER X_PWD) ]
Mar 11 07:26:55 srvl047 charon: 11[IKE] Hash => 20 bytes @ 0x7f02f0002160
Mar 11 07:26:55 srvl047 charon: 11[IKE] 0: 99 5B 74 02 73 5A A4 45 6D 00 50 34 12 0F 80 88 .[t.sZ.Em.P4....
Mar 11 07:26:55 srvl047 charon: 11[IKE] 16: 1A 15 65 C5 ..e.
Mar 11 07:26:55 srvl047 charon: 11[IKE] XAuth authentication of 'ppcm018' successful
Mar 11 07:26:55 srvl047 charon: 11[IKE] reinitiating already active tasks
Mar 11 07:26:55 srvl047 charon: 11[IKE] XAUTH task
Mar 11 07:26:55 srvl047 charon: 11[IKE] Hash => 20 bytes @ 0x7f02f0000940
Mar 11 07:26:55 srvl047 charon: 11[IKE] 0: 22 31 8B 54 C7 E4 3F 51 C3 02 54 D5 5E 8E 86 09 "1.T..?Q..T.^...
Mar 11 07:26:55 srvl047 charon: 11[IKE] 16: D9 F1 F3 81 ....
Mar 11 07:26:55 srvl047 charon: 11[ENC] generating TRANSACTION request 96377586 [ HASH CPS(X_STATUS) ]
Mar 11 07:26:55 srvl047 charon: 11[NET] sending packet: from 10.0.0.17[4500] to 10.0.0.13[52555] (76 bytes)
Mar 11 07:26:55 srvl047 charon: 11[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:26:55 srvl047 charon: 11[MGR] check-in of IKE_SA successful.
Mar 11 07:26:55 srvl047 charon: 03[NET] sending packet: from 10.0.0.17[4500] to 10.0.0.13[52555]
Mar 11 07:26:55 srvl047 charon: 02[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500]
Mar 11 07:26:55 srvl047 charon: 02[NET] waiting for data on sockets
Mar 11 07:26:55 srvl047 charon: 13[MGR] checkout IKE_SA by message
Mar 11 07:26:55 srvl047 charon: 13[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:26:55 srvl047 charon: 13[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500] (76 bytes)
Mar 11 07:26:55 srvl047 charon: 13[ENC] parsed TRANSACTION response 96377586 [ HASH CPA(X_STATUS) ]
Mar 11 07:26:55 srvl047 charon: 13[IKE] Hash => 20 bytes @ 0x7f02e8000db0
Mar 11 07:26:55 srvl047 charon: 13[IKE] 0: D6 04 06 51 77 2F 20 F2 B7 E5 E3 B4 09 C8 2A 15 ...Qw/ .......*.
Mar 11 07:26:55 srvl047 charon: 13[IKE] 16: 90 7A 15 C5 .z..
Mar 11 07:26:55 srvl047 charon: 13[IKE] IKE_SA CiscoIPSec[65] established between 10.0.0.17[gate1.example.com]...10.0.0.13[C=DE, O=example AG, OU=TI, CN=ppcm018.ws.example.com]
Mar 11 07:26:55 srvl047 charon: 13[IKE] IKE_SA CiscoIPSec[65] state change: CONNECTING => ESTABLISHED
Mar 11 07:26:55 srvl047 charon: 13[IKE] scheduling reauthentication in 9754s
Mar 11 07:26:55 srvl047 charon: 13[IKE] maximum IKE_SA lifetime 10294s
Mar 11 07:26:55 srvl047 charon: 13[IKE] activating new tasks
Mar 11 07:26:55 srvl047 charon: 13[IKE] nothing to initiate
Mar 11 07:26:55 srvl047 charon: 13[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:26:55 srvl047 charon: 13[MGR] check-in of IKE_SA successful.
Mar 11 07:26:55 srvl047 charon: 07[MGR] checkout IKE_SA
Mar 11 07:26:55 srvl047 charon: 07[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:26:55 srvl047 charon: 07[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:26:55 srvl047 charon: 07[MGR] check-in of IKE_SA successful.
