=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2023.05.06 13:34:57 =~=~=~=~=~=~=~=~=~=~=~= ike shrank heap by 159744 bytes ike 0: comes 192.168.150.10:4500->192.168.150.1:4500,ifindex=4,vrf=0.... ike 0: IKEv2 exchange=INFORMATIONAL id=8554128eb7f2347c/61b8ebedddd9b2dd:00000022 len=60 ike 0: in 8554128EB7F2347C61B8EBEDDDD9B2DD2E202508000000220000003C000000202C8918854A2DA21773E29A87BECCFC6AA15C7CD07A62F959311DD7C2 ike 0:To-ASA:23: dec 8554128EB7F2347C61B8EBEDDDD9B2DD2E202508000000220000002000000004 ike 0:To-ASA:23: received informational request ike 0:To-ASA:23: enc 0706050403020107 ike 0:To-ASA:23: out 8554128EB7F2347C61B8EBEDDDD9B2DD2E202520000000220000003C0000002044282DD488A4AB1091B58A6387443D3AE9FE75E8782D255745CAA485 ike 0:To-ASA:23: sent IKE msg (INFORMATIONAL_RESPONSE): 192.168.150.1:4500->192.168.150.10:4500, len=60, vrf=0, id=8554128eb7f2347c/61b8ebedddd9b2dd:00000022 ike 0: comes 192.168.150.10:4500->192.168.150.1:4500,ifindex=4,vrf=0.... ike 0: IKEv2 exchange=CREATE_CHILD id=8554128eb7f2347c/61b8ebedddd9b2dd:00000023 len=244 ike 0: in 8554128EB7F2347C61B8EBEDDDD9B2DD2E20240800000023000000F4210000D873E29A87BECCFC6A99EAF6C784665A7B2819EFA0B1ED2AB1DE11DFC392EFDA40E9CA84CA581410D9D1A58F95E234CD82A3590220BAF7EBD8E133357D3F1587B4D81572109DBC828C599712454A6B7B2E345B29F5CBF67EC7E772B72464551CFD80A819E14F3E80D948217665DD14F8F3F43F6A019F43D320D95B13792CCE9E173D3F7C037AC7069405FE66B770AF719AFD129C7BBA373098ECEDDFCF5CBE744E60598B3D84F76FCCCE3FB61D9EF32602C2FC6A4B9DB53B0B1687859D29E46D5A53C914AC075B75063CB5DF3BEADF59D8A1E5CDEB ike 0:To-ASA:23: dec 8554128EB7F2347C61B8EBEDDDD9B2DD2E20240800000023000000DC21000004280000280000002401030403D4F930B40300000801000002030000080300000100000008050000002C0000448692BAEF45118AAA876BCFE3462D978099008A5024D3593EB634396830F3189B99C1722729C14E94324AD326E821D58CCD010E71E884614D846EEBC32869BFDD2D00002802000000070000100000FFFFAC10110AAC10110A070000100000FFFFAC101100AC1011FF0000002802000000070000100000FFFF1414140114141401070000100000FFFF14141400141414FF ike 0:To-ASA:23: received create-child request ike 0:To-ASA:23: responder received CREATE_CHILD exchange ike 0:To-ASA:23: responder creating new child ike 0:To-ASA:23:27: peer proposal: ike 0:To-ASA:23:27: TSi_0 0:172.16.17.10-172.16.17.10:0 ike 0:To-ASA:23:27: TSi_1 0:172.16.17.0-172.16.17.255:0 ike 0:To-ASA:23:27: TSr_0 0:20.20.20.1-20.20.20.1:0 ike 0:To-ASA:23:27: TSr_1 0:20.20.20.0-20.20.20.255:0 ike 0:To-ASA:23:sub1:27: comparing selectors ike 0:To-ASA:23:sub2:27: comparing selectors ike 0:To-ASA:23:sub3:27: comparing selectors ike 0:To-ASA:23:sub4:27: comparing selectors ike 0:To-ASA:23:sub4:27: matched by rfc-rule-2 ike 0:To-ASA:23:sub4:27: phase2 matched by subset ike 0:To-ASA:23:27: local narrowing exactly matches static selector ike 0:To-ASA:23:sub4:27: accepted proposal: ike 0:To-ASA:23:sub4:27: TSi_0 0:172.16.17.0-172.16.17.255:0 ike 0:To-ASA:23:sub4:27: TSr_0 0:20.20.20.0-20.20.20.255:0 ike 0:To-ASA:23:sub4:27: autokey ike 0:To-ASA:23:sub4:27: incoming child SA proposal: ike 0:To-ASA:23:sub4:27: proposal id = 1: ike 0:To-ASA:23:sub4:27: protocol = ESP: ike 0:To-ASA:23:sub4:27: encapsulation = TUNNEL ike 0:To-ASA:23:sub4:27: type=ENCR, val=DES_CBC ike 0:To-ASA:23:sub4:27: type=INTEGR, val=MD5 ike 0:To-ASA:23:sub4:27: type=ESN, val=NO ike 0:To-ASA:23:sub4:27: PFS is disabled ike 0:To-ASA:23:sub4:27: my proposal: ike 0:To-ASA:23:sub4:27: proposal id = 1: ike 0:To-ASA:23:sub4:27: protocol = ESP: ike 0:To-ASA:23:sub4:27: encapsulation = TUNNEL ike 0:To-ASA:23:sub4:27: type=ENCR, val=DES_CBC ike 0:To-ASA:23:sub4:27: type=INTEGR, val=MD5 ike 0:To-ASA:23:sub4:27: type=DH_GROUP, val=MODP1536 ike 0:To-ASA:23:sub4:27: type=DH_GROUP, val=MODP2048 ike 0:To-ASA:23:sub4:27: type=ESN, val=NO ike 0:To-ASA:23:sub4:27: lifetime=43200 ike 0:To-ASA:23:sub4:27: proposal id = 2: ike 0:To-ASA:23:sub4:27: protocol = ESP: ike 0:To-ASA:23:sub4:27: encapsulation = TUNNEL ike 0:To-ASA:23:sub4:27: type=ENCR, val=DES_CBC ike 0:To-ASA:23:sub4:27: type=INTEGR, val=SHA ike 0:To-ASA:23:sub4:27: type=DH_GROUP, val=MODP1536 ike 0:To-ASA:23:sub4:27: type=DH_GROUP, val=MODP2048 ike 0:To-ASA:23:sub4:27: type=ESN, val=NO ike 0:To-ASA:23:sub4:27: lifetime=43200 ike 0:To-ASA:23:sub4:27: no proposal chosen ike Negotiate SA Error: ike ike [1481] ike 0:To-ASA:23:sub4:27: responder preparing CREATE_CHILD message ike 0:To-ASA:23: enc 000000080000000E0706050403020107 ike 0:To-ASA:23: out 8554128EB7F2347C61B8EBEDDDD9B2DD2E2024200000002300000044290000286DC41665549D93EE6AC5D1332A2DAEFD9A6DA0503447E78BFDA37B41F338CCA965CDCEC2 ike 0:To-ASA:23: sent IKE msg (CREATE_CHILD_RESPONSE): 192.168.150.1:4500->192.168.150.10:4500, len=68, vrf=0, id=8554128eb7f2347c/61b8ebedddd9b2dd:00000023 ike 0:To-ASA:23:27: no proposal chosen ike 0: comes 192.168.150.10:4500->192.168.150.1:4500,ifindex=4,vrf=0.... ike 0: IKEv2 exchange=INFORMATIONAL id=8554128eb7f2347c/61b8ebedddd9b2dd:00000024 len=60 ike 0: in 8554128EB7F2347C61B8EBEDDDD9B2DD2E202508000000240000003C0000002053C914AC075B7506556A9B87FC3A2EE0FFB9D37AF0970B9C5F98261E ike 0:To-ASA:23: dec 