最新文章专题视频专题问答1问答10问答100问答1000问答2000关键字专题1关键字专题50关键字专题500关键字专题1500TAG最新视频文章推荐1 推荐3 推荐5 推荐7 推荐9 推荐11 推荐13 推荐15 推荐17 推荐19 推荐21 推荐23 推荐25 推荐27 推荐29 推荐31 推荐33 推荐35 推荐37视频文章20视频文章30视频文章40视频文章50视频文章60 视频文章70视频文章80视频文章90视频文章100视频文章120视频文章140 视频2关键字专题关键字专题tag2tag3文章专题文章专题2文章索引1文章索引2文章索引3文章索引4文章索引5123456789101112131415文章专题3
综合
当前位置: 首页 - 正文

IPSEC VPN成功建立的debug信息

来源:动视网 责编:小OO 时间:2025-09-25 13:52:36
文档

IPSEC VPN成功建立的debug信息

*Mar104:05:04.103:ISAKMP:receivedkemessage(1/1)*Mar104:05:04.103:ISAKMP(0:0):SArequestprofileis(NULL)*Mar104:05:04.103:ISAKMP:localport500,remoteport500*Mar104:05:04.107:ISAKMP:setnewnode0toQM_IDLE*Mar104:05:04.107:ISAKMP:insertsasuccessfullysa=82D8
推荐度:
点击下载本文 文档为doc格式
导读*Mar104:05:04.103:ISAKMP:receivedkemessage(1/1)*Mar104:05:04.103:ISAKMP(0:0):SArequestprofileis(NULL)*Mar104:05:04.103:ISAKMP:localport500,remoteport500*Mar104:05:04.107:ISAKMP:setnewnode0toQM_IDLE*Mar104:05:04.107:ISAKMP:insertsasuccessfullysa=82D8
*Mar 1 04:05:04.103: ISAKMP: received ke message (1/1)

*Mar 1 04:05:04.103: ISAKMP (0:0): SA request profile is (NULL)

*Mar 1 04:05:04.103: ISAKMP: local port 500, remote port 500

*Mar 1 04:05:04.107: ISAKMP: set new node 0 to QM_IDLE

*Mar 1 04:05:04.107: ISAKMP: insert sa successfully sa = 82D88E8C

*Mar 1 04:05:04.107: ISAKMP (0:1): Can not start Aggressive mode, trying Main mode.

*Mar 1 04:05:04.107: ISAKMP: Looking for a matching key for 202.100.2.1 in default : success

*Mar 1 04:05:04.107: ISAKMP (0:1): found peer pre-shared key matching 202.100.2.1

*Mar 1 04:05:04.111: ISAKMP (0:1): constructed NAT-T vendor-07 ID

*Mar 1 04:05:04.111: ISAKMP (0:1): constructed NAT-T vendor-03 ID

*Mar 1 04:05:04.111: ISAKMP (0:1): constructed NAT-T vendor-02 ID

*Mar 1 04:05:04.111: ISAKMP (0:1): Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM

*Mar 1 04:05:04.111: ISAKMP (0:1): Old State = IKE_READY New State = IKE_I_MM1

*Mar 1 04:05:04.111: ISAKMP (0:1): beginning Main Mode exchange

*Mar 1 04:05:04.115: ISAKMP (0:1): sending packet to 202.100.2.1 my_port 500 peer_port 500 (I) MM_NO_STATE

*Mar 1 04:05:04.***: ISAKMP (0:1): received packet from 202.100.2.1 dport 500 sport 500 Global (I) MM_NO_STATE*Mar 1 04:05:04.428: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

*Mar 1 04:05:04.428: ISAKMP (0:1): Old State = IKE_I_MM1 New State = IKE_I_MM2

*Mar 1 04:05:04.428: ISAKMP (0:1): processing SA payload. message ID = 0

*Mar 1 04:05:04..!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 8/9/12 ms

r1#428: ISAKMP (0:1): processing vendor id payload

*Mar 1 04:05:04.432: ISAKMP (0:1): vendor ID seems Unity/DPD but major 245 mismatch

*Mar 1 04:05:04.432: ISAKMP (0:1): vendor ID is NAT-T v7

*Mar 1 04:05:04.432: ISAKMP: Looking for a matching key for 202.100.2.1 in default : success

*Mar 1 04:05:04.432: ISAKMP (0:1): found peer pre-shared key matching 202.100.2.1

*Mar 1 04:05:04.432: ISAKMP (0:1) local preshared key found

*Mar 1 04:05:04.432: ISAKMP : Scanning profiles for xauth ...

