[Feb 11 20:37:33]iked_config_process_config_list, configuration diff complete [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] *** Processing received packet from 192.168.11.11:500 to 192.168.13.13:0 VR 0 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_packet_st_input_start: [8c11800/0] Processing received [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] Failed to find IKEv1 SA for given spi [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_packet_st_input_v1_create_sa: [8c11800/0] No IKE SA for packet; requesting permission to create one. [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] iked_pm_ike_rate_limit: Soft limit for p1 negotiation 100.Current active p1 negotiations 0 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] New connection from 192.168.11.11:500 allowed [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_packet_st_connect_decision: [8c11800/0] Pad allows connection [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_udp_callback_common: Packet from 192.168.11.11:500, use_natt=0 data[0..284] = 66d3e0d1 4604eb50 00000000 00000000 ... [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_get_sa: Start, SA = { 66d3e0d1 4604eb50 - 00000000 00000000 } / 00000000, remote = 192.168.11.11:500 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_get_sa: We are responder and this is initiators first packet [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_cookie_create: Cookie create [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] 00000000: d246 2a04 d4c2 c7e9 .F*..... [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_sa_allocate: Start, SA = { 66d3e0d1 4604eb50 - d2462a04 d4c2c7e9 } [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_udp_callback_common: New SA [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_init_isakmp_sa: Start, remote = 192.168.11.11:500, initiator = 0 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_new_connection: New ISAKMP connection from remote address 192.168.11.11/500 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fallback_negotiation_alloc: Taking reference to fallback negotiation 8c7a800 (now 1 references) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fallback_negotiation_alloc: Allocated fallback negotiation 8c7a800 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_set_thread_debug_info: ikev2_fb_new_connection: set thread debug info - local 192.168.13.13 remote 192.168.11.11 neg 0x8c7a800 neg->ike_sa 0x0 ike_sa 0x0 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_packet_destroy: [8c11800/0] Destructor [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_packet_free: [8c11800/0] Freeing [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_p1_negotiation_allocate_sa: Taking reference to fallback negotiation 8c7a800 (now 2 references) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_set_thread_debug_info: ikev2_fb_p1_negotiation_allocate_sa: set thread debug info - local 192.168.13.13 remote 192.168.11.11 neg 0x8c7a800 neg->ike_sa 0x0 ike_sa 0x0 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_p1_negotiation_wait_sa_done: Suspending until the IKE SA is done (neg 8c7a800) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_st_new_p1_connection_start: FB; Calling v2 policy function ike_sa_allocate [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] iked_pm_p1_sa_alloc: Incremented active p1 negotiations.Current active p1 negotiations 1 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] chassis 0 fpc 0 pic 0 kmd-instance 0 current tunnel id 0 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] Allocated IKE SA index 4488225, ref cnt 0 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] P1 SA 4488225 start timer. timer duration 30, reason 1. [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_ike_sa_allocate_cb: New IKE SA allocated successfully 8c76400 (neg 8c7a800) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ikev2_ike_sa_take_ref: Calling ike_sa_take_ref [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] Taking reference to P1 SA 4488225 to ref count 1 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ikev2_ike_sa_take_ref: Calling ike_sa_take_ref [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] Taking reference to P1 SA 4488225 to ref count 2 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_allocate_exchange_data: Calling exchange_data_alloc [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] iked_pm_ike_exchange_data_alloc: Successfully inserted pm_ed 8c78e00 into list for sa_cfg N/A [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] Exchange data allocated for IKE SA 4488225. VR 65535 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_allocate_exchange_data: Successfully allocated exchange data for SA 8c76400 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_allocate_exchange_data_ike: Allocating IKE exchange data for SA 8c76400 ED 8c95028 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_allocate_exchange_data_ike: Successfully allocated IKE exchange data for SA 8c76400 ED 8c95028 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_allocate_exchange_data_ipsec: Allocating IPsec exchange data for SA 8c76400 ED 8c95028 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_allocate_exchange_data_ipsec: Successfully allocated IPsec exchange data for SA 8c76400 ED 8c95028 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_isakmp_update_responder_cookie: Updating responder IKE cookie [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_isakmp_update_responder_cookie: Original IKE cookie [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] 00000000: d246 2a04 d4c2 c7e9 .F*..... [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_isakmp_update_responder_cookie: New IKE cookie [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] 00000000: 8982 9bbf 324b c708 ....2K.. [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_st_new_p1_connection_local_addresses: Accepting new Phase-1 negotiation: local=192.168.13.13:500, remote=192.168.11.11:500 (neg 8c7a800) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_st_new_p1_connection_local_addresses: FB; Calling v2 policy function get_local_address_list [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fallback_negotiation_free: Fallback negotiation 8c7a800 has still 1 references [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_set_debug_gw_info: ssh_set_debug_gw_info: set gw debug info - local 192.168.13.13 remote 192.168.11.11 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: Start [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: Start, SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708} / 00000000, nego = -1 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: first_payload_type:1. [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: next_payload_type:13. [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: next_payload_type:13. [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: next_payload_type:13. [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: next_payload_type:13. [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: next_payload_type:13. [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: next_payload_type:13. [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: next_payload_type:13. [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: next_payload_type:13. [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: next_payload_type:13. [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: next_payload_type:0. [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_decode_payload_sa: Start [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_decode_payload_sa: Found 1 proposals [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_decode_payload_t: Start, # trans = 1 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_decode_data_attribute_size: decode_size B: type = 1 (0x0001), value = 5 (0x0005), size = 4 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_decode_data_attribute_size: decode_size B: type = 4 (0x0004), value = 1 (0x0001), size = 4 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_decode_data_attribute_size: decode_size B: type = 2 (0x0002), value = 1 (0x0001), size = 4 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_decode_data_attribute_size: decode_size B: type = 11 (0x000b), value = 1 (0x0001), size = 4 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_decode_data_attribute_size: decode_size V: type = 12 (0x000c), len = 4 (0x0004), padding = 0, size = 8 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_decode_data_attribute_size: decode_size B: type = 3 (0x0003), value = 1 (0x0001), size = 4 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_decode_data_attribute: decode B: type = 1 (0x0001), value = 5 (0x0005), len = 2, used_bytes = 4 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_decode_data_attribute: decode B: type = 4 (0x0004), value = 1 (0x0001), len = 2, used_bytes = 4 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_decode_data_attribute: decode B: type = 2 (0x0002), value = 1 (0x0001), len = 2, used_bytes = 4 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_decode_data_attribute: decode B: type = 11 (0x000b), value = 1 (0x0001), len = 2, used_bytes = 4 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_decode_data_attribute: decode V: type = 12 (0x000c), len = 4 (0x0004), padding = 0, used_bytes = 8, value = 00015180 80030001 ... [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_decode_data_attribute: decode B: type = 3 (0x0003), value = 1 (0x0001), len = 2, used_bytes = 4 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_state_step: Current state = Start sa negotiation R (2)/-1, exchange = 2, auth_method = any, Responder [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation R (2), xchg = 2, auth = 0, fields = 0001 / 06c0 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matched state = Start sa negotiation R (2) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[0] = ike_st_i_vid [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_st_i_vid: VID[0..16] = afcad713 68a1f1c9 ... [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_isakmp_vendor_id: Received vendor ID, length 16, IKE SA 8c76400 (neg 8c7a800) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_check_natt_vendor_id: Start ike_sa 8c76400 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_isakmp_vendor_id: FB; Calling v2 policy function vendor_id [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] iked_pm_ike_received_vendor_id: Received vendor-id for RFC 3706 (Dead Peer Detection) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_st_i_vid: VID[0..16] = 27bab5dc 01ea0760 ... [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_isakmp_vendor_id: Received vendor ID, length 16, IKE SA 8c76400 (neg 8c7a800) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_check_natt_vendor_id: Start ike_sa 8c76400 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_isakmp_vendor_id: FB; Calling v2 policy function vendor_id [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] iked_pm_ike_received_vendor_id: Received vendor-id for draft-stenberg-ipsec-nat-traversal-01 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_st_i_vid: VID[0..16] = 6105c422 e76847e4 ... [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_isakmp_vendor_id: Received vendor ID, length 16, IKE SA 8c76400 (neg 8c7a800) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_check_natt_vendor_id: Start ike_sa 8c76400 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_isakmp_vendor_id: FB; Calling v2 policy function vendor_id [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] iked_pm_ike_received_vendor_id: Received vendor-id for draft-stenberg-ipsec-nat-traversal-02 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_st_i_vid: VID[0..16] = 4485152d 18b6bbcd ... [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_isakmp_vendor_id: Received vendor ID, length 16, IKE SA 8c76400 (neg 8c7a800) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_check_natt_vendor_id: Start ike_sa 8c76400 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_isakmp_vendor_id: FB; Calling v2 policy function vendor_id [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] iked_pm_ike_received_vendor_id: Received vendor-id for draft-ietf-ipsec-nat-t-ike-00 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_st_i_vid: VID[0..16] = cd604643 35df21f8 ... [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_isakmp_vendor_id: Received vendor ID, length 16, IKE SA 8c76400 (neg 8c7a800) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_check_natt_vendor_id: Start ike_sa 8c76400 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_check_natt_vendor_id: Received NAT-T vendor id [draft-ietf-ipsec-nat-t-ike-02] [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_isakmp_vendor_id: FB; Calling v2 policy function vendor_id [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] iked_pm_ike_received_vendor_id: Received vendor-id for draft-ietf-ipsec-nat-t-ike-02 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_st_i_vid: VID[0..16] = 90cb8091 3ebb696e ... [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_isakmp_vendor_id: Received vendor ID, length 16, IKE SA 8c76400 (neg 8c7a800) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_check_natt_vendor_id: Start ike_sa 8c76400 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_check_natt_vendor_id: Received NAT-T vendor id [draft-ietf-ipsec-nat-t-ike-02] [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_isakmp_vendor_id: FB; Calling v2 policy function vendor_id [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] iked_pm_ike_received_vendor_id: Received vendor-id for draft-ietf-ipsec-nat-t-ike-02 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_st_i_vid: VID[0..16] = 7d9419a6 5310ca6f ... [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_isakmp_vendor_id: Received vendor ID, length 16, IKE SA 8c76400 (neg 8c7a800) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_check_natt_vendor_id: Start ike_sa 8c76400 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_check_natt_vendor_id: Received NAT-T vendor id [draft-ietf-ipsec-nat-t-ike-03] [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_isakmp_vendor_id: FB; Calling v2 policy function vendor_id [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] iked_pm_ike_received_vendor_id: Received vendor-id for draft-ietf-ipsec-nat-t-ike-03 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_st_i_vid: VID[0..16] = 4a131c81 07035845 ... [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_isakmp_vendor_id: Received vendor ID, length 16, IKE SA 8c76400 (neg 8c7a800) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_check_natt_vendor_id: Start ike_sa 8c76400 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_check_natt_vendor_id: Received NAT-T vendor id [RFC 3947] [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_isakmp_vendor_id: FB; Calling v2 policy function vendor_id [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] iked_pm_ike_received_vendor_id: Received vendor-id for RFC 3947 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_st_i_vid: VID[0..28] = 69936922 8741c6d4 ... [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_isakmp_vendor_id: Received vendor ID, length 28, IKE SA 8c76400 (neg 8c7a800) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_check_natt_vendor_id: Start ike_sa 8c76400 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_isakmp_vendor_id: FB; Calling v2 policy function vendor_id [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] iked_pm_ike_received_vendor_id: Received vendor-id for NetScreen Technologies [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[1] = ike_st_i_sa_proposal [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_st_i_sa_proposal: Start [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_isakmp_select_sa: Select IKE SA policy call entered, IKE SA 8c76400 (neg 8c7a800) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_isakmp_select_sa: Taking reference to fallback negotiation 8c7a800 (now 2 references) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_set_thread_debug_info: ikev2_fb_isakmp_select_sa: set thread debug info - local 192.168.13.13 remote 192.168.11.11 neg 0x8c7a800 neg->ike_sa 0x8c76400 ike_sa 0x0 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_state_step: Input function[1] = ike_st_i_sa_proposal asked retry later [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_process_packet: No output packet, returning [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_st_select_ike_sa: FB; Calling v2 policy function select_ike_sa [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] Parsing notification payload for local:192.168.13.13, remote:192.168.11.11 IKEv1 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] Search for a tunnel matching the IKE peers, local:192.168.13.13, remote:192.168.11.11 IKEv1 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] iked_pm_phase1_sa_cfg_lookup_by_addr: Found SA-CFG SRX-11 by ip address for local:192.168.13.13, remote:192.168.11.11 IKEv1 remote_port:500 ksa_cfg_remote_port=0 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] iked_pm_id_validate NO remote ID, skip validation. [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] address based lookup successful: Sa_cfg:SRX-11 Gateway:SRX-11 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ikev2_sa_select: SA_SELECT: Selecting IKEv1 proposal. [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ikev2_sav1_select: Comparing 1 input proposals against 1 policy proposals [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ikev2_sav1_select: Comparing input proposal #1 against policy proposal #1 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_choose_v1_proposal: Comparing 1 protocol(s) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_choose_v1_proposal: Comparing transforms of protocol 1 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_choose_v1_transform: Comparing 1 input transforms against 1 policy transforms [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_choose_v1_transform: Comparing input transform #0 against policy transform #0 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_choose_v1_transform: Transform id 1 matches, comparing attributes [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Comparing 6 input attributes against 6 policy attributes [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Comparing input attribute 0 against policy attribute 0 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Input and policy attributes of type 1 match [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 0 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 1 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Input and policy attributes of type 4 match [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Comparing input attribute 2 against policy attribute 0 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Comparing input attribute 2 against policy attribute 1 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Comparing input attribute 2 against policy attribute 2 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Input and policy attributes of type 2 match [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Input attribute 3 is life type/duration, ignoring [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Input attribute 4 is life type/duration, ignoring [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Comparing input attribute 5 against policy attribute 0 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Comparing input attribute 5 against policy attribute 1 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Comparing input attribute 5 against policy attribute 2 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Comparing input attribute 5 against policy attribute 3 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Comparing input attribute 5 against policy attribute 4 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Comparing input attribute 5 against policy attribute 5 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Input and policy attributes of type 3 match [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Attributes matched successfully [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Setting life in seconds to 86400 from policy [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_choose_v1_transform: Attributes match; selected input transform 0 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_choose_v1_proposal: Protocols match [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_choose_v1_proposal: Selected proposal number 1 and transforms for 1 protocols [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_choose_v1_proposal: Selected transform id 1 for protocol 1 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ikev2_sav1_select: Proposals match [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_get_data_attribute_int: get_int: type = 1 (0x0001), value = 5 (0x00000005), len = 2 (0x0002) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_get_data_attribute_int: get_int: type = 4 (0x0004), value = 1 (0x00000001), len = 2 (0x0002) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_get_data_attribute_int: get_int: type = 2 (0x0002), value = 1 (0x00000001), len = 2 (0x0002) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_get_data_attribute_int: get_int: type = 11 (0x000b), value = 1 (0x00000001), len = 2 (0x0002) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_get_data_attribute_int: get_int: type = 12 (0x000c), value = 86400 (0x00015180), len = 4 (0x0004) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_get_data_attribute_int: get_int: type = 3 (0x0003), value = 1 (0x00000001), len = 2 (0x0002) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_spd_select_sa_cb: Diffie-Hellman group number 1 selected [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_spd_select_sa_cb: Authentication method number 1 selected [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_spd_select_sa_cb: Set IKE SA lifetime to 86400 seconds [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_isakmp_sa_reply: Start [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_get_data_attribute_int: get_int: type = 1 (0x0001), value = 5 (0x00000005), len = 2 (0x0002) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_get_data_attribute_int: get_int: type = 4 (0x0004), value = 1 (0x00000001), len = 2 (0x0002) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_get_data_attribute_int: get_int: type = 2 (0x0002), value = 1 (0x00000001), len = 2 (0x0002) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_get_data_attribute_int: get_int: type = 11 (0x000b), value = 1 (0x00000001), len = 2 (0x0002) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_get_data_attribute_int: get_int: type = 12 (0x000c), value = 86400 (0x00015180), len = 4 (0x0004) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_get_data_attribute_int: get_int: type = 3 (0x0003), value = 1 (0x00000001), len = 2 (0x0002) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fallback_negotiation_free: Fallback negotiation 8c7a800 has still 1 references [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_set_debug_gw_info: ssh_set_debug_gw_info: set gw debug info - local 192.168.13.13 remote 192.168.11.11 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_state_restart_packet: Start, restart packet SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708}, nego = -1 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_state_step: Current state = Start sa negotiation R (2)/1, exchange = 2, auth_method = pre shared key, Responder [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation R (2), xchg = 2, auth = 0, fields = 0001 / 06c0 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matched state = Start sa negotiation R (2) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[1] = ike_st_i_sa_proposal [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_st_i_sa_proposal: Start [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[2] = ike_st_i_cr [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_st_i_cr: Start [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[3] = ike_st_i_cert [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_st_i_cert: Start [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[4] = ike_st_i_status_n [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[5] = ike_st_i_private [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_st_i_private: Start [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling output function[0] = ike_st_o_sa_values [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_st_o_sa_values: Start [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling output function[1] = ike_st_o_optional_certs [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling output function[2] = ike_st_o_vids [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_isakmp_request_vendor_ids: Request vendor ID's policy call entered, IKE SA 8c76400 (neg 8c7a800) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_isakmp_request_vendor_ids: FB; Calling v2 policy function vendor_id_request [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_vid_request_cb: Got a VID of length 16 (neg 8c7a800) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] iked_pm_ike_request_vendor_id: Sending VID RFC 3706 (Dead Peer Detection) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_vid_request_cb: Got a VID of length 16 (neg 8c7a800) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] iked_pm_ike_request_vendor_id: Sending VID RFC 3947 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_vid_request_cb: Got a VID of length 28 (neg 8c7a800) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] iked_pm_ike_request_vendor_id: Sending VID NetScreen Technologies [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_vid_request_cb: No more VIDs [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_policy_reply_isakmp_vendor_ids: Start [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling output function[3] = ike_st_o_private [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_st_o_private: Start [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_private_p_1_out: Phase-I output: packet_number 2 ike_sa 8c76400 (neg 8c7a800) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_phase1_pending_natt_operations: Processing pending NAT-T operations [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ikev2_fb_private_p_1_out: FB; Calling v2 policy function private_payload_request [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_policy_reply_private_payload_out: Start [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_state_step: All done, new state = MM SA R (4) [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Start, SA = { 0x66d3e0d1 4604eb50 - 89829bbf 324bc708 } / 00000000, nego = -1 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_encode_data_attribute: encode B: type = 1 (0x0001), len = 2, value = 0005 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_encode_data_attribute: encode B: type = 4 (0x0004), len = 2, value = 0001 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_encode_data_attribute: encode B: type = 2 (0x0002), len = 2, value = 0001 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_encode_data_attribute: encode B: type = 11 (0x000b), len = 2, value = 0001 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_encode_data_attribute: encode V: type = 12 (0x000c), len = 4 (0x0004), value = 00015180 ... [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ssh_ike_encode_data_attribute: encode B: type = 3 (0x0003), len = 2, value = 0001 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Payload length = 56 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Payload length = 20 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Payload length = 20 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Payload length = 32 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Packet length = 156 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Final length = 156 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_send_packet: Start, send SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708}, nego = -1, dst = 192.168.11.11:500, routing table id = 0 [Feb 11 20:39:52][192.168.13.13 <-> 192.168.11.11] ike_send_packet: Inserting retransmission timer after 10.000000 seconds [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_packet_allocate: Allocated packet 8c11c00 from freelist [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_packet_allocate: [8c11c00/0] Allocating [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] *** Processing received packet from 192.168.11.11:500 to 192.168.13.13:0 VR 0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_packet_st_input_start: [8c11c00/0] Processing received [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_sa_find: Start, SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708 } [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_sa_find: Found SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708 } [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Found IKEv1 SA [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_packet_st_input_v1_get_sa: [8c11c00/deadbeee] Packet to existing v1 SA [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_udp_callback_common: Packet from 192.168.11.11:500, use_natt=0 data[0..188] = 66d3e0d1 4604eb50 89829bbf 324bc708 ... [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_get_sa: Start, SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708 } / 00000000, remote = 192.168.11.11:500 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_sa_find: Start, SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708 } [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_sa_find: Found SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708 } [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_udp_callback_common: Old negotiation message_id = 00000000, slot -1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: Start, SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708} / 00000000, nego = -1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: first_payload_type:4. [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: next_payload_type:10. [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: next_payload_type:20. [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_private_p_1_check: New Phase-I private payload: private_payload_id 20 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_private_p_1_check: RFC 3947 NAT-D payload [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: next_payload_type:20. [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_private_p_1_check: New Phase-I private payload: private_payload_id 20 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_private_p_1_check: RFC 3947 NAT-D payload [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: next_payload_type:0. [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Current state = MM SA R (4)/-1, exchange = 2, auth_method = pre shared key, Responder [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation R (2), xchg = 2, auth = 0, fields = 0001 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation R (2), xchg = 4, auth = 0, fields = 0017 / 06e0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 2, auth = 3, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 2, auth = 0, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 4, auth = 3, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 4, auth = 2, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 4, auth = 4, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM final R (8), xchg = 2, auth = 0, fields = ffff / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM done I (9), xchg = 2, auth = 0, fields = ffff / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM final I (12), xchg = 4, auth = 0, fields = ffff / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM done R (13), xchg = 4, auth = 0, fields = ffff / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA I (3), xchg = 2, auth = 2, fields = 0001 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA R (4), xchg = 2, auth = 2, fields = 0012 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE I (5), xchg = 2, auth = 2, fields = 0012 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE R (6), xchg = 2, auth = 2, fields = 000c / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM final I (7), xchg = 2, auth = 2, fields = 000c / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA I (10), xchg = 4, auth = 2, fields = 001f / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA R (11), xchg = 4, auth = 2, fields = 0008 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA I (3), xchg = 2, auth = 3, fields = 0001 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA R (4), xchg = 2, auth = 3, fields = 0016 / 06e0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE I (5), xchg = 2, auth = 3, fields = 0016 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE R (6), xchg = 2, auth = 3, fields = 0020 / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM final I (7), xchg = 2, auth = 3, fields = 0020 / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA I (10), xchg = 4, auth = 3, fields = 0037 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA R (11), xchg = 4, auth = 3, fields = 0020 / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA I (3), xchg = 2, auth = 4, fields = 0001 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA R (4), xchg = 2, auth = 4, fields = 0012 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matched state = MM SA R (4) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[0] = ike_st_i_nonce [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_i_nonce: Start, nonce[0..16] = debff51e aea541fe ... [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[1] = ike_st_i_ke [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_i_ke: Ke[0..96] = edc7f17e 0f741f0b ... [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[2] = ike_st_i_cr [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_i_cr: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[3] = ike_st_i_cert [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_i_cert: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[4] = ike_st_i_status_n [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[5] = ike_st_i_vid [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[6] = ike_st_i_private [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_i_private: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_private_p_1_in: Phase-I input: packet_number 3 ike_sa 8c76400 (neg 8c7a800) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_private_p_1_in: New payload: packet_number=3, private_payload_id=20: [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] 00000000: 1b67 f85b 3cf0 60e7 37ee f2c4 f721 0c30 .g.[<.`.7....!.0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_natt_hash_choice: Start ike_sa 8c76400 (neg 8c7a800) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_natt_hash_choice: First payload: checking local ID [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_id_as_hashed_string: Start ip = 192.168.13.13 port = 500 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_id_as_hashed_string: Hash input: [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] 00000000: 66d3 e0d1 4604 eb50 8982 9bbf 324b c708 f...F..P....2K.. [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] 00000010: c0a8 0d0d 01f4 ...... [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_natt_hash_choice: ID hash: [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] 00000000: 1b67 f85b 3cf0 60e7 37ee f2c4 f721 0c30 .g.[<.`.7....!.0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_natt_hash_choice: Local end not behind NAT [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_private_p_1_in: Phase-I input: packet_number 3 ike_sa 8c76400 (neg 8c7a800) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_private_p_1_in: New payload: packet_number=3, private_payload_id=20: [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] 00000000: b87a f905 ba61 ede4 156c d66e e194 cd73 .z...a...l.n...s [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_natt_hash_choice: Start ike_sa 8c76400 (neg 8c7a800) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_natt_hash_choice: Not first payload: checking remote ID [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_id_as_hashed_string: Start ip = 192.168.11.11 port = 500 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_id_as_hashed_string: Hash input: [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] 00000000: 66d3 e0d1 4604 eb50 8982 9bbf 324b c708 f...F..P....2K.. [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] 00000010: c0a8 0b0b 01f4 ...... [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_natt_hash_choice: ID hash: [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] 00000000: b87a f905 ba61 ede4 156c d66e e194 cd73 .z...a...l.n...s [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_natt_hash_choice: Remote end not behind NAT [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling output function[0] = ike_st_o_ke [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_o_ke: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Using software for dh_gen operation [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Inside kmd_sw_dh_gen... [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling output function[1] = ike_st_o_nonce [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_o_nonce: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_isakmp_nonce_data_len: Entered [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_policy_reply_isakmp_nonce_data_len: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling output function[2] = ike_st_o_get_pre_shared_key [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_find_pre_shared_key: Find pre shared key key for 192.168.13.13:500, id = No Id -> 192.168.11.11:500, id = No Id [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_find_pre_shared_key: Find pre-shared key policy call entered, IKE SA 8c76400 (neg 8c7a800) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_find_pre_shared_key: Taking reference to fallback negotiation 8c7a800 (now 2 references) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_set_thread_debug_info: ikev2_fb_find_pre_shared_key: set thread debug info - local 192.168.13.13 remote 192.168.11.11 neg 0x8c7a800 neg->ike_sa 0x8c76400 ike_sa 0x0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Output function[2] = ike_st_o_get_pre_shared_key asked retry later [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_process_packet: No output packet, returning [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_packet_destroy: [8c11c00/deadbeee] Destructor [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_packet_free: [8c11c00/deadbeee] Freeing [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_st_find_pre_shared_key: FB; Calling v2 policy function shared_key [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] iked_pm_ike_pre_shared_key Start... [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] iked_pm_phase1_sa_cfg_lookup_by_addr: Found SA-CFG SRX-11 by ip address for local:192.168.13.13, remote:192.168.11.11 IKEv1 remote_port:500 ksa_cfg_remote_port=0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] iked_pm_id_validate NO remote ID, skip validation. [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] address based lookup successful: Sa_cfg:SRX-11 Gateway:SRX-11 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] iked_pm_id_validate NO remote ID, skip validation. [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_find_pre_shared_key_cb: Found preshared key [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_policy_reply_find_pre_shared_key: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fallback_negotiation_free: Fallback negotiation 8c7a800 has still 1 references [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_set_debug_gw_info: ssh_set_debug_gw_info: set gw debug info - local 192.168.13.13 remote 192.168.11.11 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_restart_packet: Start, restart packet SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708}, nego = -1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Current state = MM SA R (4)/258, exchange = 2, auth_method = pre shared key, Responder [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation R (2), xchg = 2, auth = 0, fields = 0001 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation R (2), xchg = 4, auth = 0, fields = 0017 / 06e0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 2, auth = 3, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 2, auth = 0, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 4, auth = 3, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 4, auth = 2, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 4, auth = 4, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM final R (8), xchg = 2, auth = 0, fields = ffff / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM done I (9), xchg = 2, auth = 0, fields = ffff / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM final I (12), xchg = 4, auth = 0, fields = ffff / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM done R (13), xchg = 4, auth = 0, fields = ffff / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA I (3), xchg = 2, auth = 2, fields = 0001 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA R (4), xchg = 2, auth = 2, fields = 0012 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE I (5), xchg = 2, auth = 2, fields = 0012 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE R (6), xchg = 2, auth = 2, fields = 000c / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM final I (7), xchg = 2, auth = 2, fields = 000c / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA I (10), xchg = 4, auth = 2, fields = 001f / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA R (11), xchg = 4, auth = 2, fields = 0008 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA I (3), xchg = 2, auth = 3, fields = 0001 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA R (4), xchg = 2, auth = 3, fields = 0016 / 06e0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE I (5), xchg = 2, auth = 3, fields = 0016 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE R (6), xchg = 2, auth = 3, fields = 0020 / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM final I (7), xchg = 2, auth = 3, fields = 0020 / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA I (10), xchg = 4, auth = 3, fields = 0037 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA R (11), xchg = 4, auth = 3, fields = 0020 / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA I (3), xchg = 2, auth = 4, fields = 0001 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA R (4), xchg = 2, auth = 4, fields = 0012 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matched state = MM SA R (4) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling output function[2] = ike_st_o_get_pre_shared_key [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_find_pre_shared_key: Find pre shared key key for 192.168.13.13:500, id = No Id -> 192.168.11.11:500, id = No Id [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling output function[3] = ike_st_o_private [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_o_private: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_private_p_1_out: Phase-I output: packet_number 4 ike_sa 8c76400 (neg 8c7a800) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_phase1_pending_natt_operations: Processing pending NAT-T operations [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_handle_send_hash_id: Adding NAT-D payloads: ike_sa 8c76400 (neg 8c7a800) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_id_as_hashed_string: Start ip = 192.168.11.11 port = 500 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_id_as_hashed_string: Hash input: [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] 00000000: 66d3 e0d1 4604 eb50 8982 9bbf 324b c708 f...F..P....2K.. [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] 00000010: c0a8 0b0b 01f4 ...... [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_policy_reply_private_payload_out: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_id_as_hashed_string: Start ip = 192.168.13.13 port = 500 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_id_as_hashed_string: Hash input: [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] 00000000: 66d3 e0d1 4604 eb50 8982 9bbf 324b c708 f...F..P....2K.. [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] 00000010: c0a8 0d0d 01f4 ...... [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_policy_reply_private_payload_out: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_private_p_1_out: FB; Calling v2 policy function private_payload_request [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_policy_reply_private_payload_out: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling output function[4] = ike_st_o_calc_skeyid [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_o_calc_skeyid: Calculating skeyid [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Using software for dh_comp operation [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Inside kmd_sw_dh_comp... [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_find_pre_shared_key: Find pre shared key key for 192.168.13.13:500, id = No Id -> 192.168.11.11:500, id = No Id [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: All done, new state = MM KE R (6) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Start, SA = { 0x66d3e0d1 4604eb50 - 89829bbf 324bc708 } / 00000000, nego = -1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Payload length = 100 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Payload length = 20 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Payload length = 20 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Payload length = 20 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Packet length = 188 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Final length = 188 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_send_packet: Start, send SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708}, nego = -1, dst = 192.168.11.11:500, routing table id = 0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_send_packet: Inserting retransmission timer after 10.000000 seconds [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_packet_allocate: Allocated packet 8c25000 from freelist [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_packet_allocate: [8c25000/0] Allocating [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] *** Processing received packet from 192.168.11.11:500 to 192.168.13.13:0 VR 0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_packet_st_input_start: [8c25000/0] Processing received [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_sa_find: Start, SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708 } [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_sa_find: Found SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708 } [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Found IKEv1 SA [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_packet_st_input_v1_get_sa: [8c25000/deadbeee] Packet to existing v1 SA [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_udp_callback_common: Packet from 192.168.11.11:500, use_natt=0 data[0..92] = 66d3e0d1 4604eb50 89829bbf 324bc708 ... [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_get_sa: Start, SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708 } / 00000000, remote = 192.168.11.11:500 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_sa_find: Start, SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708 } [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_sa_find: Found SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708 } [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_udp_callback_common: Old negotiation message_id = 00000000, slot -1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: Start, SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708} / 00000000, nego = -1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: first_payload_type:5. [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: Decrypting packet [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: next_payload_type:8. [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: next_payload_type:11. [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: next_payload_type:0. [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Current state = MM KE R (6)/-1, exchange = 2, auth_method = pre shared key, Responder [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation R (2), xchg = 2, auth = 0, fields = 0001 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation R (2), xchg = 4, auth = 0, fields = 0017 / 06e0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 2, auth = 3, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 2, auth = 0, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 4, auth = 3, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 4, auth = 2, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 4, auth = 4, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM final R (8), xchg = 2, auth = 0, fields = ffff / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM done I (9), xchg = 2, auth = 0, fields = ffff / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM final I (12), xchg = 4, auth = 0, fields = ffff / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM done R (13), xchg = 4, auth = 0, fields = ffff / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA I (3), xchg = 2, auth = 2, fields = 0001 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA R (4), xchg = 2, auth = 2, fields = 0012 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE I (5), xchg = 2, auth = 2, fields = 0012 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE R (6), xchg = 2, auth = 2, fields = 000c / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM final I (7), xchg = 2, auth = 2, fields = 000c / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA I (10), xchg = 4, auth = 2, fields = 001f / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA R (11), xchg = 4, auth = 2, fields = 0008 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA I (3), xchg = 2, auth = 3, fields = 0001 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA R (4), xchg = 2, auth = 3, fields = 0016 / 06e0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE I (5), xchg = 2, auth = 3, fields = 0016 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE R (6), xchg = 2, auth = 3, fields = 0020 / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM final I (7), xchg = 2, auth = 3, fields = 0020 / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA I (10), xchg = 4, auth = 3, fields = 0037 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA R (11), xchg = 4, auth = 3, fields = 0020 / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA I (3), xchg = 2, auth = 4, fields = 0001 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA R (4), xchg = 2, auth = 4, fields = 0012 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE I (5), xchg = 2, auth = 4, fields = 0012 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE R (6), xchg = 2, auth = 4, fields = 0024 / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matched state = MM KE R (6) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[0] = ike_st_i_encrypt [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_i_encrypt: Check that packet was encrypted succeeded [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[1] = ike_st_i_id [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_i_id: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[2] = ike_st_i_hash [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_i_hash: Start, hash[0..16] = a4bfde35 16be4785 ... [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_calc_mac: Start, initiator = false, local = false [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[3] = ike_st_i_cert [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_i_cert: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[4] = ike_st_i_status_n [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_i_status_n: Start, doi = 1, protocol = 1, code = Initial contact notification (24578), spi[0..16] = 66d3e0d1 4604eb50 ..., data[0..0] = 00000000 00000000 ... [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_check_isakmp_spi: Spi match [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_check_isakmp_spi: Spi match [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_i_status_n: Initial contact [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_phase_i_notification: Phase-I notification call entered, IKE SA 8c76400 (neg 8c7a800) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] iked_pm_ike_spd_notify_received: Received authenticated notification payload unknown from local:192.168.13.13 remote:192.168.11.11 IKEv1 for P1 SA 4488225 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_phase_i_notification: Got initial contact notification [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_phase_i_notification: Registering initial contact notification from `192.168.11.11' [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[5] = ike_st_i_vid [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[6] = ike_st_i_private [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_i_private: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling output function[0] = ike_st_o_id [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_o_id: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_isakmp_id: IKE ID policy call entered, IKE SA 8c76400 (neg 8c7a800) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_isakmp_id: Taking reference to fallback negotiation 8c7a800 (now 2 references) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_set_thread_debug_info: ikev2_fb_isakmp_id: set thread debug info - local 192.168.13.13 remote 192.168.11.11 neg 0x8c7a800 neg->ike_sa 0x8c76400 ike_sa 0x0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Output function[0] = ike_st_o_id asked retry later [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_process_packet: No output packet, returning [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_packet_destroy: [8c25000/deadbeee] Destructor [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_packet_free: [8c25000/deadbeee] Freeing [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_st_id_request: FB; Calling v2 policy function id [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_id_request_cb: Local id payload is ID(type = ipv4 (1), len = 4, value = 192.168.13.13) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_idv2_to_idv1: Converting the IKEv2 payload ID ID(type = ipv4 (1), len = 4, value = 192.168.13.13) to IKEv1 ID [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_idv2_to_idv1: IKEv2 payload ID converted to IKEv1 payload ID ipv4(any:0,[0..3]=192.168.13.13) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_policy_reply_isakmp_id: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fallback_negotiation_free: Fallback negotiation 8c7a800 has still 1 references [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_set_debug_gw_info: ssh_set_debug_gw_info: set gw debug info - local 192.168.13.13 remote 192.168.11.11 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_restart_packet: Start, restart packet SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708}, nego = -1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Current state = MM KE R (6)/256, exchange = 2, auth_method = pre shared key, Responder [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation R (2), xchg = 2, auth = 0, fields = 0001 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation R (2), xchg = 4, auth = 0, fields = 0017 / 06e0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 2, auth = 3, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 2, auth = 0, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 4, auth = 3, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 4, auth = 2, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 4, auth = 4, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM final R (8), xchg = 2, auth = 0, fields = ffff / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM done I (9), xchg = 2, auth = 0, fields = ffff / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM final I (12), xchg = 4, auth = 0, fields = ffff / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM done R (13), xchg = 4, auth = 0, fields = ffff / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA I (3), xchg = 2, auth = 2, fields = 0001 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA R (4), xchg = 2, auth = 2, fields = 0012 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE I (5), xchg = 2, auth = 2, fields = 0012 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE R (6), xchg = 2, auth = 2, fields = 000c / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM final I (7), xchg = 2, auth = 2, fields = 000c / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA I (10), xchg = 4, auth = 2, fields = 001f / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA R (11), xchg = 4, auth = 2, fields = 0008 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA I (3), xchg = 2, auth = 3, fields = 0001 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA R (4), xchg = 2, auth = 3, fields = 0016 / 06e0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE I (5), xchg = 2, auth = 3, fields = 0016 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE R (6), xchg = 2, auth = 3, fields = 0020 / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM final I (7), xchg = 2, auth = 3, fields = 0020 / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA I (10), xchg = 4, auth = 3, fields = 0037 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA R (11), xchg = 4, auth = 3, fields = 0020 / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA I (3), xchg = 2, auth = 4, fields = 0001 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA R (4), xchg = 2, auth = 4, fields = 0012 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE I (5), xchg = 2, auth = 4, fields = 0012 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE R (6), xchg = 2, auth = 4, fields = 0024 / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matched state = MM KE R (6) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling output function[0] = ike_st_o_id [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_o_id: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling output function[1] = ike_st_o_hash [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_o_hash: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_calc_mac: Start, initiator = false, local = true [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling output function[2] = ike_st_o_status_n [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_o_status_n: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling output function[3] = ike_st_o_private [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_o_private: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_private_p_1_out: Phase-I output: packet_number 6 ike_sa 8c76400 (neg 8c7a800) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_phase1_pending_natt_operations: Processing pending NAT-T operations [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_private_p_1_out: FB; Calling v2 policy function private_payload_request [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_policy_reply_private_payload_out: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling output function[4] = ike_st_o_encrypt [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_o_encrypt: Marking encryption for packet [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling output function[5] = ike_st_o_wait_done [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_o_wait_done: Marking for waiting for done [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_o_all_done: MESSAGE: Phase 1 { 0x66d3e0d1 4604eb50 - 0x89829bbf 324bc708 } / 00000000, version = 1.0, xchg = Identity protect, auth_method = Pre shared keys, Responder, cipher = 3de [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] 192.168.13.13:500 (Responder) <-> 192.168.11.11:500 { 66d3e0d1 4604eb50 - 89829bbf 324bc708 [-1] / 0x00000000 } IP; MESSAGE: Phase 1 version = 1.0, auth_method = Pre shared keys, cipher = [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: All done, new state = MM final R (8) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Start, SA = { 0x66d3e0d1 4604eb50 - 89829bbf 324bc708 } / 00000000, nego = -1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Payload length = 12 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Payload length = 20 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Packet length = 60 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Encrypting packet [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Final length = 60 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_send_packet: Start, send SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708}, nego = -1, dst = 192.168.11.11:500, routing table id = 0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_send_packet: Inserting retransmission timer after 10.000000 seconds [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_negotiation_done_isakmp: Entered IKE error code Connected notification (16384), IKE SA 8c76400 (neg 8c7a800) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_phase1_pending_natt_operations: Processing pending NAT-T operations [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_send_notify: Connected, SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708}, nego = -1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_p1_negotiation_wait_sa_done: Phase-I negotiation is now done (neg 8c7a800) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_p1_negotiation_wait_sa_done: FB; Calling v2 policy function ike_sa_done [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] iked_pm_ike_sa_done: local:192.168.13.13, remote:192.168.11.11 IKEv1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_idv2_to_idv1: Converting the IKEv2 payload ID ID(type = ipv4 (1), len = 4, value = 192.168.11.11) to IKEv1 ID [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_idv2_to_idv1: IKEv2 payload ID converted to IKEv1 payload ID ipv4(any:0,[0..3]=192.168.11.11) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] iked_pm_id_validate called with id ipv4(any:0,[0..3]=192.168.11.11) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] kmd_ipaddr2ikeid: ipaddr = 192.168.11.11 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] iked_pm_id_validate Use default id [ipv4(any:0,[0..3]=192.168.11.11)] [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] iked_pm_id_validate default id matched. [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] IKE negotiation done for local:192.168.13.13, remote:192.168.11.11 IKEv1 with status: Error ok [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Parsing notification payload for local:192.168.13.13, remote:192.168.11.11 IKEv1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] iked_lookup_peer_entry: Peer entry 0x0 Not FOUND for local 192.168.13.13:500 and remote 192.168.11.11:500 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] iked_create_peer_entry: Created peer entry 0x8c94c00 for local 192.168.13.13:500 remote 192.168.11.11:500 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] iked_fetch_or_create_peer_entry: Create peer entry 0x8c94c00 for local 192.168.13.13:500 remote 192.168.11.11:500. gw SRX-11, VR id 0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] iked_dist_table_entry_update : Dist table entry creation not needed [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] iked_pm_ike_sa_done: Success to create or find peer_entry for local:192.168.13.13:500, remote:192.168.11.11:500 in ike sa done [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] iked_pm_ike_sa_done_common_update: Decremented active p1 negotiations.Current active p1 negotiations 0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] P1 SA 4488225 stop timer. timer duration 30, reason 1. [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] iked_peer_insert_p1sa_entry: Insert p1 sa 4488225 in peer entry 0x8c94c00 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] iked_p1_sa_tree_entry_add: Adding p1_sa (sa_index:4488225) to IKE P1 SA P-tree, gw=192.168.11.11 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] iked_p1_sa_tree_entry_add: Added P1 SA node for: ike index: 4488225 remote ip: 192.168.11.11IKE P1_SA P-tree [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Processing Initial contact notification. New P1 SA index 4488225 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_p1_negotiation_destructor: Freeing fallback negotiation context [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fallback_negotiation_free: Freeing fallback negotiation 8c7a800 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_free_exchange_data: Freeing exchange data from SA 8c76400, ED 8c95028 (1) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_free_exchange_data_ipsec: Freeing IPsec exchange data from SA 8c76400 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_free_exchange_data_ipsec: Successfully freed IPsec exchange data from SA 8c76400 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_free_exchange_data_ike: Freeing IKE exchange data from SA 8c76400 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_free_exchange_data_ike: Successfully freed IKE exchange data from SA 8c76400 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_free_exchange_data: Calling exchange_data_free [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Freeing P2 Ed for sa-cfg SRX-11 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] iked_unset_sa_cfg_p2_ed unset_sa_cfg_p2_ed, sa_cfg=SRX-11 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] iked_pm_ike_exchange_data_free: Successfully removed pm_ed 8c78e00 from list for sa_cfg N/A [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_free_exchange_data: Successfully freed exchange data from SA 8c76400 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ikev2_ike_sa_free: Calling ike_sa_free_ref [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Freeing reference to P1 SA 4488225 to ref count 1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] *** Processing received packet from 192.168.11.11:500 to 192.168.13.13:0 VR 0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_packet_st_input_start: [8c25400/0] Processing received [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_sa_find: Start, SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708 } [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_sa_find: Found SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708 } [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Found IKEv1 SA [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_packet_st_input_v1_get_sa: [8c25400/deadbeee] Packet to existing v1 SA [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_udp_callback_common: Packet from 192.168.11.11:500, use_natt=0 data[0..180] = 66d3e0d1 4604eb50 89829bbf 324bc708 ... [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_get_sa: Start, SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708 } / d14e334b, remote = 192.168.11.11:500 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_sa_find: Start, SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708 } [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_sa_find: Found SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708 } [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Current state = MM final R (8)/-1, exchange = 2, auth_method = pre shared key, Responder [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation R (2), xchg = 2, auth = 0, fields = 0001 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation R (2), xchg = 4, auth = 0, fields = 0017 / 06e0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 2, auth = 3, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 2, auth = 0, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 4, auth = 3, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 4, auth = 2, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 4, auth = 4, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM final R (8), xchg = 2, auth = 0, fields = ffff / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matched state = MM final R (8) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling output function[0] = ike_st_o_done [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_o_done: ISAKMP SA negotiation done [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: All done, new state = Done (30) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_udp_callback_common: Connected, sending notify [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_send_notify: Connected, SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708}, nego = -1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_free_negotiation_isakmp: Start, nego = -1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_free_negotiation: Start, nego = -1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_free_packet: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_free_packet: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_free_packet: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_free_packet: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_free_packet: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_free_packet: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_alloc_negotiation: Start, SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708} [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_alloc_negotiation: Found slot 0, max 1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_udp_callback_common: New quick mode negotiation message_id = d14e334b initialized, using slot 0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_init_qm_negotiation: Start, initiator = 0, message_id = d14e334b [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fallback_negotiation_alloc: Taking reference to fallback negotiation 8c7a800 (now 1 references) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fallback_negotiation_alloc: Allocated fallback negotiation 8c7a800 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_phase_qm_set_pm_data: Taking reference to fallback negotiation 8c7a800 (now 2 references) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_phase_qm_set_pm_data: Setting FB negotiation 8c7a800 to qm_info 8c50380 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ikev2_ike_sa_take_ref: Calling ike_sa_take_ref [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Taking reference to P1 SA 4488225 to ref count 2 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_allocate_exchange_data: Calling exchange_data_alloc [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] iked_pm_ike_exchange_data_alloc: Successfully inserted pm_ed 8c94000 into list for sa_cfg N/A [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Exchange data allocated for IKE SA 4488225. VR 0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_allocate_exchange_data: Successfully allocated exchange data for SA 8c76400 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_allocate_exchange_data_ipsec: Allocating IPsec exchange data for SA 8c76400 ED 8c95028 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_allocate_exchange_data_ipsec: Successfully allocated IPsec exchange data for SA 8c76400 ED 8c95028 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_new_connection_phase_qm: Accepting new Quick-Mode negotiation: local=:500, remote=192.168.11.11:500 (neg 8c7a800) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_set_thread_debug_info: ikev2_fb_new_connection_phase_qm: set thread debug info - local 192.168.13.13 remote 192.168.11.11 neg 0x8c7a800 neg->ike_sa 0x8c76400 ike_sa 0x0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_set_debug_gw_info: ssh_set_debug_gw_info: set gw debug info - local 192.168.13.13 remote 192.168.11.11 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: Start, SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708} / d14e334b, nego = 0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: first_payload_type:8. [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: Decrypting packet [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: next_payload_type:1. [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: next_payload_type:10. [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: next_payload_type:5. [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: next_payload_type:5. [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: next_payload_type:11. [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: next_payload_type:0. [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_decode_payload_sa: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_decode_payload_sa: Found 1 proposals [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_decode_payload_t: Start, # trans = 1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_decode_data_attribute_size: decode_size B: type = 6 (0x0006), value = 128 (0x0080), size = 4 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_decode_data_attribute_size: decode_size B: type = 5 (0x0005), value = 1 (0x0001), size = 4 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_decode_data_attribute_size: decode_size B: type = 1 (0x0001), value = 1 (0x0001), size = 4 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_decode_data_attribute_size: decode_size V: type = 2 (0x0002), len = 4 (0x0004), padding = 0, size = 8 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_decode_data_attribute_size: decode_size B: type = 4 (0x0004), value = 1 (0x0001), size = 4 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_decode_data_attribute: decode B: type = 6 (0x0006), value = 128 (0x0080), len = 2, used_bytes = 4 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_decode_data_attribute: decode B: type = 5 (0x0005), value = 1 (0x0001), len = 2, used_bytes = 4 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_decode_data_attribute: decode B: type = 1 (0x0001), value = 1 (0x0001), len = 2, used_bytes = 4 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_decode_data_attribute: decode V: type = 2 (0x0002), len = 4 (0x0004), padding = 0, used_bytes = 8, value = 000004b0 80040001 ... [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_decode_data_attribute: decode B: type = 4 (0x0004), value = 1 (0x0001), len = 2, used_bytes = 4 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Current state = Start QM R (15)/-1, exchange = 32, auth_method = any, Responder [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation R (2), xchg = 2, auth = 0, fields = 0001 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation R (2), xchg = 4, auth = 0, fields = 0017 / 06e0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 2, auth = 3, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 2, auth = 0, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 4, auth = 3, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 4, auth = 2, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 4, auth = 4, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM final R (8), xchg = 2, auth = 0, fields = ffff / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM done I (9), xchg = 2, auth = 0, fields = ffff / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM final I (12), xchg = 4, auth = 0, fields = ffff / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM done R (13), xchg = 4, auth = 0, fields = ffff / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA I (3), xchg = 2, auth = 2, fields = 0001 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA R (4), xchg = 2, auth = 2, fields = 0012 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE I (5), xchg = 2, auth = 2, fields = 0012 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE R (6), xchg = 2, auth = 2, fields = 000c / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM final I (7), xchg = 2, auth = 2, fields = 000c / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA I (10), xchg = 4, auth = 2, fields = 001f / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA R (11), xchg = 4, auth = 2, fields = 0008 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA I (3), xchg = 2, auth = 3, fields = 0001 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA R (4), xchg = 2, auth = 3, fields = 0016 / 06e0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE I (5), xchg = 2, auth = 3, fields = 0016 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE R (6), xchg = 2, auth = 3, fields = 0020 / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM final I (7), xchg = 2, auth = 3, fields = 0020 / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA I (10), xchg = 4, auth = 3, fields = 0037 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA R (11), xchg = 4, auth = 3, fields = 0020 / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA I (3), xchg = 2, auth = 4, fields = 0001 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA R (4), xchg = 2, auth = 4, fields = 0012 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE I (5), xchg = 2, auth = 4, fields = 0012 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE R (6), xchg = 2, auth = 4, fields = 0024 / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM final I (7), xchg = 2, auth = 4, fields = 0024 / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA I (10), xchg = 4, auth = 4, fields = 0037 / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA R (11), xchg = 4, auth = 4, fields = 0020 / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA I (3), xchg = 2, auth = 0, fields = 0001 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start QM I (14), xchg = 32, auth = 1, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start QM R (15), xchg = 32, auth = 1, fields = 0031 / 0206 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matched state = Start QM R (15) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[0] = ike_st_i_encrypt [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_i_encrypt: Check that packet was encrypted succeeded [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[1] = ike_st_i_qm_hash_1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_i_qm_hash_1: Start, hash[0..16] = a184ff65 8cc3b8c1 ... [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[2] = ike_st_i_qm_nonce [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_i_qm_nonce: Nonce[0..16] = d3c79c64 4442e229 ... [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[3] = ike_st_i_qm_ids [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[4] = ike_st_i_qm_ke [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[5] = ike_st_i_qm_sa_proposals [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_i_qm_sa_proposals: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_qm_select_sa: Select QM SA policy call entered, IKE SA 8c76400 (neg 8c7a800) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ikev2_ts_allocate: Allocated ts 0x8bf3e00, ref_cnt 1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ikev2_ts_allocate: Allocated ts 0x8bf3e20, ref_cnt 1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_qm_select_sa: Taking reference to fallback negotiation 8c7a800 (now 3 references) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_set_thread_debug_info: ikev2_fb_qm_select_sa: set thread debug info - local 192.168.13.13 remote 192.168.11.11 neg 0x8c7a800 neg->ike_sa 0x8c76400 ike_sa 0x0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Input function[5] = ike_st_i_qm_sa_proposals asked retry later [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_process_packet: No output packet, returning [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_qm_negotiation_wait_sa_installation: Suspending until the IPSec SA is installed (neg 8c7a800) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_st_select_qm_sa_alloc_spi: FB; Calling v2 policy function ipsec_spi_allocate [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] iked_pm_ipsec_spi_allocate: local:192.168.13.13, remote:192.168.11.11 IKEv1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Allocated SPI [39951590]. proto 0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Added (spi=0x90159539, protocol=0) entry to the spi table [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Parsing notification payload for local:192.168.13.13, remote:192.168.11.11 IKEv1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_ipsec_spi_allocate_cb: New IPSec SPI 90159539 allocated successfully (neg 8c7a800) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_st_select_qm_sa_alloc_spi: FB; Calling v2 policy function ipsec_spi_allocate [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] iked_pm_ipsec_spi_allocate: local:192.168.13.13, remote:192.168.11.11 IKEv1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Allocated SPI [59385903]. proto 0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Added (spi=0x3593859, protocol=0) entry to the spi table [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Parsing notification payload for local:192.168.13.13, remote:192.168.11.11 IKEv1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_ipsec_spi_allocate_cb: New IPSec SPI 3593859 allocated successfully (neg 8c7a800) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_st_select_qm_sa_select: FB; Calling v2 policy function select_ipsec_sa [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Selecting IPSec SA payload for local:192.168.13.13 remote:192.168.11.11IKEv1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Peer's proposed IPSec SA payload is SA() [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Inside iked_pm_phase2_sa_cfg_lookup [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ikev2_ts_allocate: Allocated ts 0x8bf3ea0, ref_cnt 1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ikev2_ts_allocate: Allocated ts 0x8bf3ec0, ref_cnt 1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Peer's proposed traffic selectors is his local: ipv4(0.0.0.0-255.255.255.255) his remote: ipv4(0.0.0.0-255.255.255.255) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Configured traffic selectors is local: ipv4(0.0.0.0-255.255.255.255) Remote: ipv4(0.0.0.0-255.255.255.255) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ikev2_ts_allocate: Allocated ts 0x8bf3ee0, ref_cnt 1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ikev2_ts_free: ts 0x8bf3ee0, ref_cnt 1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ikev2_ts_allocate: Allocated ts 0x8bf3ee0, ref_cnt 1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ikev2_ts_free: ts 0x8bf3ee0, ref_cnt 1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ikev2_ts_free: ts 0x8bf3ea0, ref_cnt 1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ikev2_ts_free: ts 0x8bf3ec0, ref_cnt 1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Found SA-CFG SRX-11 by ip address for local:192.168.13.13, remote:192.168.11.11 IKEv1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Found SA-CFG SRX-11 for phase 2 for local:192.168.13.13, remote:192.168.11.11 IKEv1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Configured IPSec SA payload is SA() [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ikev2_sa_select: SA_SELECT: Selecting IKEv1 proposal. [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ikev2_sav1_select: Comparing 1 input proposals against 1 policy proposals [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ikev2_sav1_select: Comparing input proposal #1 against policy proposal #1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_choose_v1_proposal: Comparing 1 protocol(s) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_choose_v1_proposal: Comparing transforms of protocol 3 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_choose_v1_transform: Comparing 1 input transforms against 1 policy transforms [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_choose_v1_transform: Comparing input transform #0 against policy transform #0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_choose_v1_transform: Transform id 12 matches, comparing attributes [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Comparing 5 input attributes against 5 policy attributes [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Comparing input attribute 0 against policy attribute 0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Input and policy attributes of type 6 match [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Comparing input attribute 1 against policy attribute 1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Input and policy attributes of type 5 match [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Input attribute 2 is life type/duration, ignoring [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Input attribute 3 is life type/duration, ignoring [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Comparing input attribute 4 against policy attribute 0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Comparing input attribute 4 against policy attribute 1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Comparing input attribute 4 against policy attribute 2 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Comparing input attribute 4 against policy attribute 3 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Comparing input attribute 4 against policy attribute 4 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Attributes matched successfully [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_ikev1_attribute_check: Setting life in seconds to 1200 from policy [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_choose_v1_transform: Attributes match; selected input transform 0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_choose_v1_proposal: Protocols match [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_choose_v1_proposal: Selected proposal number 1 and transforms for 1 protocols [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_choose_v1_proposal: Selected transform id 12 for protocol 3 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ikev2_sav1_select: Proposals match [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_get_data_attribute_int: get_int: type = 6 (0x0006), value = 128 (0x00000080), len = 2 (0x0002) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_get_data_attribute_int: get_int: type = 5 (0x0005), value = 1 (0x00000001), len = 2 (0x0002) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_get_data_attribute_int: get_int: type = 1 (0x0001), value = 1 (0x00000001), len = 2 (0x0002) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_get_data_attribute_int: get_int: type = 2 (0x0002), value = 1200 (0x000004b0), len = 4 (0x0004) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_get_data_attribute_int: get_int: type = 4 (0x0004), value = 1 (0x00000001), len = 2 (0x0002) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_st_select_qm_sa_notify_request: FB; Calling v2 policy function notify_request [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Parsing notification payload for local:192.168.13.13, remote:192.168.11.11 IKEv1 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_qm_sa_reply: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_qm_sa_reply: Selected proposal 0, and transform 0 for protocol 0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_get_data_attribute_int: get_int: type = 6 (0x0006), value = 128 (0x00000080), len = 2 (0x0002) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_get_data_attribute_int: get_int: type = 5 (0x0005), value = 1 (0x00000001), len = 2 (0x0002) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_get_data_attribute_int: get_int: type = 1 (0x0001), value = 1 (0x00000001), len = 2 (0x0002) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_get_data_attribute_int: get_int: type = 2 (0x0002), value = 1200 (0x000004b0), len = 4 (0x0004) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_get_data_attribute_int: get_int: type = 4 (0x0004), value = 1 (0x00000001), len = 2 (0x0002) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fallback_negotiation_free: Fallback negotiation 8c7a800 has still 2 references [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_set_debug_gw_info: ssh_set_debug_gw_info: set gw debug info - local 192.168.13.13 remote 192.168.11.11 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_restart_packet: Start, restart packet SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708}, nego = 0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Current state = Start QM R (15)/5, exchange = 32, auth_method = any, Responder [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation R (2), xchg = 2, auth = 0, fields = 0001 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation R (2), xchg = 4, auth = 0, fields = 0017 / 06e0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 2, auth = 3, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 2, auth = 0, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 4, auth = 3, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 4, auth = 2, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 4, auth = 4, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM final R (8), xchg = 2, auth = 0, fields = ffff / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM done I (9), xchg = 2, auth = 0, fields = ffff / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM final I (12), xchg = 4, auth = 0, fields = ffff / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM done R (13), xchg = 4, auth = 0, fields = ffff / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA I (3), xchg = 2, auth = 2, fields = 0001 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA R (4), xchg = 2, auth = 2, fields = 0012 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE I (5), xchg = 2, auth = 2, fields = 0012 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE R (6), xchg = 2, auth = 2, fields = 000c / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM final I (7), xchg = 2, auth = 2, fields = 000c / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA I (10), xchg = 4, auth = 2, fields = 001f / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA R (11), xchg = 4, auth = 2, fields = 0008 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA I (3), xchg = 2, auth = 3, fields = 0001 