IPSec VPN主模式的抓包

发表于2023年3月2日lipengit 
Site1#
*Feb  7 08:42:03.367: IPSEC(sa_request): ,
  (key eng. msg.) OUTBOUND local= 202.100.1.1:500, remote= 61.128.1.1:500,
    local_proxy= 1.1.1.0/255.255.255.0/256/0,
    remote_proxy= 2.2.2.0/255.255.255.0/256/0,
    protocol= ESP, transform= esp-des esp-md5-hmac  (Tunnel),
    lifedur= 3600s and 4608000kb,
    spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
*Feb  7 08:42:03.367: ISAKMP: (0):SA request profile is (NULL)
*Feb  7 08:42:03.367: ISAKMP: (0):Created a peer struct for 61.128.1.1, peer port 500
*Feb  7 08:42:03.367: ISAKMP: (0):New peer created peer = 0xF6D8A3D8 peer_handle = 0x80000003
*Feb  7 08:42:03.367: ISAKMP: (0):Locking peer struct 0xF6D8A3D8, refcount 1 for isakmp_initiator
*Feb  7 08:42:03.367: ISAKMP: (0):local port 500, remote port 500
*Feb  7 08:42:03.367: ISAKMP: (0):set new node 0 to QM_IDLE
*Feb  7 08:42:03.367: ISAKMP: (0):insert sa successfully sa = F4AE6228
*Feb  7 08:42:03.367: ISAKMP: (0):Can not start Aggressive mode, trying Main mode.
*Feb  7 08:42:03.367: ISAKMP: (0):found peer pre-shared key matching 61.128.1.1
*Feb  7 08:42:03.367: ISAKMP: (0):constructed NAT-T vendor-rfc3947 ID
*Feb  7 08:42:03.367: ISAKMP: (0):constructed NAT-T vendor-07 ID
*Feb  7 08:42:03.367: ISAKMP: (0):constructed NAT-T vendor-03 ID
*Feb  7 08:42:03.367: ISAKMP: (0):constructed NAT-T vendor-02 ID
*Feb  7 08:42:03.367: ISAKMP: (0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
*Feb  7 08:42:03.367: ISAKMP: (0):Old State = IKE_READY  New State = IKE_I_MM1


*Feb  7 08:42:03.367: ISAKMP: (0):beginning Main Mode exchange
*Feb  7 08:42:03.368: ISAKMP-PAK: (0):sending packet to 61.128.1.1 my_port 500 peer_port 500 (I) MM_NO_STATE
*Feb  7 08:42:03.368: ISAKMP: (0):Sending an IKE IPv4 Packet.
*Feb  7 08:42:03.369: ISAKMP-PAK: (0):received packet from 61.128.1.1 dport 500 sport 500 Global (I) MM_NO_STATE
*Feb  7 08:42:03.369: ISAKMP: (0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Feb  7 08:42:03.369: ISAKMP: (0):Old State = IKE_I_MM1  New State = IKE_I_MM2

*Feb  7 08:42:03.369: ISAKMP: (0):processing SA payload. message ID = 0
*Feb  7 08:42:03.369: ISAKMP: (0):processing vendor id payload
*Feb  7 08:42:03.369: ISAKMP: (0):vendor ID seems Unity/DPD but major 69 mismatch
*Feb  7 08:42:03.369: ISAKMP: (0):vendor ID is NAT-T RFC 3947
*Feb  7 08:42:03.369: ISAKMP: (0):found peer pre-shared key matching 61.128.1.1
*Feb  7 08:42:03.369: ISAKMP: (0):local preshared key found
*Feb  7 08:42:03.369: ISAKMP: (0):Scanning profiles for xauth ...
*Feb  7 08:42:03.369: ISAKMP: (0):Checking ISAKMP transform 1 against priority 10 policy
*Feb  7 08:42:03.369: ISAKMP: (0):      encryption 3DES-CBC
*Feb  7 08:42:03.369: ISAKMP: (0):      hash MD5
*Feb  7 08:42:03.369: ISAKMP: (0):      default group 2
*Feb  7 08:42:03.369: ISAKMP: (0):      auth pre-share
*Feb  7 08:42:03.369: ISAKMP: (0):      life type in seconds
*Feb  7 08:42:03.369: ISAKMP:      life duration (VPI) of  0x0 0x1 0x51 0x80
*Feb  7 08:42:03.369: ISAKMP: (0):atts are acceptable. Next payload is 0
*Feb  7 08:42:03.369: ISAKMP: (0):Acceptable atts:actual life: 0
*Feb  7 08:42:03.369: ISAKMP: (0):Acceptable atts:life: 0
*Feb  7 08:42:03.369: ISAKMP: (0):Fill atts in sa vpi_length:4
*Feb  7 08:42:03.369: ISAKMP: (0):Fill atts in sa life_in_seconds:86400
*Feb  7 08:42:03.369: ISAKMP: (0):Returning Actual lifetime: 86400
*Feb  7 08:42:03.369: ISAKMP: (0):Started lifetime timer: 86400.

