Scribd Logo
Upload

Welcome to Scribd!

  • 15 views

    Console Output CLI Console

    Uploaded by

    javed.rafik.1
    The document contains log output from a FortiGate firewall regarding IKE and IPsec VPN configuration and troubleshooting. It shows the configuration of an IKE phase 1 interface named "Israel-127.13" between the local gateway 192.8.202.121 and remote gateway 192.8.127.13. Debug messages indicate an IKE security association is being established between the gateways using AES-256 encryption and SHA-256 hashing.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd

    Console Output CLI Console

    Uploaded by

    javed.rafik.1
    15 views20 pages
    The document contains log output from a FortiGate firewall regarding IKE and IPsec VPN configuration and troubleshooting. It shows the configuration of an IKE phase 1 interface named "Israel-127.13" between the local gateway 192.8.202.121 and remote gateway 192.8.127.13. Debug messages indicate an IKE security association is being established between the gateways using AES-256 encryption and SHA-256 hashing.

    Original Title

    console-output-CLI-Console-(2)

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document contains log output from a FortiGate firewall regarding IKE and IPsec VPN configuration and troubleshooting. It shows the configuration of an IKE phase 1 interface named "Israel-127.13" between the local gateway 192.8.202.121 and remote gateway 192.8.127.13. Debug messages indicate an IKE security association is being established between the gateways using AES-256 encryption and SHA-256 hashing.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Download as txt, pdf, or txt
    15 views20 pages

    Console Output CLI Console

    Uploaded by

    javed.rafik.1
    The document contains log output from a FortiGate firewall regarding IKE and IPsec VPN configuration and troubleshooting. It shows the configuration of an IKE phase 1 interface named "Israel-127.13" between the local gateway 192.8.202.121 and remote gateway 192.8.127.13. Debug messages indicate an IKE security association is being established between the gateways using AES-256 encryption and SHA-256 hashing.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Download as txt, pdf, or txt
    of 20

    FortiGate-2601F # config vdom

    FortiGate-2601F (vdom) # edit vsys3


    current vf=vsys3:2

    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) # diag vpn ike gateway list
    name List gateway by name.

    FortiGate-2601F (vsys3) # diag vpn ike gateway list Israel-127.13

    command parse error before 'Israel-127.13'


    Command fail. Return code -61

    FortiGate-2601F (vsys3) # diag vpn ike gateway list name Israel-127.13

    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) # get vpn ipsec tunnel name Israel-127.13

    gateway
    name: 'Israel-127.13'
    local-gateway: 192.8.202.121:0 (static)
    remote-gateway: 192.8.127.13:0 (static)
    dpd-link: off
    mode: ike-v2
    interface: 'port1' (9) vrf:0
    rx packets: 0 bytes: 0 errors: 0
    tx packets: 0 bytes: 0 errors: 2
    dpd: disabled
    selectors
    name: 'Blr_lab-to-Israel'
    auto-negotiate: enable
    mode: tunnel
    src: 0:0.0.0.0/0.0.0.0:0
    dst: 0:0.0.0.0/0.0.0.0:0

    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    Connection lost. Press Enter to start a new session.

    FortiGate-2601F # config vdom

    FortiGate-2601F (vdom) # edit vsys3


    current vf=vsys3:2

    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) # sh full-configuration vpn ipsec phase1-interface Israel-
    127.13
    config vpn ipsec phase1-interface
    edit "Israel-127.13"
    set type static
    set interface "port1"
    set ip-version 4
    set ike-version 2
    set local-gw 192.8.202.121
    set keylife 86400
    set authmethod psk
    unset authmethod-remote
    set peertype any
    set net-device disable
    set passive-mode disable
    set exchange-interface-ip disable
    set aggregate-member disable
    set mode-cfg disable
    set proposal aes256-sha256
    set localid ''
    set localid-type auto
    set auto-negotiate enable
    set negotiate-timeout 30
    set fragmentation enable
    set ip-fragmentation post-encapsulation
    set dpd disable
    set forticlient-enforcement disable
    set comments ''
    set npu-offload enable
    set dhgrp 20
    set suite-b disable
    set eap disable
    set ppk disable
    set wizard-type custom
    set reauth disable
    set idle-timeout disable
    set ha-sync-esp-seqno enable
    set fgsp-sync disable
    set inbound-dscp-copy disable
    set auto-discovery-sender disable
    set auto-discovery-receiver disable
    set auto-discovery-forwarder disable
    set encapsulation none
    set nattraversal disable
    set esn disable
    set fragmentation-mtu 1200
    set childless-ike disable
    set rekey enable
    set fec-egress disable
    set fec-ingress disable
    set network-overlay disable
    set remote-gw 192.8.127.13
    set monitor ''
    set add-gw-route disable
    set psksecret ENC
    6dRzXbdtiGRT50+o+q4cIRssW/PsbImgsnvImu2KgHh5ZqAcF3ceg+chP3Qa1oIggqNCJ4PsE4d6I7tFB7D
    xO8U88uh6aszHpTJrpq5Fpvt9n+Tm
    WFPKLOOsV0+mgS1JNRPJLdtXwQzeQG2JlP3FoOvRNvs+qK4IkhScwTCChsk4VWsYncVSNsFNzGTQWnY77MX
    3aQ==
    next
    end

