[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
isakmpd problems
- To: <misc@openbsd.org>
- Subject: isakmpd problems
- From: "Colin Harford" <colin.harford@exr.ualberta.ca>
- Date: Fri, 24 Sep 2004 16:12:28 -0600
- Content-class: urn:content-classes:message
- Thread-Index: AcSig5Qe8Wny14LRQMepFRetiHFVZQ==
- Thread-Topic: isakmpd problems
Did a few tests, upgraded one machine from 3.5 to 3.6, and found that my
isakmpd users can no longer get in. (Clients Netscreen Remote 8 aka
Safenet 8).
Clients are told that there is an UNEQUAL PAYLOAD LENGTH
Isakmpd.conf:
[Phase 1]
Default= ISAKMP-clients
[Phase 2]
Passive-Connections= IPsec-clients
# Phase 1 peer sections
#######################
[ISAKMP-clients]
Phase= 1
Transport= udp
Configuration= SoftPK-main-mode
Authentication= password
# Phase 2 sections
##################
[IPsec-clients]
Phase= 2
Configuration= SoftPK-quick-mode
Local-ID= default-route
Remote-ID= dummy-remote
# Client ID sections
####################
[default-route]
ID-type= IPV4_ADDR_SUBNET
Network= 0.0.0.0
Netmask= 0.0.0.0
[dummy-remote]
ID-type= IPV4_ADDR
Address= 0.0.0.0
# Transform descriptions
########################
# Some predefined section names are recognized by the daemon, voiding
the # need to fully specify the Main Mode transforms and Quick Mode
suites, # protocols and transforms.
#
# For Main Mode:
# {DES,BLF,3DES,CAST}-{MD5,SHA}[-{DSS,RSA_SIG}]
#
# For Quick Mode:
#
QM-{ESP,AH}[-TRP]-{DES,3DES,CAST,BLF,AES}[-{MD5,SHA,RIPEMD}][-PFS]-SUITE
[SoftPK-main-mode]
DOI= IPSEC
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-MD5
[SoftPK-quick-mode]
DOI= IPSEC
EXCHANGE_TYPE= QUICK_MODE
Suites= QM-ESP-3DES-MD5-SUITE
# Main mode transforms
######################
[3DES-MD5]
ENCRYPTION_ALGORITHM= 3DES_CBC
HASH_ALGORITHM= MD5
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_1_DAY
# Lifetimes
###########
[LIFE_1_DAY]
LIFE_TYPE= SECONDS
LIFE_DURATION= 86400,79200:93600
isakmpd.policy
Comment: This policy accepts ESP SAs from a remote that uses the rigth
password.
Authorizer: "POLICY"
Conditions: app_domain == "IPsec policy" &&
esp_present == "yes" &&
esp_enc_alg != "null" -> "true";
isakmpd -d -DA=75
105102.096941 Default log_debug_cmd: log level changed from 0 to 75 for
class 0 [priv]
105102.244888 Default log_debug_cmd: log level changed from 0 to 75 for
class 1 [priv]
105102.244964 Default log_debug_cmd: log level changed from 0 to 75 for
class 2 [priv]
105102.245037 Default log_debug_cmd: log level changed from 0 to 75 for
class 3 [priv]
105102.245153 Default log_debug_cmd: log level changed from 0 to 75 for
class 4 [priv]
105102.245224 Default log_debug_cmd: log level changed from 0 to 75 for
class 5 [priv]
105102.245404 Default log_debug_cmd: log level changed from 0 to 75 for
class 6 [priv]