Mar 11 07:26:55 srvl047 charon: 02[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500]
Mar 11 07:26:55 srvl047 charon: 02[NET] waiting for data on sockets
Mar 11 07:26:55 srvl047 charon: 06[MGR] checkout IKE_SA by message
Mar 11 07:26:55 srvl047 charon: 06[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:26:55 srvl047 charon: 06[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500] (300 bytes)
Mar 11 07:26:55 srvl047 charon: 06[ENC] parsed QUICK_MODE request 4271440881 [ HASH SA No ID ID ]
Mar 11 07:26:55 srvl047 charon: 06[IKE] Hash(1) => 20 bytes @ 0x7f0308001320
Mar 11 07:26:55 srvl047 charon: 06[IKE] 0: CB D3 B6 FD C4 69 05 86 31 19 3E 4B 9A 3A 6C 53 .....i..1.>K.:lS
Mar 11 07:26:55 srvl047 charon: 06[IKE] 16: 8D 58 0C 04 .X..
Mar 11 07:26:55 srvl047 charon: 06[CFG] looking for a child config for 172.19.96.0/19 === 172.19.97.68/32
Mar 11 07:26:55 srvl047 charon: 06[CFG] proposing traffic selectors for us:
Mar 11 07:26:55 srvl047 charon: 06[CFG] 172.19.96.0/19
Mar 11 07:26:55 srvl047 charon: 06[CFG] proposing traffic selectors for other:
Mar 11 07:26:55 srvl047 charon: 06[CFG] dynamic
Mar 11 07:26:55 srvl047 charon: 06[IKE] no matching CHILD_SA config found
Mar 11 07:26:55 srvl047 charon: 06[IKE] queueing INFORMATIONAL task
Mar 11 07:26:55 srvl047 charon: 06[IKE] activating new tasks
Mar 11 07:26:55 srvl047 charon: 06[IKE] activating INFORMATIONAL task
Mar 11 07:26:55 srvl047 charon: 06[IKE] Hash => 20 bytes @ 0x7f0308007290
Mar 11 07:26:55 srvl047 charon: 06[IKE] 0: D5 F0 2A 1B 3E 64 C1 34 85 72 40 53 03 80 16 7E ..*.>d.4.r at S...~
Mar 11 07:26:55 srvl047 charon: 06[IKE] 16: 70 AA 8F DE p...
Mar 11 07:26:55 srvl047 charon: 06[ENC] generating INFORMATIONAL_V1 request 3506972368 [ HASH N(INVAL_ID) ]
Mar 11 07:26:55 srvl047 charon: 06[NET] sending packet: from 10.0.0.17[4500] to 10.0.0.13[52555] (76 bytes)
Mar 11 07:26:55 srvl047 charon: 06[IKE] activating new tasks
Mar 11 07:26:55 srvl047 charon: 03[NET] sending packet: from 10.0.0.17[4500] to 10.0.0.13[52555]
Mar 11 07:26:55 srvl047 charon: 06[IKE] nothing to initiate
Mar 11 07:26:55 srvl047 charon: 06[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:26:55 srvl047 charon: 06[MGR] check-in of IKE_SA successful.
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 0: AB 86 B7 D1 CF 49 A0 E1 F9 1C D4 9F 94 2D C3 5D .....I.......-.]
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[IKE] 16: 84 9C 36 94 ..6.
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[ENC] generating TRANSACTION request 3253509257 [ HASH CPRQ(X_USER X_PWD) ]
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[NET] sending packet: from 10.0.0.17[4500] to 10.0.0.13[52555] (76 bytes)
Mar 11 07:26:55 srvl047 ipsec[11514]: 03[NET] sending packet: from 10.0.0.17[4500] to 10.0.0.13[52555]
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:26:55 srvl047 ipsec[11514]: 31[MGR] check-in of IKE_SA successful.