    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) # diag vpn ike log-filter dst-addr4 192.8.127.13

    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) # diag debug application ike -1
    Debug messages will be on for 12 minutes.

    FortiGate-2601F (vsys3) # diag debug enable

    FortiGate-2601F (vsys3) # ike 2:Israel-127.13:Blr_lab-to-Israel: chosen to populate


    IKE_SA traffic-selectors
    ike 2:Israel-127.13: no suitable IKE_SA, queuing CHILD_SA request and initiating
    IKE_SA negotiation
    ike 2:Israel-127.13:1796120: generate DH public value request queued
    ike 2:Israel-127.13:1796120: out
    FF4A0841F0A9731400000000000000002120220800000000000000E0220000300000002C01010004030
    0000C0100000C800E01000
    300000802000005030000080300000C00000008040000142800006800140000C88C047C04AE9151D298
    8D2675B0A0845FAE8D9256D866CB5B7006FCDD302F519C21828F2F4
    BA1B6C379F4744E42A79887B0554ABAFAF9C999A35BB46AC9107233CCABAB93DA1D872967AB1DD89E30
    3B41A858E64B3DC53B37D9A6482B9F7C7C290000247BF6A7286824F
    9E256D093F3A306A17ABB9E03842DF94CEF14E4C68E8F3F60E0000000080000402E
    ike 2:Israel-127.13:1796120: sent IKE msg (SA_INIT): 192.8.202.121:500-
    >192.8.127.13:500, len=224, vrf=0, id=ff4a0841f0a97314/000000000000
    0000
    ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
    ike 2: IKEv2 exchange=SA_INIT_RESPONSE id=ff4a0841f0a97314/e52afeb335c38d87 len=216
    ike 2: in
    FF4A0841F0A97314E52AFEB335C38D872120222000000000000000D8220000300000002C01010004030
    0000C0100000C800E0100030000080200000503000008
    0300000C00000008040000142800006800140000B8A5CC4BCAC42792D404F38A9FBA5195F351EAF6A2D
    E37658B45DFC2717BC7426C3476FF267FC3D855E9D04E41E4BC97BC
    F75B2D24A5313B3F9B0C280676255EFE57110CDC49F4295D41929ECED3499591DDED846853CE6D708DB
    61410C79C770000002401AD6370331604A34CF6FF9B4351C5B7CF26
    C7546CFA11F745C40120EF84F9B1
    ike 2:Israel-127.13:1796120: initiator received SA_INIT response
    ike 2:Israel-127.13:1796120: incoming proposal:
    ike 2:Israel-127.13:1796120: proposal id = 1:
    ike 2:Israel-127.13:1796120: protocol = IKEv2:
    ike 2:Israel-127.13:1796120: encapsulation = IKEv2/none
    ike 2:Israel-127.13:1796120: type=ENCR, val=AES_CBC (key_len = 256)
    ike 2:Israel-127.13:1796120: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
    ike 2:Israel-127.13:1796120: type=PRF, val=PRF_HMAC_SHA2_256
    ike 2:Israel-127.13:1796120: type=DH_GROUP, val=ECP384.
    ike 2:Israel-127.13:1796120: matched proposal id 1
    ike 2:Israel-127.13:1796120: proposal id = 1:
    ike 2:Israel-127.13:1796120: protocol = IKEv2:
    ike 2:Israel-127.13:1796120: encapsulation = IKEv2/none
    ike 2:Israel-127.13:1796120: type=ENCR, val=AES_CBC (key_len = 256)
    ike 2:Israel-127.13:1796120: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
    ike 2:Israel-127.13:1796120: type=PRF, val=PRF_HMAC_SHA2_256
    ike 2:Israel-127.13:1796120: type=DH_GROUP, val=ECP384.
    ike 2:Israel-127.13:1796120: lifetime=86400
    ike 2:Israel-127.13:1796120: compute DH shared secret request queued
    ike 2:Israel-127.13:1796120: IKE SA ff4a0841f0a97314/e52afeb335c38d87 SK_ei
    32:810945685B3123148037A698BCA39D5BC83CB1F84DFCCC5C96971B9774E
    2819E
    ike 2:Israel-127.13:1796120: IKE SA ff4a0841f0a97314/e52afeb335c38d87 SK
    er 32:E0A830D46D76E562057E8C31B60BD50D7D856CE3BC9725A3CF453B54054ED938