105102.245479 Default log_debug_cmd: log level changed from 0 to 75 for
class 7 [priv]
105102.245631 Default log_debug_cmd: log level changed from 0 to 75 for
class 8 [priv]
105102.245753 Default log_debug_cmd: log level changed from 0 to 75 for
class 9 [priv]
105102.245859 Default log_debug_cmd: log level changed from 0 to 75 for
class 10 [priv]
105102.333101 Sdep 30 monitor_init: pid 14483 my fd 6 [priv]
105102.333376 Sdep 30 monitor_init: pid 0 my fd 5 [priv]
105102.333687 Misc 10 monitor_init: privileges dropped for child process
105102.541176 Misc 60 connection_record_passive: passive connection
"IPsec-clients" added 105102.541370 Plcy 30 policy_init: initializing
105102.557380 Cryp 40 x509_read_from_dir: reading certs from
/etc/isakmpd/ca/
105102.605174 Cryp 40 x509_read_from_dir: reading certs from
/etc/isakmpd/certs/
105102.630098 Cryp 40 x509_read_crls_from_dir: reading CRLs from
/etc/isakmpd/crls/
105102.666668 Trpt 40 virtual_listen_lookup: no match
105102.667202 Misc 20 udp_make: transport 0x3c1ecc80 socket 8 ip
127.0.0.1 port 500
105102.667289 Trpt 70 transport_setup: added 0x3c1ecc80 to transport
list
105102.667672 Misc 20 udp_encap_make: transport 0x3c1eccc0 socket 9 ip
127.0.0.1 port 4500
105102.667755 Trpt 70 transport_setup: added 0x3c1eccc0 to transport
list
105102.667825 Trpt 70 transport_setup: virtual transport 0x3c1ecc40
105102.667924 Trpt 40 virtual_listen_lookup: no match
105102.668321 Misc 20 udp_make: transport 0x3c1ecd40 socket 10 ip ::1
port 500
105102.668408 Trpt 70 transport_setup: added 0x3c1ecd40 to transport
list
105102.668768 Misc 20 udp_encap_make: transport 0x3c1ecd80 socket 11 ip
::1 port 4500
105102.668849 Trpt 70 transport_setup: added 0x3c1ecd80 to transport
list 105102.668920 Trpt 70 transport_setup: virtual transport 0x3c1ecd00
105102.669018 Trpt 40 virtual_listen_lookup: no match
105102.669395 Misc 20 udp_make: transport 0x3c1ece00 socket 12 ip
fe80:6::1 port 500
105102.669478 Trpt 70 transport_setup: added 0x3c1ece00 to transport
list
105102.669878 Misc 20 udp_encap_make: transport 0x3c1ece40 socket 13 ip
fe80:6::1 port 4500 105102.669960 Trpt 70 transport_setup: added
0x3c1ece40 to transport list
105102.670032 Trpt 70 transport_setup: virtual transport 0x3c1ecdc0
105102.670107 Trpt 40 virtual_listen_lookup: no match
105102.670511 Misc 20 udp_make: transport 0x3c1ecec0 socket 14 ip
XXX.XXX.XXX.214 port 500
105102.670615 Trpt 70 transport_setup: added 0x3c1ecec0 to transport
list
105102.670952 Misc 20 udp_encap_make: transport 0x3c1ecf00 socket 15 ip
XXX.XXX.XXX.214 port 4500 105102.671030 Trpt 70 transport_setup: added
0x3c1ecf00 to transport list
105102.671101 Trpt 70 transport_setup: virtual transport 0x3c1ece80
105102.671177 Trpt 40 virtual_listen_lookup: no match