*Mar 1 04:05:04.432: ISAKMP (0:1): Checking ISAKMP transform 1 against priority 10 policy

*Mar 1 04:05:04.436: ISAKMP: encryption 3DES-CBC

*Mar 1 04:05:04.436: ISAKMP: hash MD5

*Mar 1 04:05:04.436: ISAKMP: default group 2

*Mar 1 04:05:04.436: ISAKMP: auth pre-share

*Mar 1 04:05:04.436: ISAKMP: life type in seconds

*Mar 1 04:05:04.436: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80

*Mar 1 04:05:04.436: ISAKMP (0:1): atts are acceptable. Next payload is 0

*Mar 1 04:05:04.712: ISAKMP (0:1): processing vendor id payload

*Mar 1 04:05:04.712: ISAKMP (0:1): vendor ID seems Unity/DPD but major 245 mismatch

*Mar 1 04:05:04.712: ISAKMP (0:1): vendor ID is NAT-T v7

*Mar 1 04:05:04.712: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

*Mar 1 04:05:04.716: ISAKMP (0:1): Old State = IKE_I_MM2 New State = IKE_I_MM2

*Mar 1 04:05:04.732: ISAKMP (0:1): sending packet to 202.100.2.1 my_port 500 peer_port 500 (I) MM_SA_SETUP

*Mar 1 04:

05:04.732: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

*Mar 1 04:05:04.732: ISAKMP (0:1): Old State = IKE_I_MM2 New State = IKE_I_MM3

*Mar 1 04:05:05.113: ISAKMP (0:1): received packet from 202.100.2.1 dport 500 sport 500 Global (I) MM_SA_SETUP*Mar 1 04:05:05.117: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

*Mar 1 04:05:05.117: ISAKMP (0:1): Old State = IKE_I_MM3 New State = IKE_I_MM4

*Mar 1 04:05:05.121: ISAKMP (0:1): processing KE payload. message ID = 0

*Mar 1 04:05:05.458: ISAKMP (0:1): processing NONCE payload. message ID = 0*Mar 1 04:05:05.462: ISAKMP: Looking for a matching key for 202.100.2.1 in default : success

*Mar 1 04:05:05.462: ISAKMP (0:1): found peer pre-shared key matching 202.100.2.1

*Mar 1 04:05:05.466: ISAKMP (0:1): SKEYID state generated

*Mar 1 04:05:05.466: ISAKMP (0:1): processing vendor id payload

*Mar 1 04:05:05.466: ISAKMP (0:1): vendor ID is Unity

*Mar 1 04:05:05.466: ISAKMP (0:1): processing vendor id payload

*Mar 1 04:05:05.466: ISAKMP (0:1): vendor ID is DPD

*Mar 1 04:05:05.470: ISAKMP (0:1): processing vendor id payload

*Mar 1 04:05:05.470: ISAKMP (0:1): speaking to another IOS box!