8554128EB7F2347C61B8EBEDDDD9B2DD2E202508000000240000002000000004 ike 0:To-ASA:23: received informational request ike 0:To-ASA:23: enc 0706050403020107 ike 0:To-ASA:23: out 8554128EB7F2347C61B8EBEDDDD9B2DD2E202520000000240000003C000000205084624996164184E976FB23A929D3092863A2F636E98D2822CEE33D ike 0:To-ASA:23: sent IKE msg (INFORMATIONAL_RESPONSE): 192.168.150.1:4500->192.168.150.10:4500, len=60, vrf=0, id=8554128eb7f2347c/61b8ebedddd9b2dd:00000024 ike 0: comes 192.168.150.10:4500->192.168.150.1:4500,ifindex=4,vrf=0.... ike 0: IKEv2 exchange=CREATE_CHILD id=8554128eb7f2347c/61b8ebedddd9b2dd:00000025 len=244 ike 0: in 8554128EB7F2347C61B8EBEDDDD9B2DD2E20240800000025000000F4210000D8556A9B87FC3A2EE0FB2822528025E9A470EACDC79EAEE07A92305CD46CBA5C2A1881FE15E14A1E94597121A267ED5075598EF6F808E21B0A7E3E40C02E14389857DAF97648E84EDA91CF748BAA11CBEAEAFB4954E132F4ACDC28E54031AC9B49E61BF2E2E327B02754DF8FBF437677CB7E44EF641B04FCE310A636A2A7231DE4E61207D4CCE373AEB4CF062882378F2EC60D9080B15A9D7263BEA1B68080BDA79B581E1DDBD21B80F5235AB19512FD4FDD79D40EBC59023A2262C08D537AB464A3E3E51F5E8072B3EE9669F2A7BE58D992157F99 ike 0:To-ASA:23: dec 8554128EB7F2347C61B8EBEDDDD9B2DD2E20240800000025000000DC210000042800002800000024010304031C70B6BD0300000801000002030000080300000100000008050000002C000044906DA5336A6DFD7BB06F058D74E30F63E6B3F14B8A9CC3BE764BF8094E25F956881324AAECB0657D35920A49B3047EAAE3F1C92CA16C30466B83ADFFC62B8FCB2D00002802000000070000100000FFFFAC10110AAC10110A070000100000FFFFAC101100AC1011FF0000002802000000070000100000FFFF1414140114141401070000100000FFFF14141400141414FF ike 0:To-ASA:23: received create-child request ike 0:To-ASA:23: responder received CREATE_CHILD exchange ike 0:To-ASA:23: responder creating new child ike 0:To-ASA:23:28: peer proposal: ike 0:To-ASA:23:28: TSi_0 0:172.16.17.10-172.16.17.10:0 ike 0:To-ASA:23:28: TSi_1 0:172.16.17.0-172.16.17.255:0 ike 0:To-ASA:23:28: TSr_0 0:20.20.20.1-20.20.20.1:0 ike 0:To-ASA:23:28: TSr_1 0:20.20.20.0-20.20.20.255:0 ike 0:To-ASA:23:sub1:28: comparing selectors ike 0:To-ASA:23:sub2:28: comparing selectors ike 0:To-ASA:23:sub3:28: comparing selectors ike 0:To-ASA:23:sub4:28: comparing selectors ike 0:To-ASA:23:sub4:28: matched by rfc-rule-2 ike 0:To-ASA:23:sub4:28: phase2 matched by subset ike 0:To-ASA:23:28: local narrowing exactly matches static selector ike 0:To-ASA:23:sub4:28: accepted proposal: ike 0:To-ASA:23:sub4:28: TSi_0 0:172.16.17.0-172.16.17.255:0 ike 0:To-ASA:23:sub4:28: TSr_0 0:20.20.20.0-20.20.20.255:0 ike 0:To-ASA:23:sub4:28: autokey ike 