105102.671526 Misc 20 udp_make: transport 0x3c1ecf80 socket 16 ip
fe80:1::202:b3ff:feca:8381 port 500
105102.671608 Trpt 70 transport_setup: added 0x3c1ecf80 to transport
list
105102.671943 Misc 20 udp_encap_make: transport 0x3c1ecfc0 socket 17 ip
fe80:1::202:b3ff:feca:8381 port 4500
105102.672022 Trpt 70 transport_setup: added 0x3c1ecfc0 to transport
list
105102.672094 Trpt 70 transport_setup: virtual transport 0x3c1ecf40
105102.672169 Trpt 40 virtual_listen_lookup: no match
105102.672861 Misc 20 udp_make: transport 0x3c06c100 socket 18 ip
129.128.83.1 port 500
105102.672979 Trpt 70 transport_setup: added 0x3c06c100 to transport
list
105102.674382 Misc 20 udp_encap_make: transport 0x3c06c140 socket 19 ip
129.128.83.1 port 4500
105102.674842 Trpt 70 transport_setup: added 0x3c06c140 to transport
list
105102.674931 Trpt 70 transport_setup: virtual transport 0x3c06c0c0
105102.675011 Trpt 40 virtual_listen_lookup: no match
105102.675381 Misc 20 udp_make: transport 0x3c06c1c0 socket 20 ip
fe80:2::202:b3ff:feb2:a3fc port 500
105102.675464 Trpt 70 transport_setup: added 0x3c06c1c0 to transport
list
105102.675804 Misc 20 udp_encap_make: transport 0x3c06c200 socket 21 ip
fe80:2::202:b3ff:feb2:a3fc port 4500
105102.675883 Trpt 70 transport_setup: added 0x3c06c200 to transport
list
105102.675953 Trpt 70 transport_setup: virtual transport 0x3c06c180
105102.676080 Trpt 40 virtual_listen_lookup: no match
105102.676468 Misc 20 udp_make: transport 0x3c06c280 socket 22 ip
129.128.88.1 port 500
105102.676548 Trpt 70 transport_setup: added 0x3c06c280 to transport
list 105102.676880 Misc 20 udp_encap_make: transport 0x3c06c2c0 socket
23 ip 129.128.88.1 port 4500 105102.676960 Trpt 70 transport_setup:
added 0x3c06c2c0 to transport list 105102.677030 Trpt 70
transport_setup: virtual transport 0x3c06c240
105102.677105 Trpt 40 virtual_listen_lookup: no match
105102.677448 Misc 20 udp_make: transport 0x3c06c340 socket 24 ip
129.128.83.9 port 500
105102.677526 Trpt 70 transport_setup: added 0x3c06c340 to transport
list
105102.677857 Misc 20 udp_encap_make: transport 0x3c06c380 socket 25 ip
129.128.83.9 port 4500
105102.677936 Trpt 70 transport_setup: added 0x3c06c380 to transport
list
105102.678006 Trpt 70 transport_setup: virtual transport 0x3c06c300
105102.678372 Misc 20 udp_make: transport 0x3c06c400 socket 26 ip
0.0.0.0 port 500
105102.678451 Trpt 70 transport_setup: added 0x3c06c400 to transport
list
105102.678786 Misc 20 udp_encap_make: transport 0x3c06c440 socket 27 ip
0.0.0.0 port 4500
105102.678861 Trpt 70 transport_setup: added 0x3c06c440 to transport
list
105102.678931 Trpt 70 transport_setup: virtual transport 0x3c06c3c0
105102.679264 Misc 20 udp_make: transport 0x3c06c4c0 socket 28 ip ::
port 500
105102.679342 Trpt 70 transport_setup: added 0x3c06c4c0 to transport