    ike 2:Israel-127.13:1796120: IKE SA ff4a0841f0a97314/e52afeb335c38d87 SK_ai
    32:D95031D300E18601E0DC702A5CC4BAA041137FAF7B375AE032FE5778A15
    D24DE
    ike 2:Israel-127.13:1796120: IKE SA ff4a0841f0a97314/e52afeb335c38d87 SK_ar
    32:49F29105305F1EE355E57F1A9729B5CE6DDDAB4F0E2D0B2FEF3286C330C
    A3320
    ike 2:Israel-127.13:1796120: initiator preparing AUTH msg
    ike 2:Israel-127.13:1796120: sending INITIAL-CONTACT
    ike 2:Israel-127.13:1796120: enc
    2900000C01000000C008CA79270000080000400029000028020000006EBD44A726677696CD9BAF58864
    FBE0202F68E08D719865BB
    2867A3185172E5521000008000040242C00002C000000280103040357FD1A240300000C0100000C800E
    0100030000080300000C00000008050000002D00001801000000070
    000100000FFFF00000000FFFFFFFF0000001801000000070000100000FFFF00000000FFFFFFFF0F0E0D
    0C0B0A0908070605040302010F
    ike 2:Israel-127.13:1796120: out
    FF4A0841F0A97314E52AFEB335C38D872E20230800000001000000F0230000D437FD4B6A17D1BB5EE92
    03435179F350F0467AF98D
    E5BA969BE408A89B54757FC23AFD0589069F88FFF2F0B42955260256F99B2C860D6C5732392B84A9811
    11A3F144165BEDB59826732F0D4490E171094887D1FBC1DF9F1D959
    7B5B4D1068B43288523D22A0525B68A2AF72558A2A447541EC8BEAB77FEE257D5252AC8C52D18900B47
    59A81938BBAB8489B79AB417A58DA7FE5FEFEF803D7ABF8E0301972
    8DA8DB6B23F444EC408551B40BBAC3F417979F248399122678FA8F20C2EA8FF03FD53A1AF1C5B92F440
    51250BE1A014745C
    ike 2:Israel-127.13:1796120: sent IKE msg (AUTH): 192.8.202.121:500-
    >192.8.127.13:500, len=240, vrf=0, id=ff4a0841f0a97314/e52afeb335c38d8
    7:00000001
    ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
    ike 2: IKEv2 exchange=AUTH_RESPONSE id=ff4a0841f0a97314/e52afeb335c38d87:00000001
    len=80
    ike 2: in
    FF4A0841F0A97314E52AFEB335C38D872E2023200000000100000050290000346ED5EF6DD28F5E96138
    1EC856776DB08E3E74F5A18C4B2555DF936097C01EC34
    BAE26B34895C14291FDE72EC698D1D72
    ike 2:Israel-127.13: HA state master(2)
    ike 2:Israel-127.13:1796120: dec
    FF4A0841F0A97314E52AFEB335C38D872E2023200000000100000028290000040000000800000018
    ike 2:Israel-127.13:1796120: initiator received AUTH msg
    ike 2:Israel-127.13:1796120: received notify type AUTHENTICATION_FAILED
    ike 2:Israel-127.13:1796120: schedule delete of IKE SA
    ff4a0841f0a97314/e52afeb335c38d87
    ike 2:Israel-127.13:1796120: scheduled delete of IKE SA
    ff4a0841f0a97314/e52afeb335c38d87
    ike 2:Israel-127.13: connection expiring due to phase1 down
    ike 2:Israel-127.13: deleting
    ike 2:Israel-127.13: deleted
    ike 2:Israel-127.13: schedule auto-negotiate
    ike 2:Israel-127.13:Blr_lab-to-Israel: chosen to populate IKE_SA traffic-selectors
    ike 2:Israel-127.13: no suitable IKE_SA, queuing CHILD_SA request and initiating
    IKE_SA negotiation
    ike 2:Israel-127.13:1796146: generate DH public value request queued
    ike 2:Israel-127.13:1796146: out
    FB52EB195B0D837C00000000000000002120220800000000000000E0220000300000002C01010004030
    0000C0100000C800E01000
    300000802000005030000080300000C00000008040000142800006800140000274C06683811048C0EFA
    76D447562EBD1EFD65065DF6E625B2F002D33CCBFE2256177077B7C
    145B962C225CADAEC6084CC2B0EFDEC00C827817E7E7AB8728ED084AA445B291B5467BABFE7446F31C2
    87DB4D8A3045EB2FEA6B42CC7174C37602290000243B30266DEFC31
    2D00F44E1B4DA5FF5C8D380620F135C953E4A2685E9ECEBFB00000000080000402E