Mar 11 07:26:55 srvl047 ipsec[11514]: 02[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500]
Mar 11 07:26:55 srvl047 ipsec[11514]: 02[NET] waiting for data on sockets
Mar 11 07:26:55 srvl047 ipsec[11514]: 11[MGR] checkout IKE_SA by message
Mar 11 07:26:55 srvl047 ipsec[11514]: 11[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:26:55 srvl047 ipsec[11514]: 11[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500] (92 bytes)
Mar 11 07:26:55 srvl047 ipsec[11514]: 11[ENC] parsed TRANSACTION response 3253509257 [ HASH CPRP(X_USER X_PWD) ]
Mar 11 07:26:55 srvl047 ipsec[11514]: 11[IKE] Hash => 20 bytes @ 0x7f02f0002160
Mar 11 07:26:55 srvl047 ipsec[11514]: 11[IKE] 0: 99 5B 74 02 73 5A A4 45 6D 00 50 34 12 0F 80 88 .[t.sZ.Em.P4....
Mar 11 07:26:55 srvl047 ipsec[11514]: 11[IKE] 16: 1A 15 65 C5 ..e.
Mar 11 07:26:55 srvl047 ipsec[11514]: 11[IKE] XAuth authentication of 'ppcm018' successful
Mar 11 07:26:55 srvl047 ipsec[11514]: 11[IKE] reinitiating already active tasks
Mar 11 07:26:55 srvl047 ipsec[11514]: 11[IKE] XAUTH task
Mar 11 07:26:55 srvl047 ipsec[11514]: 11[IKE] Hash => 20 bytes @ 0x7f02f0000940
Mar 11 07:26:55 srvl047 ipsec[11514]: 11[IKE] 0: 22 31 8B 54 C7 E4 3F 51 C3 02 54 D5 5E 8E 86 09 "1.T..?Q..T.^...
Mar 11 07:26:55 srvl047 ipsec[11514]: 11[IKE] 16: D9 F1 F3 81 ....
Mar 11 07:26:55 srvl047 ipsec[11514]: 11[ENC] generating TRANSACTION request 96377586 [ HASH CPS(X_STATUS) ]
Mar 11 07:26:55 srvl047 ipsec[11514]: 11[NET] sending packet: from 10.0.0.17[4500] to 10.0.0.13[52555] (76 bytes)
Mar 11 07:26:55 srvl047 ipsec[11514]: 11[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:26:55 srvl047 ipsec[11514]: 03[NET] sending packet: from 10.0.0.17[4500] to 10.0.0.13[52555]
Mar 11 07:26:55 srvl047 ipsec[11514]: 11[MGR] check-in of IKE_SA successful.
Mar 11 07:26:55 srvl047 ipsec[11514]: 02[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500]
Mar 11 07:26:55 srvl047 ipsec[11514]: 02[NET] waiting for data on sockets
Mar 11 07:26:55 srvl047 ipsec[11514]: 13[MGR] checkout IKE_SA by message
Mar 11 07:26:55 srvl047 ipsec[11514]: 13[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:26:55 srvl047 ipsec[11514]: 13[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500] (76 bytes)
Mar 11 07:26:55 srvl047 ipsec[11514]: 13[ENC] parsed TRANSACTION response 96377586 [ HASH CPA(X_STATUS) ]
Mar 11 07:26:55 srvl047 ipsec[11514]: 13[IKE] Hash => 20 bytes @ 0x7f02e8000db0
Mar 11 07:26:55 srvl047 ipsec[11514]: 13[IKE] 0: D6 04 06 51 77 2F 20 F2 B7 E5 E3 B4 09 C8 2A 15 ...Qw/ .......*.
Mar 11 07:26:55 srvl047 ipsec[11514]: 13[IKE] 16: 90 7A 15 C5 .z..
Mar 11 07:26:55 srvl047 ipsec[11514]: 13[IKE] IKE_SA CiscoIPSec[65] established between 10.0.0.17[gate1.example.com]...10.0.0.13[C=DE, O=example AG, OU=TI, CN=ppcm018.ws.example.com]
Mar 11 07:26:55 srvl047 ipsec[11514]: 13[IKE] IKE_SA CiscoIPSec[65] state change: CONNECTING => ESTABLISHED
Mar 11 07:26:55 srvl047 ipsec[11514]: 13[IKE] scheduling reauthentication in 9754s
Mar 11 07:26:55 srvl047 ipsec[11514]: 13[IKE] maximum IKE_SA lifetime 10294s
Mar 11 07:26:55 srvl047 ipsec[11514]: 13[IKE] activating new tasks
Mar 11 07:26:55 srvl047 ipsec[11514]: 07[MGR] checkout IKE_SA
Mar 11 07:26:55 srvl047 ipsec[11514]: 13[IKE] nothing to initiate
Mar 11 07:26:55 srvl047 ipsec[11514]: 13[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:26:55 srvl047 ipsec[11514]: 13[MGR] check-in of IKE_SA successful.