list
105102.679674 Misc 20 udp_encap_make: transport 0x3c06c500 socket 29 ip
:: port 4500
105102.679767 Trpt 70 transport_setup: added 0x3c06c500 to transport
list
105102.679838 Trpt 70 transport_setup: virtual transport 0x3c06c480
105315.978504 Trpt 70 transport_setup: added 0x3c06c580 to transport
list
105315.978663 Trpt 70 transport_setup: added 0x3c06c5c0 to transport
list
105315.978776 Trpt 50 virtual_clone: old 0x3c1ece80 new 0x3c06c540 (main
is 0x3c06c580)
105315.978848 Trpt 70 transport_setup: virtual transport 0x3c06c540
105315.979065 Mesg 70 message_recv: message 0x3c06b300
105315.979275 Mesg 70 ICOOKIE: 0xb3f68a61d91ff85a 105315.979480 Mesg 70
RCOOKIE: 0x9391d5b367768cee
105315.979555 Mesg 70 NEXT_PAYLOAD: HASH
105315.979668 Mesg 70 VERSION: 16
105315.979742 Mesg 70 EXCH_TYPE: QUICK_MODE
105315.979857 Mesg 70 FLAGS: [ ENC ]
105315.979931 Mesg 70 MESSAGE_ID: 0x408dc54f
105315.980054 Mesg 70 LENGTH: 156
105315.980134 Mesg 70 message_recv: b3f68a61 d91ff85a 9391d5b3 67768cee
08102001 408dc54f 0000009c 355f4e5b
105315.980258 Mesg 70 message_recv: 518cf3c3 b3a7c5ea 4c9360d3 88e6a1f8
0f58a84b f62bb89e cedfb3a1 1631a16f
105315.980343 Mesg 70 message_recv: 5bf26a7f 139e3270 27c63786 5a14da92
7ddf40cb c59b5833 0393f284 687b648e
105315.980447 Mesg 70 message_recv: daaa419e 6962801c b2ce8b3d e9c4e776
a5ab2ff5 90d55c5f f505c54c 293afeef
105315.980561 Mesg 70 message_recv: 5ac29005 faa3402d e6789340 1092f589
8aedc157 094008c7 3df4610c
105315.980638 Default message_recv: invalid cookie(s) b3f68a61d91ff85a
9391d5b367768cee
105315.980772 Default dropped message from ZZZ.ZZZ.108.231 port 500 due
to notification type INVALID_COOKIE
105315.980873 Timr 10 timer_add_event: event
exchange_free_aux(0x3c067a00) added last, expiration in 120s
105315.980976 Cryp 60 hash_get: requested algorithm 1
105315.981177 Exch 10 exchange_establish_p1: 0x3c067a00 <unnamed> <no
policy> policy initiator phase 1 doi 0 exchange 5 step 0
105315.981303 Exch 10 exchange_establish_p1: icookie efd72e1debc6d404
rcookie 0000000000000000
105315.981378 Exch 10 exchange_establish_p1: msgid 00000000
105315.981478 Mesg 70 message_send: message 0x3c06b380
105315.981556 Mesg 70 ICOOKIE: 0xefd72e1debc6d404
105315.981629 Mesg 70 RCOOKIE: 0x0000000000000000
105315.981726 Mesg 70 NEXT_PAYLOAD: NOTIFY
105315.981797 Mesg 70 VERSION: 16
105315.981866 Mesg 70 EXCH_TYPE: INFO
105315.981959 Mesg 70 FLAGS: [ ]
105315.982033 Mesg 70 MESSAGE_ID: 0x00000000
105315.982101 Mesg 70 LENGTH: 56
105315.982277 Mesg 70 message_send: efd72e1d ebc6d404 00000000 00000000
0b100500 00000000 00000038 0000001c
105315.982363 Mesg 70 message_send: 00000000 01100004 b3f68a61 d91ff85a
9391d5b3 67768cee
105315.982483 Exch 40 exchange_run: exchange 0x3c067a00 finished step 0,
advancing...