*Mar 1 04:05:05.470: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

*Mar 1 04:05:05.470: ISAKMP (0:1): Old State = IKE_I_MM4 New State = IKE_I_MM4

*Mar 1 04:05:05.474: ISAKMP (0:1): Send initial contact

*Mar 1 04:05:05.474: ISAKMP (0:1): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR

*Mar 1 04:05:05.474: ISAKMP (0:1): ID payload

next-payload : 8

type : 1

address : 202.100.1.1

protocol : 17

port : 500

length : 12

*Mar 1 04:05:05.478: ISAKMP (1): Total payload length: 12

*Mar 1 04:05:05.478: ISAKMP (0:1): sending packet to 202.100.2.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH

*Mar 1 04:05:05.482: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE

*Mar 1 04:05:05.482: ISAKMP (0:1): Old State = IKE_I_MM4 New State = IKE_I_MM5

*Mar 1 04:05:05.522: ISAKMP (0:1): received packet from 202.100.2.1 dport 500 sport 500 Global (I) MM_KEY_EXCH*Mar 1 04:05:05.526: ISAKMP (0:1): processing ID payload. message ID = 0

*Mar 1 04:05:05.526: ISAKMP (0:1): ID payload

next-payload : 8

type : 1

address : 202.100.2.1

protocol : 17

port : 500

length : 12

*Mar 1 04:05:05.530: ISAKMP (0:1): processing HASH payload. message ID = 0

*Mar 1 04:05:05.530: ISAKMP (0:1): SA authentication status:

authenticated

*Mar 1 04:05:05.530: ISAKMP (0:1): SA has been authenticated with 202.100.2.1

*Mar 1 04:05:05.530: ISAKMP (0:1): peer matches *none* of the profiles

*Mar 1 04:05:05.530: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

*Mar 1 04:05:05.534: ISAKMP (0:1): Old State = IKE_I_MM5 New State = IKE_I_MM6

*Mar 1 04:05:05.534: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE

*Mar 1 04:05:05.534: ISAKMP (0:1): Old State = IKE_I_MM6 New State = IKE_I_MM6

*Mar 1 04:05:05.538: ISAKMP (0:1): Input = IKE_MESG_INT

ERNAL, IKE_PROCESS_COMPLETE

*Mar 1 04:05:05.538: ISAKMP (0:1): Old State = IKE_I_MM6 New State = IKE_P1_COMPLETE

*Mar 1 04:05:05.542: ISAKMP (0:1): received packet from 202.100.2.1 dport 500 sport 500 Global (I) MM_KEY_EXCH

*Mar 1 04:05:05.542: ISAKMP: set new node 2146831297 to QM_IDLE

*Mar 1 04:05:05.546: ISAKMP (0:1): processing HASH payload. message ID = 2146831297

*Mar 1 04:05:05.546: ISAKMP (0:1): processing DELETE payload. message ID = 2146831297

*Mar 1 04:05:05.546: ISAKMP (0:1): peer does not do paranoid keepalives.

*Mar 1 04:05:05.546: ISAKMP (0:1): deleting node 2146831297 error FALSE reason "informational (in) state 1"

*Mar 1 04:05:05.550: ISAKMP (0:1): beginning Quick Mode exchange, M-ID of 1272987518

*Mar 1 04:05:05.550: IPSEC(key_engine): got a queue event...

*Mar 1 04:05:05.550: IPSEC(key_engine_delete_sas): rec'd delete notify from ISAKMP

*Mar 1 04:05:05.554: ISAKMP (0:1): sending packet to 202.100.2.1 my_port 500 peer_port 500 (I) QM_IDLE

*Mar 1 04:05:05.558: ISAKMP (0:1): Node 1272987518, Input = IKE_MESG_INTERNAL, IKE_INIT_QM

*Mar 1 04:05:05.558: ISAKMP (0:1): Old State = IKE_QM_READY New State = IKE_QM_I_QM1

*Mar 1 04:05:05.558: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE

*Mar 1 04:05:05.558: ISAKMP (0:1): Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE

*Mar 1 04:05:05.846: ISAKMP (0:1): received packet from 202.100.2.1 dport 500 sport 500 Global (I) QM_IDLE

*Mar 1 04:05:05.850: ISAKMP (0:1): processing HASH payload. message ID = 1272987518

*Mar 1 04:05:05.854: ISAKMP (0:1): processing SA payload. message ID = 1272987518