Mar 11 07:26:55 srvl047 ipsec[11514]: 07[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:26:55 srvl047 ipsec[11514]: 07[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:26:55 srvl047 ipsec[11514]: 07[MGR] check-in of IKE_SA successful.
Mar 11 07:26:55 srvl047 ipsec[11514]: 02[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500]
Mar 11 07:26:55 srvl047 ipsec[11514]: 02[NET] waiting for data on sockets
Mar 11 07:26:55 srvl047 ipsec[11514]: 06[MGR] checkout IKE_SA by message
Mar 11 07:26:55 srvl047 ipsec[11514]: 06[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:26:55 srvl047 ipsec[11514]: 06[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500] (300 bytes)
Mar 11 07:26:55 srvl047 ipsec[11514]: 06[ENC] parsed QUICK_MODE request 4271440881 [ HASH SA No ID ID ]
Mar 11 07:26:55 srvl047 ipsec[11514]: 06[IKE] Hash(1) => 20 bytes @ 0x7f0308001320
Mar 11 07:26:55 srvl047 ipsec[11514]: 06[IKE] 0: CB D3 B6 FD C4 69 05 86 31 19 3E 4B 9A 3A 6C 53 .....i..1.>K.:lS
Mar 11 07:26:55 srvl047 ipsec[11514]: 06[IKE] 16: 8D 58 0C 04 .X..
Mar 11 07:26:55 srvl047 ipsec[11514]: 06[CFG] looking for a child config for 172.19.96.0/19 === 172.19.97.68/32
Mar 11 07:26:55 srvl047 ipsec[11514]: 06[CFG] proposing traffic selectors for us:
Mar 11 07:26:55 srvl047 ipsec[11514]: 06[CFG] 172.19.96.0/19
Mar 11 07:26:55 srvl047 ipsec[11514]: 06[CFG] proposing traffic selectors for other:
Mar 11 07:26:55 srvl047 ipsec[11514]: 06[CFG] dynamic
Mar 11 07:26:55 srvl047 ipsec[11514]: 06[IKE] no matching CHILD_SA config found
Mar 11 07:26:55 srvl047 ipsec[11514]: 06[IKE] queueing INFORMATIONAL task
Mar 11 07:26:55 srvl047 ipsec[11514]: 06[IKE] activating new tasks
Mar 11 07:26:55 srvl047 ipsec[11514]: 06[IKE] activating INFORMATIONAL task
Mar 11 07:26:55 srvl047 ipsec[11514]: 06[IKE] Hash => 20 bytes @ 0x7f0308007290
Mar 11 07:26:55 srvl047 ipsec[11514]: 06[IKE] 0: D5 F0 2A 1B 3E 64 C1 34 85 72 40 53 03 80 16 7E ..*.>d.4.r at S...~
Mar 11 07:26:55 srvl047 ipsec[11514]: 06[IKE] 16: 70 AA 8F DE p...
Mar 11 07:26:55 srvl047 ipsec[11514]: 06[ENC] generating INFORMATIONAL_V1 request 3506972368 [ HASH N(INVAL_ID) ]
Mar 11 07:26:55 srvl047 ipsec[11514]: 06[NET] sending packet: from 10.0.0.17[4500] to 10.0.0.13[52555] (76 bytes)
Mar 11 07:26:58 srvl047 charon: 29[MGR] checkout IKE_SA
Mar 11 07:26:58 srvl047 charon: 29[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:26:58 srvl047 charon: 29[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:26:58 srvl047 charon: 29[MGR] check-in of IKE_SA successful.