105315.982555 Mesg 20 message_free: freeing 0x3c06b300
105315.982677 Exch 10 exchange_finalize: 0x3c067a00 <unnamed> <no
policy> policy initiator phase 1 doi 0 exchange 5 step 1
105315.982768 Exch 10 exchange_finalize: icookie efd72e1debc6d404
rcookie 0000000000000000
105315.982839 Exch 10 exchange_finalize: msgid 00000000
105315.982909 Timr 10 timer_remove_event: removing event
exchange_free_aux(0x3c067a00)
105315.982983 Mesg 20 message_free: freeing 0x3c06b380
105315.983055 Trpt 70 transport_release: freeing 0x3c06c540
Pcap capture isakmpd -L
10:50:04.209895 XXX.XXX.XXX.214.500 > YYY.YYY.11.150.500: [udp sum ok]
isakmp v1.0 exchange INFO
cookie: 77839a133599a477->0000000000000000 msgid: 00000000 len:
40
payload: NOTIFICATION len: 12
notification: UNEQUAL PAYLOAD LENGTHS [ttl 0] (id 1)
12:10:25.087280 ZZZ.ZZZ.108.232.500 > XXX.XXX.XXX.214.500: [udp sum ok]
isakmp v1.0 exchange ID_PROT
cookie: 517dc9855be97914->0000000000000000 msgid: 00000000 len:
92
payload: SA len: 44 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 32 proposal: 1 proto: ISAKMP spisz: 0
xforms: 1
payload: TRANSFORM len: 24
transform: 1 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = 3DES_CBC
attribute HASH_ALGORITHM = MD5
attribute GROUP_DESCRIPTION = MODP_1024
attribute AUTHENTICATION_METHOD = PRE_SHARED
payload: VENDOR len: 20 (supports v1 NAT-T,
draft-ietf-ipsec-nat-t-ike-00) [ttl 0] (id 1)
12:10:25.188234 XXX.XXX.XXX.214.500 > ZZZ.ZZZ.108.232.500: [udp sum ok]
isakmp v1.0 exchange ID_PROT
cookie: 517dc9855be97914->3feb12fbb38d9e1f msgid: 00000000 len:
152
payload: SA len: 44 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 32 proposal: 1 proto: ISAKMP spisz: 0
xforms: 1
payload: TRANSFORM len: 24
transform: 1 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = 3DES_CBC
attribute HASH_ALGORITHM = MD5
attribute GROUP_DESCRIPTION = MODP_1024
attribute AUTHENTICATION_METHOD = PRE_SHARED
payload: VENDOR len: 20 (supports v1 NAT-T,
draft-ietf-ipsec-nat-t-ike-00)
payload: VENDOR len: 20 (supports v2 NAT-T,
draft-ietf-ipsec-nat-t-ike-02)
payload: VENDOR len: 20 (supports v3 NAT-T,
draft-ietf-ipsec-nat-t-ike-03)
payload: VENDOR len: 20 (supports DPD v1.0) [ttl 0] (id 1)
12:10:25.247372 ZZZ.ZZZ.108.232.500 > XXX.XXX.XXX.214.500: [udp sum ok]
isakmp v1.0 exchange ID_PROT
cookie: 517dc9855be97914->3feb12fbb38d9e1f msgid: 00000000 len:
296
payload: KEY_EXCH len: 132
payload: NONCE len: 24
payload: NAT-D len: 20
payload: NAT-D len: 20
payload: VENDOR len: 48
payload: VENDOR len: 12
payload: VENDOR len: 12 [ttl 0] (id 1)
12:10:25.275562 XXX.XXX.XXX.214.4500 > ZZZ.ZZZ.108.232.4500: [bad udp
cksum 300d!] udpencap: isakmp v1.0 exchange ID_PROT
cookie: 517dc9855be97914->3feb12fbb38d9e1f msgid: 00000000 len:
224
payload: KEY_EXCH len: 132
payload: NONCE len: 24
payload: NAT-D len: 20
payload: NAT-D len: 20 [ttl 0] (id 1)
12:10:25.350763 ZZZ.ZZZ.108.232.4500 > XXX.XXX.XXX.214.4500: [bad udp