*Mar 1 04:05:05.854: ISAKMP (0:1): Checking IPSec proposal 1

*Mar 1 04:05:05.854: ISAKMP: transform 1, ESP_DES

*Mar 1 04:05:05.854: ISAKMP: attributes in transform:

*Mar 1 04:05:05.854: ISAKMP: encaps is 1 (Tunnel)

*Mar 1 04:05:05.854: ISAKMP: SA life type in seconds

*Mar 1 04:05:05.854: ISAKMP: SA life duration (basic) of 3600

*Mar 1 04:05:05.854: ISAKMP: SA life type in kilobytes

*Mar 1 04:05:05.854: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0

*Mar 1 04:05:05.858: ISAKMP: authenticator is HMAC-MD5

*Mar 1 04:05:05.858: ISAKMP (0:1): atts are acceptable.

*Mar 1 04:05:05.858: IPSEC(validate_proposal_request): proposal part #1,

(key eng. msg.) INBOUND local= 202.100.1.1, remote= 202.100.2.1,

local_proxy= 1.1.1.1/255.255.255.255/0/0 (type=1),

remote_proxy= 2.2.2.2/255.255.255.255/0/0 (type=1),

protocol= ESP, transform= esp-des esp-md5-hmac (Tunnel),

lifedur= 0s and 0kb,

spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x2

*Mar 1 04:05:05.862: IPSEC(kei_proxy): head = wolf, map->ivrf = , kei->ivrf =

*Mar 1 04:05:05.862: ISAKMP (0:1): processing NONCE payload. message ID = 1272987518

*Mar 1 04:05:05.862: ISAKMP (0:1): processing ID payload. message ID = 1272987518

*Mar 1 04:05:05.866: ISAKMP (0:1): processing ID payload. message ID = 1272987518

*Mar 1 04:05:05.870: ISAKMP (0:1): Creating IPSec SAs

*Mar 1 04:05:05.870: inbound SA

from 202.100.2.1 to 202.100.1.1 (f/i) 0/ 0

(proxy 2.2.2.2 to 1.1.1.1)

*Mar 1 04:05:05.874: has spi 0x8DFEAD8F and conn_id 2000 and flags 2

*Mar 1 04:05:05.874: lifetime of 3600 seconds

*Mar 1 04:05:05.874: lifetime of 4608000 kilobytes

*Mar 1 04:05:05.874: has client flags 0x0

*Mar 1 04:05:05.874: outbound SA from 202.100.1.1 to 202.100.2.1 (f/i) 0/ 0 (proxy 1.1.1.1 to 2.2.2.2 )

*Mar 1 04:05:05.874: has spi 722357331 and conn_id 2001 and flags A

*Mar 1 04:05:05.874: lifetime of 3600 seconds

*Mar 1 04:05:05.874: lifetime of 4608000 kilobytes

*Mar 1 04:05:05.878: has client flags 0x0

*Mar 1 04:05:05.878: ISAKMP (0:1): sending packet to 202.100.2.1 my_port 500 peer_port 500 (I) QM_IDLE

*Mar 1 04:05:05.878: ISAKMP (0:1): deleting node 1272987518 error FALSE reason ""

*Mar 1 04:05:05.878: ISAKMP (0:1): Node 1272987518, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH

*Mar 1 04:05:05.878: ISAKMP (0:1): Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE

*Mar 1 04:05:05.882: IPSEC(key_engine): got a queue event...