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA R (4), xchg = 2, auth = 3, fields = 0016 / 06e0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE I (5), xchg = 2, auth = 3, fields = 0016 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE R (6), xchg = 2, auth = 3, fields = 0020 / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM final I (7), xchg = 2, auth = 3, fields = 0020 / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA I (10), xchg = 4, auth = 3, fields = 0037 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA R (11), xchg = 4, auth = 3, fields = 0020 / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA I (3), xchg = 2, auth = 4, fields = 0001 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA R (4), xchg = 2, auth = 4, fields = 0012 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE I (5), xchg = 2, auth = 4, fields = 0012 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE R (6), xchg = 2, auth = 4, fields = 0024 / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM final I (7), xchg = 2, auth = 4, fields = 0024 / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA I (10), xchg = 4, auth = 4, fields = 0037 / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA R (11), xchg = 4, auth = 4, fields = 0020 / 0680 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA I (3), xchg = 2, auth = 0, fields = 0001 / 06c0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start QM I (14), xchg = 32, auth = 1, fields = 0000 / 0000 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start QM R (15), xchg = 32, auth = 1, fields = 0031 / 0206 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matched state = Start QM R (15) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[5] = ike_st_i_qm_sa_proposals [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_i_qm_sa_proposals: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[6] = ike_st_i_status_n [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_i_status_n: Start, doi = 1, protocol = 0, code = unknown (40001), spi[0..4] = e12cc87e 00000000 ..., data[0..8] = 00010004 ac13000b ... [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] :500 (Responder) <-> 192.168.11.11:500 { 66d3e0d1 4604eb50 - 89829bbf 324bc708 [0] / 0xd14e334b } QM; Invalid protocol_id = 0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] iked_pv_audit_callback: Empty SSH audit event [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_phase_qm_notification: QM notification call entered, IKE SA 8c76400 (neg 8c7a800) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] iked_pm_ike_spd_notify_received: Received authenticated notification payload unknown from local:192.168.13.13 remote:192.168.11.11 IKEv1 for P1 SA 4488225 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Received NHTB payload from local:192.168.13.13, remote:192.168.11.11 IKEv1 P1 SA index 4488225 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_decode_data_attribute_int: decode_int V: type = 1 (0x0001), value = -1408040949 (0xac13000b), len = 4 (0x0004) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Received NHTB private IP address 172.19.0.11 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_decode_data_attribute_size: decode_size V: type = 1 (0x0001), len = 4 (0x0004), padding = 0, size = 8 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] QM notification `(null)' (40001) (size 8 bytes) from 192.168.11.11 for protocol Reserved spi[0...3]=e1 2c c8 7e [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[7] = ike_st_i_private [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_i_private: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling output function[0] = ike_st_o_qm_hash_2 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_o_qm_hash_2: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling output function[1] = ike_st_o_qm_sa_values [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_o_qm_sa_values: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_get_data_attribute_int: get_int: type = 6 (0x0006), value = 128 (0x00000080), len = 2 (0x0002) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_get_data_attribute_int: get_int: type = 5 (0x0005), value = 1 (0x00000001), len = 2 (0x0002) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_get_data_attribute_int: get_int: type = 1 (0x0001), value = 1 (0x00000001), len = 2 (0x0002) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_get_data_attribute_int: get_int: type = 2 (0x0002), value = 1200 (0x000004b0), len = 4 (0x0004) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_get_data_attribute_int: get_int: type = 4 (0x0004), value = 1 (0x00000001), len = 2 (0x0002) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling output function[2] = ike_st_o_qm_nonce [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_o_qm_nonce: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_qm_nonce_data_len: Entered [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_policy_reply_qm_nonce_data_len: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling output function[3] = ike_st_o_qm_optional_ke [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_o_qm_optional_ke: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling output function[4] = ike_st_o_qm_optional_ids [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_o_qm_optional_ids: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_qm_local_id: Using ipv4_subnet(any:0,[0..7]=0.0.0.0/0) as local QM identity [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_policy_reply_qm_local_id: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_qm_remote_id: Using ipv4_subnet(any:0,[0..7]=0.0.0.0/0) as remote QM identity [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_policy_reply_qm_remote_id: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_qm_optional_id: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_qm_optional_id: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling output function[5] = ike_st_o_qm_optional_responder_lifetime_n [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_o_qm_optional_responder_lifetime_n: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling output function[6] = ike_st_o_private [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_o_private: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_private_p_qm_out: Phase-QM output: packet_number 2 ike_sa 8c76400 (neg 8c7a800) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_qm_pending_natt_operations: Processing pending NAT-T operations [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_private_p_qm_out: No NAT-T present [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ikev2_fb_private_p_qm_out: FB; Calling v2 policy function private_payload_request [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Construction NHTB payload for local:192.168.13.13, remote:192.168.11.11 IKEv1 P1 SA index 4488225 sa-cfg SRX-11 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] Role is responder. Using responder spi 0x7ec82ce1 for payload of sa-cfg SRX-11 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_policy_reply_private_payload_out: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_policy_reply_private_payload_out: Start [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling output function[7] = ike_st_o_encrypt [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_st_o_encrypt: Marking encryption for packet [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_state_step: All done, new state = QM HASH SA R (17) [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Start, SA = { 0x66d3e0d1 4604eb50 - 89829bbf 324bc708 } / d14e334b, nego = 0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Payload length = 20 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_encode_data_attribute: encode B: type = 6 (0x0006), len = 2, value = 0080 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_encode_data_attribute: encode B: type = 5 (0x0005), len = 2, value = 0001 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_encode_data_attribute: encode B: type = 1 (0x0001), len = 2, value = 0001 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_encode_data_attribute: encode V: type = 2 (0x0002), len = 4 (0x0004), value = 000004b0 ... [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ssh_ike_encode_data_attribute: encode B: type = 4 (0x0004), len = 2, value = 0001 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Payload length = 56 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Payload length = 20 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Payload length = 16 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Payload length = 16 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Payload length = 24 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Packet length = 180 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Calling finalizing function for payload[0].type = 8 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Encrypting packet [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_encode_packet: Final length = 180 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_send_packet: Start, send SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708}, nego = 0, dst = 192.168.11.11:500, routing table id = 0 [Feb 11 20:39:53][192.168.13.13 <-> 192.168.11.11] ike_send_packet: Inserting retransmission timer after 10.000000 seconds [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ikev2_packet_allocate: Allocated packet 8c25800 from freelist [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ikev2_packet_allocate: [8c25800/0] Allocating [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] *** Processing received packet from 192.168.11.11:500 to 192.168.13.13:0 VR 0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ikev2_packet_st_input_start: [8c25800/0] Processing received [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_sa_find: Start, SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708 } [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_sa_find: Found SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708 } [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Found IKEv1 SA [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ikev2_packet_st_input_v1_get_sa: [8c25800/deadbeee] Packet to existing v1 SA [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_udp_callback_common: Packet from 192.168.11.11:500, use_natt=0 data[0..52] = 66d3e0d1 4604eb50 89829bbf 324bc708 ... [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_get_sa: Start, SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708 } / d14e334b, remote = 192.168.11.11:500 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_sa_find: Start, SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708 } [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_sa_find: Found SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708 } [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_udp_callback_common: Finding negotiation for d14e334b, [0].message-id = d14e334b [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_udp_callback_common: Old negotiation message_id = d14e334b, slot 0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: Start [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: Start, SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708} / d14e334b, nego = 0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: first_payload_type:8. [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: Decrypting packet [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_decode_packet: next_payload_type:0. [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Current state = QM HASH SA R (17)/-1, exchange = 32, auth_method = any, Responder [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation R (2), xchg = 2, auth = 0, fields = 0001 / 06c0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation R (2), xchg = 4, auth = 0, fields = 0017 / 06e0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 2, auth = 3, fields = 0000 / 0000 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 2, auth = 0, fields = 0000 / 0000 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 4, auth = 3, fields = 0000 / 0000 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 4, auth = 2, fields = 0000 / 0000 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start sa negotiation I (1), xchg = 4, auth = 4, fields = 0000 / 0000 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM final R (8), xchg = 2, auth = 0, fields = ffff / 0000 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM done I (9), xchg = 2, auth = 0, fields = ffff / 0000 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM final I (12), xchg = 4, auth = 0, fields = ffff / 0000 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM done R (13), xchg = 4, auth = 0, fields = ffff / 0000 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA I (3), xchg = 2, auth = 2, fields = 0001 / 06c0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA R (4), xchg = 2, auth = 2, fields = 0012 / 06c0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE I (5), xchg = 2, auth = 2, fields = 0012 / 06c0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE R (6), xchg = 2, auth = 2, fields = 000c / 06c0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM final I (7), xchg = 2, auth = 2, fields = 000c / 0680 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA I (10), xchg = 4, auth = 2, fields = 001f / 06c0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA R (11), xchg = 4, auth = 2, fields = 0008 / 06c0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA I (3), xchg = 2, auth = 3, fields = 0001 / 06c0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA R (4), xchg = 2, auth = 3, fields = 0016 / 06e0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE I (5), xchg = 2, auth = 3, fields = 0016 / 06c0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE R (6), xchg = 2, auth = 3, fields = 0020 / 0680 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM final I (7), xchg = 2, auth = 3, fields = 0020 / 0680 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA I (10), xchg = 4, auth = 3, fields = 0037 / 06c0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA R (11), xchg = 4, auth = 3, fields = 0020 / 0680 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA I (3), xchg = 2, auth = 4, fields = 0001 / 06c0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA R (4), xchg = 2, auth = 4, fields = 0012 / 06c0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE I (5), xchg = 2, auth = 4, fields = 0012 / 06c0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM KE R (6), xchg = 2, auth = 4, fields = 0024 / 0680 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM final I (7), xchg = 2, auth = 4, fields = 0024 / 0680 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA I (10), xchg = 4, auth = 4, fields = 0037 / 0680 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = AM SA R (11), xchg = 4, auth = 4, fields = 0020 / 0680 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = MM SA I (3), xchg = 2, auth = 0, fields = 0001 / 06c0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start QM I (14), xchg = 