Mar 11 07:26:59 srvl047 charon: 02[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500]
Mar 11 07:26:59 srvl047 charon: 02[NET] waiting for data on sockets
Mar 11 07:26:59 srvl047 charon: 15[MGR] checkout IKE_SA by message
Mar 11 07:26:59 srvl047 charon: 15[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:26:59 srvl047 charon: 15[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500] (300 bytes)
Mar 11 07:26:59 srvl047 charon: 15[IKE] received retransmit of request with ID 4271440881, but no response to retransmit
Mar 11 07:26:59 srvl047 charon: 15[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:26:59 srvl047 charon: 15[MGR] check-in of IKE_SA successful.
Mar 11 07:26:59 srvl047 charon: 31[MGR] checkout IKE_SA
Mar 11 07:26:59 srvl047 charon: 31[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:26:59 srvl047 charon: 31[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:26:59 srvl047 charon: 31[MGR] check-in of IKE_SA successful.
Mar 11 07:27:02 srvl047 charon: 02[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500]
Mar 11 07:27:02 srvl047 charon: 02[NET] waiting for data on sockets
Mar 11 07:27:02 srvl047 charon: 19[MGR] checkout IKE_SA by message
Mar 11 07:27:02 srvl047 charon: 19[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:27:02 srvl047 charon: 19[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500] (300 bytes)
Mar 11 07:27:02 srvl047 charon: 19[IKE] received retransmit of request with ID 4271440881, but no response to retransmit
Mar 11 07:27:02 srvl047 charon: 19[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:27:02 srvl047 charon: 19[MGR] check-in of IKE_SA successful.
Mar 11 07:27:05 srvl047 charon: 02[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500]
Mar 11 07:27:05 srvl047 charon: 02[NET] waiting for data on sockets
Mar 11 07:27:05 srvl047 charon: 12[MGR] checkout IKE_SA by message
Mar 11 07:27:05 srvl047 charon: 12[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:27:05 srvl047 charon: 12[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500] (300 bytes)
Mar 11 07:27:05 srvl047 charon: 12[IKE] received retransmit of request with ID 4271440881, but no response to retransmit
Mar 11 07:27:05 srvl047 charon: 12[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:27:05 srvl047 charon: 12[MGR] check-in of IKE_SA successful.
Mar 11 07:27:08 srvl047 charon: 02[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500]
Mar 11 07:27:08 srvl047 charon: 02[NET] waiting for data on sockets
Mar 11 07:27:08 srvl047 charon: 10[MGR] checkout IKE_SA by message
Mar 11 07:27:08 srvl047 charon: 10[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:27:08 srvl047 charon: 10[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500] (300 bytes)
Mar 11 07:27:08 srvl047 charon: 10[IKE] received retransmit of request with ID 4271440881, but no response to retransmit
Mar 11 07:27:08 srvl047 charon: 10[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:27:08 srvl047 charon: 10[MGR] check-in of IKE_SA successful.
Mar 11 07:27:11 srvl047 charon: 02[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500]
Mar 11 07:27:11 srvl047 charon: 02[NET] waiting for data on sockets
Mar 11 07:27:11 srvl047 charon: 22[MGR] checkout IKE_SA by message
Mar 11 07:27:11 srvl047 charon: 22[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:27:11 srvl047 charon: 22[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500] (300 bytes)
Mar 11 07:27:11 srvl047 charon: 22[IKE] received retransmit of request with ID 4271440881, but no response to retransmit
Mar 11 07:27:11 srvl047 charon: 22[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:27:11 srvl047 charon: 22[MGR] check-in of IKE_SA successful.
Mar 11 07:27:14 srvl047 charon: 02[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500]
Mar 11 07:27:14 srvl047 charon: 02[NET] waiting for data on sockets
Mar 11 07:27:14 srvl047 charon: 22[MGR] checkout IKE_SA by message
Mar 11 07:27:14 srvl047 charon: 22[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:27:14 srvl047 charon: 22[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500] (300 bytes)
Mar 11 07:27:14 srvl047 charon: 22[IKE] received retransmit of request with ID 4271440881, but no response to retransmit
Mar 11 07:27:14 srvl047 charon: 22[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:27:14 srvl047 charon: 22[MGR] check-in of IKE_SA successful.