*Mar 1 04:05:05.882: IPSEC(initialize_sas): ,

(key eng. msg.) INBOUND local= 202.100.1.1, remote= 202.100.2.1,

local_proxy= 1.1.1.1/0.0.0.0/0/0 (type=1),

remote_proxy= 2.2.2.2/0.0.0.0/0/0 (type=1),

protocol= ESP, transform= esp-des esp-md5-hmac (Tunnel),

lifedur= 3600s and 4608000kb,

spi= 0x8DFEAD8F(2382278031), conn_id= 2000, keysize= 0, flags= 0x2

*Mar 1 04:05:05.886: IPSEC(initialize_sas): ,

(key eng. msg.) OUTBOUND local= 202.100.1.1, remote= 202.100.2.1,

local_proxy= 1.1.1.1/0.0.0.0/0/0 (type=1),

remote_proxy= 2.2.2.2/0.0.0.0/0/0 (type=1),

protocol= ESP, transform= esp-des esp-md5-hmac (Tunnel),

lifedur= 3600s and 4608000kb,

spi= 0x2B0E4C53(722357331), conn_id= 2001, keysize= 0, flags= 0xA

*Mar 1 04:05:05.886: IPSEC(kei_proxy): head = wolf, map->ivrf = , kei->ivrf =

*Mar 1 04:05:05.0: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and 202.100.2.1

*Mar 1 04:05:05.0: IPSEC(add mtree): src 1.1.1.1, dest 2.2.2.2, dest_port 0

*Mar 1 04:05:05.0: IPSEC(create_sa): sa created,

(sa) sa_dest= 202.100.1.1, sa_prot= 50,

sa_spi= 0x8DFEAD8F(2382278031),

sa_trans= esp-des esp-md5-hmac , sa_conn_id= 2000

*Mar 1 04:05:05.0: IPSEC(create_sa): sa created,

(sa) sa_dest= 202.100.2.1, sa_prot= 50,

sa_spi= 0x2B0E4C53(722357331),

sa_trans= esp-des esp-md5-hmac , sa_conn_id= 2001

*Mar 1 04:05:15.530: ISAKMP (0:1): received packet from 202.100.2.1 dport 500 sport 500 Global (I) QM_IDLE

*Mar 1 04:05:15.530: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet.

*Mar 1 04:05:15.534: ISAKMP (0:1): retransmitting due to retransmit phase 2

*Mar 1 04:05:15.534: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 2146831297

*Mar 1 04:05:25.530: ISAKMP (0:1): received packet from 202.100.2.1 dport 500 sport 500 Global (I) QM_IDLE

*Mar 1 04:05:25.530: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet.

*Mar 1 04:05:25.530: ISAKMP (0

:1): retransmitting due to retransmit phase 2

*Mar 1 04:05:25.534: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 2146831297

*Mar 1 04:05:35.531: ISAKMP (0:1): received packet from 202.100.2.1 dport 500 sport 500 Global (I) QM_IDLE

*Mar 1 04:05:35.535: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet.

*Mar 1 04:05:35.535: ISAKMP (0:1): retransmitting due to retransmit phase 2

*Mar 1 04:05:35.535: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 2146831297

*Mar 1 04:05:45.531: ISAKMP (0:1): received packet from 202.100.2.1 dport 500 sport 500 Global (I) QM_IDLE

*Mar 1 04:05:45.531: ISAKMP (0:1): phase 2 packet is a duplicate of a previous packet.

*Mar 1 04:05:45.535: ISAKMP (0:1): retransmitting due to retransmit phase 2

*Mar 1 04:05:45.535: ISAKMP (0:1): ignoring retransmission,because phase2 node marked dead 2146831297

r1#

文档

IPSEC VPN成功建立的debug信息

*Mar104:05:04.103:ISAKMP:receivedkemessage(1/1)*Mar104:05:04.103:ISAKMP(0:0):SArequestprofileis(NULL)*Mar104:05:04.103:ISAKMP:localport500,remoteport500*Mar104:05:04.107:ISAKMP:setnewnode0toQM_IDLE*Mar104:05:04.107:ISAKMP:insertsasuccessfullysa=82D8
推荐度:
点击下载本文 文档为doc格式
  • 热门焦点

最新推荐

猜你喜欢

热门推荐

专题
产品服务 发展历程 企业资讯 企业文化 关于我们 加入我们 联系我们 网站导航 网站律师

Copyright © 2019-2025 51dongshi.net 版权所有

赣ICP备2023002352号-34

违法及侵权请联系:TEL:177 7030 7066 E-MAIL:11247931@qq.com 本站由北京市万商天勤律师事务所王兴未律师提供法律服务

Top