32, auth = 1, fields = 0000 / 0000 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = Start QM R (15), xchg = 32, auth = 1, fields = 0031 / 0206 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = QM HASH SA I (16), xchg = 32, auth = 1, fields = 0031 / 0206 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matching with state = QM HASH SA R (17), xchg = 32, auth = 1, fields = 0020 / 0200 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Matched state = QM HASH SA R (17) [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[0] = ike_st_i_encrypt [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_st_i_encrypt: Check that packet was encrypted succeeded [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[1] = ike_st_i_qm_hash_3 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_st_i_qm_hash_3: Start, hash[0..16] = 0011c69e cc2ca5d7 ... [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[2] = ike_st_i_status_n [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling input function[3] = ike_st_i_private [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_st_i_private: Start [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: Calling output function[0] = ike_st_o_qm_wait_done [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] :500 (Responder) <-> 192.168.11.11:500 { 66d3e0d1 4604eb50 - 89829bbf 324bc708 [0] / 0xd14e334b } QM; MESSAGE: Phase 2 connection succeeded, No PFS, group = 0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_qm_call_callback: MESSAGE: Phase 2 connection succeeded, No PFS, group = 0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] :500 (Responder) <-> 192.168.11.11:500 { 66d3e0d1 4604eb50 - 89829bbf 324bc708 [0] / 0xd14e334b } QM; MESSAGE: SA[0][0] = ESP aes, life = 0 kB/1200 sec, group = 0, tunnel, hmac-md5-9 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_qm_call_callback: MESSAGE: SA[0][0] = ESP aes, life = 0 kB/1200 sec, group = 0, tunnel, hmac-md5-96, Extended seq not used, key len = 128, key rounds = 0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ikev2_fb_sa_handler: SA handler entered, IKE SA 8c76400 (neg 8c7a800) [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ikev2_fb_sa_handler: Outbound SPI 7ec82ce1 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ikev2_fb_fill_keymat: Generate keys for inbound ESP transform, SPI 90159539, key length 32 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ikev2_fb_fill_keymat: Inbound ESP key: [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] 00000000: be6c 7eb4 ecf6 2112 e9fc 06ae 724f d33f .l~...!.....rO.? [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] 00000010: 4d21 aa3b eb70 d0d0 4b93 7ead 3417 69f4 M!.;.p..K.~.4.i. [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ikev2_fb_fill_keymat: Generate keys for outbound ESP transform, SPI 7ec82ce1, key length 32 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ikev2_fb_fill_keymat: Outbound ESP key: [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] 00000000: 5d68 523d e298 166d cb8f d47e 3b66 16bf ]hR=...m...~;f.. [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] 00000010: 047b d56e 6993 a4c7 acc1 097e d050 d721 .{.ni......~.P.! [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ikev2_fb_fill_keymat: Keymat, length 64 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] 00000000: be6c 7eb4 ecf6 2112 e9fc 06ae 724f d33f .l~...!.....rO.? [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] 00000010: 4d21 aa3b eb70 d0d0 4b93 7ead 3417 69f4 M!.;.p..K.~.4.i. [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] 00000020: 5d68 523d e298 166d cb8f d47e 3b66 16bf ]hR=...m...~;f.. [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] 00000030: 047b d56e 6993 a4c7 acc1 097e d050 d721 .{.ni......~.P.! [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ikev2_fb_sa_handler: Calling ipsec_spi_delete [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] iked_pm_ipsec_spi_delete: Received IPsec SPI delete for SPI 0x03593859 from the IKE library [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ikev2_fb_sa_handler: FB; Calling v2 policy function ipsec_sa_install [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] iked_pm_ipsec_sa_install: local:192.168.13.13, remote:192.168.11.11 IKEv1 for SA-CFG SRX-11 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Parsing notification payload for local:192.168.13.13, remote:192.168.11.11 IKEv1 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] iked_update_sa_cfg_port sa_cfg(SRX-11) local_port(0)and remote_port(500) [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] iked_pm_ipsec_sa_create: encr key len 16, auth key len: 16, salt len: 0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Creating a SA spi=0x90159539, proto=ESP pair_index = 1 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Added (spi=0x90159539, protocol=ESP dst=192.168.13.13) entry to the peer hash table [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] iked_sa_cfg_update_sa_cfg_child_sa_count Parent not found for sa_cfg SRX-11 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] iked_lookup_peer_entry: Peer entry 0x8c94c00 FOUND for local 192.168.13.13:500 and remote 192.168.11.11:500 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Peer entry exist for local 192.168.13.13:500 and remote 192.168.11.11:500 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] iked_peer_insert_sa_cfg_entry: insert sa_cfg tunnel_id entry 131073 into peer entry 0x8c94c00 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Creating a SA spi=0x7ec82ce1, proto=ESP pair_index = 1 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Added (spi=0x7ec82ce1, protocol=ESP dst=192.168.11.11) entry to the peer hash table [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] iked_sa_cfg_update_sa_cfg_child_sa_count Parent not found for sa_cfg SRX-11 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] iked_nhtb_update_on_sa_create: Interface st0.0 is P2P for sa_cfg SRX-11. Thus ignoring NHTB notification message [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] iked_pm_ipsec_sa_install: SA LIFE CREATED time 1392151194 with HARD LIFETIME SECONDS 1200 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Hardlife timer started for inbound SRX-11 with 1200 seconds/0 kilobytes [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Softlife timer started for inbound SRX-11 with 983 seconds/0 kilobytes [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] kmd_update_sa_in_kernel [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] In iked_fill_sa_bundle [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] SRX-11 : VPN Monitor Interval=0(0) Optimized=0(0) [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] iked_lookup_peer_entry: Peer entry 0x8c94c00 FOUND for local 192.168.13.13:500 and remote 192.168.11.11:500 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] iked_fill_sa_bundle : DPD Interval=0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] SA bundle remote gateway: IP 192.168.11.11 chosen [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] SA bundle local gateway: IP 192.168.13.13 chosen [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] In iked_fill_ipsec_ipc_sa_pair [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] In iked_fill_ipc_sa_keys [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] In iked_fill_ipc_sa_keys [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] In iked_fill_ipc_sa_keys [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] In iked_fill_ipc_sa_keys [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ----------------Voyager ipsec SA BUNDLE------------------- [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] SA pair update request for: Tunnel index: 131073 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Local Gateway address: 192.168.13.13 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Primary remote Gateway address: 192.168.11.11 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Backup remote Gateway State: Active [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Anti replay: counter-based enabled [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Window_size: 64 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Server Time: 0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Peer : Static [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Mode : Tunnel [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] VPN Type : route-based [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Tunnel mtu: 0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] DF bit: 0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] local-if ifl idx: 1124073472 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] tunnel-if ifl idx: 1140850688 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Tunnel mtu: 0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] DPD interval: 0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] policy id: 0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] NATT enabled: 0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] NATT version: 0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] NAT position: 0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] SA Idle time: 0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] SA Outbound install delay time: 1 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] IKED ID: 0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] DIST ID: 0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Keepalive interval: 0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] VPN monitoring interval: 0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] VPN monitoring optimized: 0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Respond-bad-SPI: 0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] seq_out: 0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Local port: 0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Remote port: 500 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] SA CFG name: SRX-11 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Dial-up IKE ID: [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] RG ID: 0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Group template tunnel ID: 0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ----------------Incoming SA ------------------- [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] SPI: 0x90159539 Protocol: 2 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Algorithm: 129 Auth key. length: 16 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Encr key. length; 16 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ----------------Outgoing SA ------------------- [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] SPI: 0x7ec82ce1 Protocol: 2 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Algorithm: 129 Auth key. length: 16 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Encr key. length; 16 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] In iked_ipsec_sa_pair_add Adding GENCFG msg with key; Tunnel = 131073;SPI-In = 0x90159539 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Added dependency on SA config blob with tunnelid = 131073 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Successfully added ipsec SA PAIR [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] iked_is_anchoring_instance sa_dist_id=0, self_dist_id=255 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] (iked_is_anchoring_instance): This is ANCHORING instance [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] iked_lookup_peer_entry: Peer entry 0x8c94c00 FOUND for local 192.168.13.13:500 and remote 192.168.11.11:500 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] kmd_update_sa_in_kernel [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ikev2_fb_ipsec_sa_install_done: IPsec SA install done error 0 (neg 8c7a800) [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_st_o_qm_wait_done: Marking for waiting for done [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_free_packet: Start [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_state_step: All done, new state = QM done R (19) [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ikev2_fb_negotiation_done_qm: Entered IKE error code Connected notification (16384) (neg 8c7a800) [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_send_notify: Connected, SA = { 66d3e0d1 4604eb50 - 89829bbf 324bc708}, nego = 0 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ike_process_packet: No output packet, returning [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ikev2_packet_destroy: [8c25800/deadbeee] Destructor [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ikev2_packet_free: [8c25800/deadbeee] Freeing [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ikev2_fb_ipsec_complete: FB; Calling v2 policy function ipsec_sa_done [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Inside iked_pm_ipsec_sa_done [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] IPSec negotiation done successfully for SA-CFG SRX-11 for local:192.168.13.13, remote:192.168.11.11 IKEv1 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] iked_unset_sa_cfg_p2_ed unset_sa_cfg_p2_ed, sa_cfg=SRX-11 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ikev2_fb_qm_negotiation_destructor: Freeing fallback negotiation context [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ikev2_fb_phase_qm_clear_pm_data: Clearing FB negotiation 8c7a800 from qm_info 8c50380 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ikev2_fallback_negotiation_free: Fallback negotiation 8c7a800 has still 1 references [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ikev2_fallback_negotiation_free: Freeing fallback negotiation 8c7a800 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ikev2_free_exchange_data: Freeing exchange data from SA 8c76400, ED 8c95028 (1) [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ikev2_free_exchange_data_ipsec: Freeing IPsec exchange data from SA 8c76400 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ssh_ikev2_ts_free: ts 0x8bf3e00, ref_cnt 2 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ssh_ikev2_ts_free: ts 0x8bf3e20, ref_cnt 2 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ssh_ikev2_ts_free: ts 0x8bf3e20, ref_cnt 1 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ssh_ikev2_ts_free: ts 0x8bf3e00, ref_cnt 1 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ikev2_free_exchange_data_ipsec: Successfully freed IPsec exchange data from SA 8c76400 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ikev2_free_exchange_data: Calling exchange_data_free [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Freeing P2 Ed for sa-cfg N/A [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] iked_pm_ike_exchange_data_free: Successfully removed pm_ed 8c94000 from list for sa_cfg N/A [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ikev2_free_exchange_data: Successfully freed exchange data from SA 8c76400 [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] ssh_ikev2_ike_sa_free: Calling ike_sa_free_ref [Feb 11 20:39:54][192.168.13.13 <-> 192.168.11.11] Freeing reference to P1 SA 4488225 to ref count 1