Mar 11 07:27:17 srvl047 charon: 02[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500]
Mar 11 07:27:17 srvl047 charon: 02[NET] waiting for data on sockets
Mar 11 07:27:17 srvl047 charon: 08[MGR] checkout IKE_SA by message
Mar 11 07:27:17 srvl047 charon: 08[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:27:17 srvl047 charon: 08[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500] (300 bytes)
Mar 11 07:27:17 srvl047 charon: 08[IKE] received retransmit of request with ID 4271440881, but no response to retransmit
Mar 11 07:27:17 srvl047 charon: 08[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:27:17 srvl047 charon: 08[MGR] check-in of IKE_SA successful.
Mar 11 07:27:21 srvl047 charon: 02[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500]
Mar 11 07:27:21 srvl047 charon: 02[NET] waiting for data on sockets
Mar 11 07:27:21 srvl047 charon: 28[MGR] checkout IKE_SA by message
Mar 11 07:27:21 srvl047 charon: 28[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:27:21 srvl047 charon: 28[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500] (300 bytes)
Mar 11 07:27:21 srvl047 charon: 28[IKE] received retransmit of request with ID 4271440881, but no response to retransmit
Mar 11 07:27:21 srvl047 charon: 28[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:27:21 srvl047 charon: 28[MGR] check-in of IKE_SA successful.
Mar 11 07:27:24 srvl047 ipsec[11514]: 06[IKE] activating new tasks
Mar 11 07:27:24 srvl047 ipsec[11514]: 03[NET] sending packet: from 10.0.0.17[4500] to 10.0.0.13[52555]
Mar 11 07:27:24 srvl047 ipsec[11514]: 06[IKE] nothing to initiate
Mar 11 07:27:24 srvl047 ipsec[11514]: 06[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:27:24 srvl047 ipsec[11514]: 06[MGR] check-in of IKE_SA successful.
Mar 11 07:27:24 srvl047 ipsec[11514]: 29[MGR] checkout IKE_SA
Mar 11 07:27:24 srvl047 ipsec[11514]: 29[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:27:24 srvl047 ipsec[11514]: 29[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:27:24 srvl047 ipsec[11514]: 29[MGR] check-in of IKE_SA successful.
Mar 11 07:27:24 srvl047 ipsec[11514]: 02[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500]
Mar 11 07:27:24 srvl047 ipsec[11514]: 02[NET] waiting for data on sockets
Mar 11 07:27:24 srvl047 ipsec[11514]: 15[MGR] checkout IKE_SA by message
Mar 11 07:27:24 srvl047 ipsec[11514]: 15[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:27:24 srvl047 ipsec[11514]: 15[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500] (300 bytes)
Mar 11 07:27:24 srvl047 ipsec[11514]: 15[IKE] received retransmit of request with ID 4271440881, but no response to retransmit
Mar 11 07:27:24 srvl047 ipsec[11514]: 15[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:27:24 srvl047 ipsec[11514]: 15[MGR] check-in of IKE_SA successful.
Mar 11 07:27:24 srvl047 ipsec[11514]: 31[MGR] checkout IKE_SA
Mar 11 07:27:24 srvl047 ipsec[11514]: 31[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:27:24 srvl047 ipsec[11514]: 31[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:27:24 srvl047 ipsec[11514]: 31[MGR] check-in of IKE_SA successful.
Mar 11 07:27:24 srvl047 ipsec[11514]: 02[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500]
Mar 11 07:27:24 srvl047 ipsec[11514]: 02[NET] waiting for data on sockets
Mar 11 07:27:24 srvl047 ipsec[11514]: 19[MGR] checkout IKE_SA by message
Mar 11 07:27:24 srvl047 ipsec[11514]: 19[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:27:24 srvl047 ipsec[11514]: 19[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500] (300 bytes)
Mar 11 07:27:24 srvl047 ipsec[11514]: 19[IKE] received retransmit of request with ID 4271440881, but no response to retransmit
Mar 11 07:27:24 srvl047 ipsec[11514]: 19[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:27:24 srvl047 ipsec[11514]: 19[MGR] check-in of IKE_SA successful.