cksum 4117!] udpencap: isakmp v1.0 exchange ID_PROT
cookie: 517dc9855be97914->3feb12fbb38d9e1f msgid: 00000000 len:
92
payload: ID len: 12 proto: 17 port: 500 type: IPV4_ADDR =
ZZZ.ZZZ.108.232
payload: HASH len: 20
payload: NOTIFICATION len: 28
notification: INITIAL CONTACT
(517dc9855be97914->3feb12fbb38d9e1f) [ttl 0] (id 1)
12:10:25.354840 XXX.XXX.XXX.214.4500 > ZZZ.ZZZ.108.232.4500: [udp sum
ok] udpencap: isakmp v1.0 exchange ID_PROT
cookie: 517dc9855be97914->3feb12fbb38d9e1f msgid: 00000000 len:
88
payload: ID len: 12 type: IPV4_ADDR = XXX.XXX.XXX.214
payload: HASH len: 20
payload: NOTIFICATION len: 28
notification: INITIAL CONTACT
(517dc9855be97914->3feb12fbb38d9e1f) [ttl 0] (id 1)
12:10:30.126519 XXX.XXX.XXX.214.500 > ZZZ.ZZZ.108.232.500: [udp sum ok]
isakmp v1.0 exchange INFO
cookie: 8c2e072f782c3f07->0000000000000000 msgid: 00000000 len:
40
payload: NOTIFICATION len: 12
notification: UNEQUAL PAYLOAD LENGTHS [ttl 0] (id 1)
12:10:50.154071 XXX.XXX.XXX.214.500 > ZZZ.ZZZ.108.232.500: [udp sum ok]
isakmp v1.0 exchange INFO
cookie: 128e41d1f262fa64->0000000000000000 msgid: 00000000 len:
40
payload: NOTIFICATION len: 12
notification: UNEQUAL PAYLOAD LENGTHS [ttl 0] (id 1)
12:11:10.185194 XXX.XXX.XXX.214.500 > ZZZ.ZZZ.108.232.500: [udp sum ok]
isakmp v1.0 exchange INFO
cookie: a4ce56af8933d105->0000000000000000 msgid: 00000000 len:
40
payload: NOTIFICATION len: 12
notification: UNEQUAL PAYLOAD LENGTHS [ttl 0] (id 1)
12:13:19.944832 ZZZ.ZZZ.108.231.500 > XXX.XXX.XXX.214.500: [udp sum ok]
isakmp v1.0 exchange ID_PROT
cookie: ed1ec13679495965->0000000000000000 msgid: 00000000 len:
92
payload: SA len: 44 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 32 proposal: 1 proto: ISAKMP spisz: 0
xforms: 1
payload: TRANSFORM len: 24
transform: 1 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = 3DES_CBC
attribute HASH_ALGORITHM = MD5
attribute GROUP_DESCRIPTION = MODP_1024
attribute AUTHENTICATION_METHOD = PRE_SHARED
payload: VENDOR len: 20 (supports v1 NAT-T,
draft-ietf-ipsec-nat-t-ike-00) [ttl 0] (id 1)
12:13:19.951769 XXX.XXX.XXX.214.500 > ZZZ.ZZZ.108.231.500: [udp sum ok]
isakmp v1.0 exchange ID_PROT
cookie: ed1ec13679495965->19a36cd7fbcf038e msgid: 00000000 len:
152
payload: SA len: 44 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 32 proposal: 1 proto: ISAKMP spisz: 0
xforms: 1
payload: TRANSFORM len: 24
transform: 1 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = 3DES_CBC
attribute HASH_ALGORITHM = MD5
attribute GROUP_DESCRIPTION = MODP_1024
attribute AUTHENTICATION_METHOD = PRE_SHARED
payload: VENDOR len: 20 (supports v1 NAT-T,
draft-ietf-ipsec-nat-t-ike-00)
payload: VENDOR len: 20 (supports v2 NAT-T,
draft-ietf-ipsec-nat-t-ike-02)
payload: VENDOR len: 20 (supports v3 NAT-T,
draft-ietf-ipsec-nat-t-ike-03)
payload: VENDOR len: 20 (supports DPD v1.0) [ttl 0] (id 1)