0:To-ASA:23:sub4:28: incoming child SA proposal: ike 0:To-ASA:23:sub4:28: proposal id = 1: ike 0:To-ASA:23:sub4:28: protocol = ESP: ike 0:To-ASA:23:sub4:28: encapsulation = TUNNEL ike 0:To-ASA:23:sub4:28: type=ENCR, val=DES_CBC ike 0:To-ASA:23:sub4:28: type=INTEGR, val=MD5 ike 0:To-ASA:23:sub4:28: type=ESN, val=NO ike 0:To-ASA:23:sub4:28: PFS is disabled ike 0:To-ASA:23:sub4:28: my proposal: ike 0:To-ASA:23:sub4:28: proposal id = 1: ike 0:To-ASA:23:sub4:28: protocol = ESP: ike 0:To-ASA:23:sub4:28: encapsulation = TUNNEL ike 0:To-ASA:23:sub4:28: type=ENCR, val=DES_CBC ike 0:To-ASA:23:sub4:28: type=INTEGR, val=MD5 ike 0:To-ASA:23:sub4:28: type=DH_GROUP, val=MODP1536 ike 0:To-ASA:23:sub4:28: type=DH_GROUP, val=MODP2048 ike 0:To-ASA:23:sub4:28: type=ESN, val=NO ike 0:To-ASA:23:sub4:28: lifetime=43200 ike 0:To-ASA:23:sub4:28: proposal id = 2: ike 0:To-ASA:23:sub4:28: protocol = ESP: ike 0:To-ASA:23:sub4:28: encapsulation = TUNNEL ike 0:To-ASA:23:sub4:28: type=ENCR, val=DES_CBC ike 0:To-ASA:23:sub4:28: type=INTEGR, val=SHA ike 0:To-ASA:23:sub4:28: type=DH_GROUP, val=MODP1536 ike 0:To-ASA:23:sub4:28: type=DH_GROUP, val=MODP2048 ike 0:To-ASA:23:sub4:28: type=ESN, val=NO ike 0:To-ASA:23:sub4:28: lifetime=43200 ike 0:To-ASA:23:sub4:28: no proposal chosen ike Negotiate SA Error: ike ike [1481] ike 0:To-ASA:23:sub4:28: responder preparing CREATE_CHILD message ike 0:To-ASA:23: enc 000000080000000E0706050403020107 ike 0:To-ASA:23: out 8554128EB7F2347C61B8EBEDDDD9B2DD2E2024200000002500000044290000280C7C34272FDD4BE9B297161498F96EF44DC1579595580AFAD86619BCA03D37C28C08C1B5 ike 0:To-ASA:23: sent IKE msg (CREATE_CHILD_RESPONSE): 192.168.150.1:4500->192.168.150.10:4500, len=68, vrf=0, id=8554128eb7f2347c/61b8ebedddd9b2dd:00000025 ike 0:To-ASA:23:28: no proposal chosen ike 0: comes 192.168.150.10:4500->192.168.150.1:4500,ifindex=4,vrf=0.... ike 0: IKEv2 exchange=INFORMATIONAL id=8554128eb7f2347c/61b8ebedddd9b2dd:00000026 len=60 ike 0: in 8554128EB7F2347C61B8EBEDDDD9B2DD2E202508000000260000003C00000020A3E3E51F5E8072B3EFE07CC1DBDFFD0E5A99BA96DAA4A54F8DCCE981 ike 0:To-ASA:23: dec 8554128EB7F2347C61B8EBEDDDD9B2DD2E202508000000260000002000000004 ike 0:To-ASA:23: received informational request ike 0:To-ASA:23: enc 0706050403020107 ike 0:To-ASA:23: out 8554128EB7F2347C61B8EBEDDDD9B2DD2E202520000000260000003C000000209B8B04FC011B8F7A91B61A82DA0073664990EA62ACA79D1601E9D6A0 ike 0:To-ASA:23: sent IKE msg (INFORMATIONAL_RESPONSE): 192.168.150.1:4500->192.168.150.10:4500, len=60, vrf=0, id=8554128eb7f2347c/61b8ebedddd9b2dd:00000026