Mar 11 07:27:24 srvl047 ipsec[11514]: 02[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500]
Mar 11 07:27:24 srvl047 ipsec[11514]: 02[NET] waiting for data on sockets
Mar 11 07:27:24 srvl047 ipsec[11514]: 12[MGR] checkout IKE_SA by message
Mar 11 07:27:24 srvl047 ipsec[11514]: 12[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:27:24 srvl047 ipsec[11514]: 12[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500] (300 bytes)
Mar 11 07:27:24 srvl047 ipsec[11514]: 12[IKE] received retransmit of request with ID 4271440881, but no response to retransmit
Mar 11 07:27:24 srvl047 ipsec[11514]: 12[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:27:24 srvl047 ipsec[11514]: 12[MGR] check-in of IKE_SA successful.
Mar 11 07:27:24 srvl047 ipsec[11514]: 02[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500]
Mar 11 07:27:24 srvl047 ipsec[11514]: 02[NET] waiting for data on sockets
Mar 11 07:27:24 srvl047 ipsec[11514]: 10[MGR] checkout IKE_SA by message
Mar 11 07:27:24 srvl047 charon: 02[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500]
Mar 11 07:27:24 srvl047 charon: 02[NET] waiting for data on sockets
Mar 11 07:27:24 srvl047 charon: 29[MGR] checkout IKE_SA by message
Mar 11 07:27:24 srvl047 charon: 29[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:27:24 srvl047 charon: 29[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500] (300 bytes)
Mar 11 07:27:24 srvl047 charon: 29[IKE] received retransmit of request with ID 4271440881, but no response to retransmit
Mar 11 07:27:24 srvl047 charon: 29[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:27:24 srvl047 charon: 29[MGR] check-in of IKE_SA successful.
Mar 11 07:27:24 srvl047 ipsec[11514]: 10[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:27:24 srvl047 ipsec[11514]: 10[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500] (300 bytes)
Mar 11 07:27:24 srvl047 ipsec[11514]: 10[IKE] received retransmit of request with ID 4271440881, but no response to retransmit
Mar 11 07:27:24 srvl047 ipsec[11514]: 10[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:27:24 srvl047 ipsec[11514]: 10[MGR] check-in of IKE_SA successful.
Mar 11 07:27:24 srvl047 ipsec[11514]: 02[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500]
Mar 11 07:27:24 srvl047 ipsec[11514]: 02[NET] waiting for data on sockets
Mar 11 07:27:24 srvl047 ipsec[11514]: 22[MGR] checkout IKE_SA by message
Mar 11 07:27:24 srvl047 ipsec[11514]: 22[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:27:24 srvl047 ipsec[11514]: 22[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500] (300 bytes)
Mar 11 07:27:24 srvl047 ipsec[11514]: 22[IKE] received retransmit of request with ID 4271440881, but no response to retransmit
Mar 11 07:27:24 srvl047 ipsec[11514]: 22[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:27:24 srvl047 ipsec[11514]: 22[MGR] check-in of IKE_SA successful.
Mar 11 07:27:24 srvl047 ipsec[11514]: 02[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500]
Mar 11 07:27:24 srvl047 ipsec[11514]: 02[NET] waiting for data on sockets
Mar 11 07:27:24 srvl047 ipsec[11514]: 22[MGR] checkout IKE_SA by message
Mar 11 07:27:24 srvl047 ipsec[11514]: 22[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:27:24 srvl047 ipsec[11514]: 22[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500] (300 bytes)
Mar 11 07:27:24 srvl047 ipsec[11514]: 22[IKE] received retransmit of request with ID 4271440881, but no response to retransmit
Mar 11 07:27:24 srvl047 ipsec[11514]: 22[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:27:24 srvl047 ipsec[11514]: 22[MGR] check-in of IKE_SA successful.