12:13:20.004921 ZZZ.ZZZ.108.231.500 > XXX.XXX.XXX.214.500: [udp sum ok]
isakmp v1.0 exchange ID_PROT
cookie: ed1ec13679495965->19a36cd7fbcf038e msgid: 00000000 len:
296
payload: KEY_EXCH len: 132
payload: NONCE len: 24
payload: NAT-D len: 20
payload: NAT-D len: 20
payload: VENDOR len: 48
payload: VENDOR len: 12
payload: VENDOR len: 12 [ttl 0] (id 1)
12:13:20.020658 XXX.XXX.XXX.214.4500 > ZZZ.ZZZ.108.231.4500: [bad udp
cksum 300d!] udpencap: isakmp v1.0 exchange ID_PROT
cookie: ed1ec13679495965->19a36cd7fbcf038e msgid: 00000000 len:
224
payload: KEY_EXCH len: 132
payload: NONCE len: 24
payload: NAT-D len: 20
payload: NAT-D len: 20 [ttl 0] (id 1)
12:13:20.066314 ZZZ.ZZZ.108.231.4500 > XXX.XXX.XXX.214.4500: [bad udp
cksum 3226!] udpencap: isakmp v1.0 exchange ID_PROT
cookie: ed1ec13679495965->19a36cd7fbcf038e msgid: 00000000 len:
92
payload: ID len: 12 proto: 17 port: 500 type: IPV4_ADDR =
ZZZ.ZZZ.108.231
payload: HASH len: 20
payload: NOTIFICATION len: 28
notification: INITIAL CONTACT
(ed1ec13679495965->19a36cd7fbcf038e) [ttl 0] (id 1)
12:13:20.072390 XXX.XXX.XXX.214.4500 > ZZZ.ZZZ.108.231.4500: [udp sum
ok] udpencap: isakmp v1.0 exchange ID_PROT
cookie: ed1ec13679495965->19a36cd7fbcf038e msgid: 00000000 len:
88
payload: ID len: 12 type: IPV4_ADDR = XXX.XXX.XXX.214
payload: HASH len: 20
payload: NOTIFICATION len: 28
notification: INITIAL CONTACT
(ed1ec13679495965->19a36cd7fbcf038e) [ttl 0] (id 1)
12:13:22.893684 XXX.XXX.XXX.214.500 > ZZZ.ZZZ.108.231.500: [udp sum ok]
isakmp v1.0 exchange INFO
cookie: b3bdf42ac2a30791->0000000000000000 msgid: 00000000 len:
40
payload: NOTIFICATION len: 12
notification: UNEQUAL PAYLOAD LENGTHS [ttl 0] (id 1)
12:13:42.887689 XXX.XXX.XXX.214.500 > ZZZ.ZZZ.108.231.500: [udp sum ok]
isakmp v1.0 exchange INFO
cookie: 7157d4680911f5e3->0000000000000000 msgid: 00000000 len:
40
payload: NOTIFICATION len: 12
notification: UNEQUAL PAYLOAD LENGTHS [ttl 0] (id 1)
12:14:02.888532 XXX.XXX.XXX.214.500 > ZZZ.ZZZ.108.231.500: [udp sum ok]
isakmp v1.0 exchange INFO
cookie: 81678c5bc8d7f441->0000000000000000 msgid: 00000000 len:
40
payload: NOTIFICATION len: 12
notification: UNEQUAL PAYLOAD LENGTHS [ttl 0] (id 1)
12:14:22.068529 ZZZ.ZZZ.108.231.500 > XXX.XXX.XXX.214.500: [udp sum ok]
isakmp v1.0 exchange ID_PROT
cookie: 94915e637b9c1061->0000000000000000 msgid: 00000000 len:
92
payload: SA len: 44 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 32 proposal: 1 proto: ISAKMP spisz: 0
xforms: 1
payload: TRANSFORM len: 24
transform: 1 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = 3DES_CBC
attribute HASH_ALGORITHM = MD5
attribute GROUP_DESCRIPTION = MODP_1024
attribute AUTHENTICATION_METHOD = PRE_SHARED
payload: VENDOR len: 20 (supports v1 NAT-T,
draft-ietf-ipsec-nat-t-ike-00) [ttl 0] (id 1)
12:14:22.074872 XXX.XXX.XXX.214.500 > ZZZ.ZZZ.108.231.500: [udp sum ok]
isakmp v1.0 exchange ID_PROT
cookie: 94915e637b9c1061->bbcb1694e367d539 msgid: 00000000 len:
152
payload: SA len: 44 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 32 proposal: 1 proto: ISAKMP spisz: 0
xforms: 1
payload: TRANSFORM len: 24
transform: 1 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = 3DES_CBC
attribute HASH_ALGORITHM = MD5
attribute GROUP_DESCRIPTION = MODP_1024
attribute AUTHENTICATION_METHOD = PRE_SHARED
payload: VENDOR len: 20 (supports v1 NAT-T,
draft-ietf-ipsec-nat-t-ike-00)
payload: VENDOR len: 20 (supports v2 NAT-T,
draft-ietf-ipsec-nat-t-ike-02)
payload: VENDOR len: 20 (supports v3 NAT-T,
draft-ietf-ipsec-nat-t-ike-03)
payload: VENDOR len: 20 (supports DPD v1.0) [ttl 0] (id 1)
12:14:22.125297 ZZZ.ZZZ.108.231.500 > XXX.XXX.XXX.214.500: [udp sum ok]
isakmp v1.0 exchange ID_PROT
cookie: 94915e637b9c1061->bbcb1694e367d539 msgid: 00000000 len:
296
payload: KEY_EXCH len: 132
payload: NONCE len: 24
payload: NAT-D len: 20
payload: NAT-D len: 20
payload: VENDOR len: 48
payload: VENDOR len: 12
payload: VENDOR len: 12 [ttl 0] (id 1)
12:14:22.146876 XXX.XXX.XXX.214.4500 > ZZZ.ZZZ.108.231.4500: [bad udp
cksum 300d!] udpencap: isakmp v1.0 exchange ID_PROT
cookie: 94915e637b9c1061->bbcb1694e367d539 msgid: 00000000 len:
224
payload: KEY_EXCH len: 132
payload: NONCE len: 24
payload: NAT-D len: 20
payload: NAT-D len: 20 [ttl 0] (id 1)
12:14:22.195156 ZZZ.ZZZ.108.231.4500 > XXX.XXX.XXX.214.4500: [bad udp
cksum ee39!] udpencap: isakmp v1.0 exchange ID_PROT
cookie: 94915e637b9c1061->bbcb1694e367d539 msgid: 00000000 len:
92
payload: ID len: 12 proto: 17 port: 500 type: IPV4_ADDR =
ZZZ.ZZZ.108.231
payload: HASH len: 20
payload: NOTIFICATION len: 28
notification: INITIAL CONTACT
(94915e637b9c1061->bbcb1694e367d539) [ttl 0] (id 1)
12:14:22.200329 XXX.XXX.XXX.214.4500 > ZZZ.ZZZ.108.231.4500: [bad udp
cksum 1c00!] udpencap: isakmp v1.0 exchange ID_PROT
cookie: 94915e637b9c1061->bbcb1694e367d539 msgid: 00000000 len:
60
payload: ID len: 12 type: IPV4_ADDR = XXX.XXX.XXX.214
payload: HASH len: 20 [ttl 0] (id 1)
12:14:23.887914 XXX.XXX.XXX.214.500 > ZZZ.ZZZ.108.231.500: [udp sum ok]
isakmp v1.0 exchange INFO
cookie: 0808f493dbaec951->0000000000000000 msgid: 00000000 len:
40
payload: NOTIFICATION len: 12
notification: UNEQUAL PAYLOAD LENGTHS [ttl 0] (id 1)
12:14:43.891625 XXX.XXX.XXX.214.500 > ZZZ.ZZZ.108.231.500: [udp sum ok]
isakmp v1.0 exchange INFO
cookie: 14c24e8bd0f40314->0000000000000000 msgid: 00000000 len:
40
payload: NOTIFICATION len: 12
notification: UNEQUAL PAYLOAD LENGTHS [ttl 0] (id 1)
12:15:03.887383 XXX.XXX.XXX.214.500 > ZZZ.ZZZ.108.231.500: [udp sum ok]
isakmp v1.0 exchange INFO
cookie: c6db916e25ba46a8->0000000000000000 msgid: 00000000 len:
40
payload: NOTIFICATION len: 12
notification: UNEQUAL PAYLOAD LENGTHS [ttl 0] (id 1)
Colin Harford
Network Administrator
Office of External Relations
6-61 General Services Building
University of Alberta
Edmonton, Alberta
Canada, T6G 2H1