*Feb  7 08:42:03.369: ISAKMP: (0):processing vendor id payload
*Feb  7 08:42:03.369: ISAKMP: (0):vendor ID seems Unity/DPD but major 69 mismatch
*Feb  7 08:42:03.369: ISAKMP: (0):vendor ID is NAT-T RFC 3947
*Feb  7 08:42:03.369: ISAKMP: (0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Feb  7 08:42:03.369: ISAKMP: (0):Old State = IKE_I_MM2  New State = IKE_I_MM2

*Feb  7 08:42:03.370: ISAKMP-PAK: (0):sending packet to 61.128.1.1 my_port 500 peer_port 500 (I) MM_SA_SETUP
*Feb  7 08:42:03.370: ISAKMP: (0):Sending an IKE IPv4 Packet.
*Feb  7 08:42:03.370: ISAKMP: (0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Feb  7 08:42:03.370: ISAKMP: (0):Old State = IKE_I_MM2  New State = IKE_I_MM3

*Feb  7 08:42:03.377: ISAKMP-PAK: (0):received packet from 61.128.1.1 dport 500 sport 500 Global (I) MM_SA_SETUP
*Feb  7 08:42:03.377: ISAKMP: (0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Feb  7 08:42:03.377: ISAKMP: (0):Old State = IKE_I_MM3  New State = IKE_I_MM4

*Feb  7 08:42:03.377: ISAKMP: (0):processing KE payload. message ID = 0
*Feb  7 08:42:03.379: ISAKMP: (0):processing NONCE payload. message ID = 0
*Feb  7 08:42:03.379: ISAKMP: (0):found peer pre-shared key matching 61.128.1.1
*Feb  7 08:42:03.379: ISAKMP: (1002):processing vendor id payload
*Feb  7 08:42:03.379: ISAKMP: (1002):vendor ID is Unity
*Feb  7 08:42:03.379: ISAKMP: (1002):processing vendor id payload
*Feb  7 08:42:03.379: ISAKMP: (1002):vendor ID is DPD
*Feb  7 08:42:03.379: ISAKMP: (1002):processing vendor id payload
*Feb  7 08:42:03.379: ISAKMP: (1002):speaking to another IOS box!
*Feb  7 08:42:03.379: ISAKMP: (1002):received payload type 20
*Feb  7 08:42:03.379: ISAKMP: (1002):His hash no match - this node outside NAT
*Feb  7 08:42:03.379: ISAKMP: (1002):received payload type 20
*Feb  7 08:42:03.379: ISAKMP: (1002):No NAT Found for self or peer
*Feb  7 08:42:03.379: ISAKMP: (1002):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Feb  7 08:42:03.379: ISAKMP: (1002):Old State = IKE_I_MM4  New State = IKE_I_MM4

*Feb  7 08:42:03.380: ISAKMP: (1002):Send initial contact
*Feb  7 08:42:03.380: ISAKMP: (1002):SA is doing
*Feb  7 08:42:03.380: ISAKMP: (1002):pre-shared key authentication using id type ID_IPV4_ADDR
*Feb  7 08:42:03.380: ISAKMP: (1002):ID payload
        next-payload : 8
        type         : 1
*Feb  7 08:42:03.380: ISAKMP: (1002):   address      : 202.100.1.1
*Feb  7 08:42:03.380: ISAKMP: (1002):   protocol     : 17
        port         : 500
        length       : 12
*Feb  7 08:42:03.380: ISAKMP: (1002):Total payload length: 12
*Feb  7 08:42:03.380: ISAKMP-PAK: (1002):sending packet to 61.128.1.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH
*Feb  7 08:42:03.380: ISAKMP: (1002):Sending an IKE IPv4 Packet.
*Feb  7 08:42:03.380: ISAKMP: (1002):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Feb  7 08:42:03.380: ISAKMP: (1002):Old State = IKE_I_MM4  New State = IKE_I_MM5