Mar 11 07:27:24 srvl047 ipsec[11514]: 02[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500]
Mar 11 07:27:24 srvl047 ipsec[11514]: 02[NET] waiting for data on sockets
Mar 11 07:27:24 srvl047 ipsec[11514]: 08[MGR] checkout IKE_SA by message
Mar 11 07:27:24 srvl047 ipsec[11514]: 08[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:27:24 srvl047 ipsec[11514]: 08[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500] (300 bytes)
Mar 11 07:27:24 srvl047 ipsec[11514]: 08[IKE] received retransmit of request with ID 4271440881, but no response to retransmit
Mar 11 07:27:24 srvl047 ipsec[11514]: 08[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:27:24 srvl047 ipsec[11514]: 08[MGR] check-in of IKE_SA successful.
Mar 11 07:27:24 srvl047 ipsec[11514]: 02[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500]
Mar 11 07:27:24 srvl047 ipsec[11514]: 02[NET] waiting for data on sockets
Mar 11 07:27:24 srvl047 ipsec[11514]: 28[MGR] checkout IKE_SA by message
Mar 11 07:27:24 srvl047 ipsec[11514]: 28[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:27:24 srvl047 ipsec[11514]: 28[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500] (300 bytes)
Mar 11 07:27:24 srvl047 ipsec[11514]: 28[IKE] received retransmit of request with ID 4271440881, but no response to retransmit
Mar 11 07:27:24 srvl047 ipsec[11514]: 28[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:27:24 srvl047 ipsec[11514]: 28[MGR] check-in of IKE_SA successful.
Mar 11 07:27:24 srvl047 charon: 11[MGR] checkout IKE_SA
Mar 11 07:27:24 srvl047 charon: 11[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:27:24 srvl047 charon: 11[MGR] checkin IKE_SA CiscoIPSec[65]
Mar 11 07:27:24 srvl047 charon: 11[MGR] check-in of IKE_SA successful.
Mar 11 07:27:24 srvl047 charon: 02[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500]
Mar 11 07:27:24 srvl047 charon: 02[NET] waiting for data on sockets
Mar 11 07:27:24 srvl047 charon: 07[MGR] checkout IKE_SA by message
Mar 11 07:27:24 srvl047 charon: 07[MGR] IKE_SA CiscoIPSec[65] successfully checked out
Mar 11 07:27:24 srvl047 charon: 07[NET] received packet: from 10.0.0.13[52555] to 10.0.0.17[4500] (92 bytes)
Mar 11 07:27:24 srvl047 charon: 07[ENC] parsed INFORMATIONAL_V1 request 3393291886 [ HASH D ]
Mar 11 07:27:24 srvl047 charon: 07[IKE] Hash => 20 bytes @ 0x7f0300003770
Mar 11 07:27:24 srvl047 charon: 07[IKE] 0: 54 9D 83 95 4D 52 F5 4F 31 C9 5B 9E 58 18 22 62 T...MR.O1.[.X."b
Mar 11 07:27:24 srvl047 charon: 07[IKE] 16: 43 CF 51 63 C.Qc
Mar 11 07:27:24 srvl047 charon: 07[IKE] received DELETE for IKE_SA CiscoIPSec[65]
Mar 11 07:27:24 srvl047 charon: 07[IKE] deleting IKE_SA CiscoIPSec[65] between 10.0.0.17[gate1.example.com]...10.0.0.13[C=DE, O=example AG, OU=TI, CN=ppcm018.ws.example.com]
Mar 11 07:27:24 srvl047 charon: 07[IKE] IKE_SA CiscoIPSec[65] state change: ESTABLISHED => DELETING
Mar 11 07:27:24 srvl047 charon: 07[IKE] IKE_SA CiscoIPSec[65] state change: DELETING => DELETING
Mar 11 07:27:24 srvl047 charon: 07[MGR] checkin and destroy IKE_SA CiscoIPSec[65]
Mar 11 07:27:24 srvl047 charon: 07[IKE] IKE_SA CiscoIPSec[65] state change: DELETING => DESTROYING
Mar 11 07:27:24 srvl047 charon: 07[MGR] check-in and destroy of IKE_SA successful
More information about the Users
mailing list