*Feb  7 08:42:03.381: ISAKMP-PAK: (0):received packet from 61.128.1.1 dport 500 sport 500 Global (N) NEW SA
*Feb  7 08:42:03.381: %CRYPTO-4-IKMP_NO_SA: IKE message from 61.128.1.1 has no SA and is not an initialization offer
*Feb  7 08:42:03.385: ISAKMP-PAK: (1002):received packet from 61.128.1.1 dport 500 sport 500 Global (I) MM_KEY_EXCH
*Feb  7 08:42:03.385: ISAKMP: (1002):processing ID payload. message ID = 0
*Feb  7 08:42:03.385: ISAKMP: (1002):ID payload
        next-payload : 8
        type         : 1
*Feb  7 08:42:03.385: ISAKMP: (1002):   address      : 61.128.1.1
*Feb  7 08:42:03.385: ISAKMP: (1002):   protocol     : 17
        port         : 500
        length       : 12
*Feb  7 08:42:03.385: ISAKMP: (0):peer matches *none* of the profiles
*Feb  7 08:42:03.385: ISAKMP: (1002):processing HASH payload. message ID = 0
*Feb  7 08:42:03.385: ISAKMP: (1002):SA authentication status:
        authenticated
*Feb  7 08:42:03.385: ISAKMP: (1002):SA has been authenticated with 61.128.1.1
*Feb  7 08:42:03.385: ISAKMP: (0):Trying to insert a peer 202.100.1.1/61.128.1.1/500/,
*Feb  7 08:42:03.385: ISAKMP: (0): and inserted successfully F6D8A3D8.
*Feb  7 08:42:03.385: ISAKMP: (1002):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Feb  7 08:42:03.385: ISAKMP: (1002):Old State = IKE_I_MM5  New State = IKE_I_MM6

*Feb  7 08:42:03.385: ISAKMP: (1002):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Feb  7 08:42:03.385: ISAKMP: (1002):Old State = IKE_I_MM6  New State = IKE_I_MM6

*Feb  7 08:42:03.389: ISAKMP: (1002):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Feb  7 08:42:03.389: ISAKMP: (1002):Old State = IKE_I_MM6  New State = IKE_P1_COMPLETE

*Feb  7 08:42:03.389: ISAKMP: (1002):beginning Quick Mode exchange, M-ID of 1338724135
*Feb  7 08:42:03.389: ISAKMP: (1002):QM Initiator gets spi
*Feb  7 08:42:03.389: ISAKMP-PAK: (1002):sending packet to 61.128.1.1 my_port 500 peer_port 500 (I) QM_IDLE
*Feb  7 08:42:03.389: ISAKMP: (1002):Sending an IKE IPv4 Packet.
*Feb  7 08:42:03.389: ISAKMP: (1002):Node 1338724135, Input = IKE_MESG_INTERNAL, IKE_INIT_QM
*Feb  7 08:42:03.389: ISAKMP: (1002):Old State = IKE_QM_READY  New State = IKE_QM_I_QM1
*Feb  7 08:42:03.389: ISAKMP: (1002):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
*Feb  7 08:42:03.389: ISAKMP: (1002):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

*Feb  7 08:42:03.391: ISAKMP-PAK: (1002):received packet from 61.128.1.1 dport 500 sport 500 Global (I) QM_IDLE
*Feb  7 08:42:03.391: ISAKMP: (1002):processing HASH payload. message ID = 1338724135
*Feb  7 08:42:03.391: ISAKMP: (1002):processing SA payload. message ID = 1338724135
*Feb  7 08:42:03.391: ISAKMP: (1002):Checking IPSec proposal 1
*Feb  7 08:42:03.391: ISAKMP: (1002):transform 1, ESP_DES
*Feb  7 08:42:03.391: ISAKMP: (1002):   attributes in transform:
*Feb  7 08:42:03.391: ISAKMP: (1002):      encaps is 1 (Tunnel)
*Feb  7 08:42:03.391: ISAKMP: (1002):      SA life type in seconds
*Feb  7 08:42:03.391: ISAKMP: (1002):      SA life duration (basic) of 3600
*Feb  7 08:42:03.391: ISAKMP: (1002):      SA life type in kilobytes
*Feb  7 08:42:03.391: ISAKMP:      SA life duration (VPI) of  0x0 0x46 0x50 0x0
*Feb  7 08:42:03.391: ISAKMP: (1002):      authenticator is HMAC-MD5
*Feb  7 08:42:03.391: ISAKMP: (1002):atts are acceptable.
*Feb  7 08:42:03.391: IPSEC(validate_proposal_request): proposal part #1
*Feb  7 08:42:03.391: IPSEC(validate_proposal_request): proposal part #1,
  (key eng. msg.) INBOUND local= 202.100.1.1:0, remote= 61.128.1.1:0,
    local_proxy= 1.1.1.0/255.255.255.0/256/0,
    remote_proxy= 2.2.2.0/255.255.255.0/256/0,
    protocol= ESP, transform= esp-des esp-md5-hmac  (Tunnel),
    lifedur= 0s and 0kb,
    spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
*Feb  7 08:42:03.391: Crypto mapdb : proxy_match
        src addr     : 1.1.1.0
        dst addr     : 2.2.2.0
        protocol     : 0
        src port     : 0
        dst port     : 0
*Feb  7 08:42:03.391: (ipsec_process_proposal)Map Accepted: cry-map, 10
*Feb  7 08:42:03.391: ISAKMP: (1002):processing NONCE payload. message ID = 1338724135
*Feb  7 08:42:03.391: ISAKMP: (1002):processing ID payload. message ID = 1338724135
*Feb  7 08:42:03.391: ISAKMP: (1002):processing ID payload. message ID = 1338724135
*Feb  7 08:42:03.391: ISAKMP: (1002):Node 1338724135, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
*Feb  7 08:42:03.391: ISAKMP: (1002):Old State = IKE_QM_I_QM1  New State = IKE_QM_IPSEC_INSTALL_AWAIT
*Feb  7 08:42:03.391: IPSEC(key_engine): got a queue event with 1 KMI message(s)
*Feb  7 08:42:03.391: Crypto mapdb : proxy_match
        src addr     : 1.1.1.0
        dst addr     : 2.2.2.0
        protocol     : 256
        src port     : 0
        dst port     : 0
*Feb  7 08:42:03.391: IPSEC(crypto_ipsec_create_ipsec_sas): Map found cry-map, 10
*Feb  7 08:42:03.391: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and peer 61.128.1.1
*Feb  7 08:42:03.391: IPSEC(get_old_outbound_sa_for_peer): No outbound SA found for peer F68B2834
*Feb  7 08:42:03.391: IPSEC(create_sa): sa created,
  (sa) sa_dest= 202.100.1.1, sa_proto= 50,
    sa_spi= 0x662899B7(1713936823),
    sa_trans= esp-des esp-md5-hmac , sa_conn_id= 5
    sa_lifetime(k/sec)= (4608000/3600),
  (identity) local= 202.100.1.1:0, remote= 61.128.1.1:0,
    local_proxy= 1.1.1.0/255.255.255.0/256/0,
    remote_proxy= 2.2.2.0/255.255.255.0/256/0
*Feb  7 08:42:03.391: IPSEC(create_sa): sa created,
  (sa) sa_dest= 61.128.1.1, sa_proto= 50,
    sa_spi= 0x7FB90FCC(2142834636),
    sa_trans= esp-des esp-md5-hmac , sa_conn_id= 6
    sa_lifetime(k/sec)= (4608000/3600),
  (identity) local= 202.100.1.1:0, remote= 61.128.1.1:0,
    local_proxy= 1.1.1.0/255.255.255.0/256/0,
    remote_proxy= 2.2.2.0/255.255.255.0/256/0
*Feb  7 08:42:03.391: IPSEC: Expand action denied, notify RP
*Feb  7 08:42:03.391: ISAKMP-ERROR: (0):Failed to find peer index node to update peer_info_list
*Feb  7 08:42:03.392: ISAKMP: (1002):Received IPSec Install callback... proceeding with the negotiation
*Feb  7 08:42:03.392: ISAKMP: (1002):Successfully installed IPSEC SA (SPI:0x662899B7) on Ethernet0/1
Site1#
*Feb  7 08:42:03.392: ISAKMP-PAK: (1002):sending packet to 61.128.1.1 my_port 500 peer_port 500 (I) QM_IDLE
*Feb  7 08:42:03.392: ISAKMP: (1002):Sending an IKE IPv4 Packet.
*Feb  7 08:42:03.392: ISAKMP: (1002):deleting node 1338724135 error FALSE reason "No Error"
*Feb  7 08:42:03.392: ISAKMP: (1002):Node 1338724135, Input = IKE_MESG_FROM_IPSEC, IPSEC_INSTALL_DONE
*Feb  7 08:42:03.392: ISAKMP: (1002):Old State = IKE_QM_IPSEC_INSTALL_AWAIT  New State = IKE_QM_PHASE2_COMPLETE
Site1#
*Feb  7 08:42:53.398: ISAKMP: (1002):purging node 1338724135
Site1#un all
All possible debugging has been turned off
Site1#
此条目发表在linux分类目录,贴了标签。将固定链接加入收藏夹。