    ike 2:Israel-127.13:1796146: sent IKE msg (SA_INIT): 192.8.202.121:500-
    >192.8.127.13:500, len=224, vrf=0, id=fb52eb195b0d837c/000000000000
    0000
    ike 2:Israel-127.13:Blr_lab-to-Israel: IPsec SA connect 9 192.8.202.121-
    >192.8.127.13:0
    ike 2:Israel-127.13:Blr_lab-to-Israel: using existing connection
    ike 2:Israel-127.13:Blr_lab-to-Israel: config found
    ike 2:Israel-127.13: request is on the queue
    ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
    ike 2: IKEv2 exchange=SA_INIT_RESPONSE id=fb52eb195b0d837c/b11857197ae255eb len=216
    ike 2: in
    FB52EB195B0D837CB11857197AE255EB2120222000000000000000D8220000300000002C01010004030
    0000C0100000C800E0100030000080200000503000008
    0300000C00000008040000142800006800140000D54E59675792B342FF809361323CDF5EE814ECEE4B4
    F06D5B95991F23F64901D7C8F54BE4D1D813362C069EF63CE3AE39F
    431D891067630B2FDE0189AF25F92AC0E15EE58CDEB7090FA35DA88AE9CD85A1C6C40C28AABA7042A7A
    2C6FB6331A300000024ECFC506A5AF1345023B5AA19DC31FCFCBE7E
    0D131641EF60839A34EAA736587F
    ike 2:Israel-127.13:1796146: initiator received SA_INIT response
    ike 2:Israel-127.13:1796146: incoming proposal:
    ike 2:Israel-127.13:1796146: proposal id = 1:
    ike 2:Israel-127.13:1796146: protocol = IKEv2:
    ike 2:Israel-127.13:1796146: encapsulation = IKEv2/none
    ike 2:Israel-127.13:1796146: type=ENCR, val=AES_CBC (key_len = 256)
    ike 2:Israel-127.13:1796146: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
    ike 2:Israel-127.13:1796146: type=PRF, val=PRF_HMAC_SHA2_256
    ike 2:Israel-127.13:1796146: type=DH_GROUP, val=ECP384.
    ike 2:Israel-127.13:1796146: matched proposal id 1
    ike 2:Israel-127.13:1796146: proposal id = 1:
    ike 2:Israel-127.13:1796146: protocol = IKEv2:
    ike 2:Israel-127.13:1796146: encapsulation = IKEv2/none
    ike 2:Israel-127.13:1796146: type=ENCR, val=AES_CBC (key_len = 256)
    ike 2:Israel-127.13:1796146: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
    ike 2:Israel-127.13:1796146: type=PRF, val=PRF_HMAC_SHA2_256
    ike 2:Israel-127.13:1796146: type=DH_GROUP, val=ECP384.
    ike 2:Israel-127.13:1796146: lifetime=86400
    ike 2:Israel-127.13:1796146: compute DH shared secret request queued
    ike 2:Israel-127.13:1796146: IKE SA fb52eb195b0d837c/b11857197ae255eb SK_ei
    32:93DE06574B8A0ABFC4BED10A4E6FE1EB84741194796A364D5D7DB0218EF
    B6FB4
    ike 2:Israel-127.13:1796146: IKE SA fb52eb195b0d837c/b11857197ae255eb SK_er
    32:2ED5C1879DC255615F000D1F20858F4C42EAE54B5FAB25EDAE1D8F30875
    5E6FA
    ike 2:Israel-127.13:1796146: IKE SA fb52eb195b0d837c/b11857197ae255eb SK_ai
    32:21232DDA6BC0592D0FAC23B6C63755F405F7076B956AB42EC5CDF733408
    9136C
    ike 2:Israel-127.13:1796146: IKE SA fb52eb195b0d837c/b11857197ae255eb SK_ar
    32:355BAD7641DAEF89B7FE52220D0780BBDE4F69E91AE6D1C89770328596E
    D6C64
    ike 2:Israel-127.13:1796146: initiator preparing AUTH msg
    ike 2:Israel-127.13:1796146: sending INITIAL-CONTACT
    ike 2:Israel-127.13:1796146: enc
    2900000C01000000C008CA79270000080000400029000028020000005E111DD1F3FC2BB8C020E0770D2
    384D232E1C525BA739BE1B
    9DD51B4535B5F7821000008000040242C00002C000000280103040357FD1A270300000C0100000C800E
    0100030000080300000C00000008050000002D00001801000000070
    000100000FFFF00000000FFFFFFFF0000001801000000070000100000FFFF00000000FFFFFFFF0F0E0D
    0C0B0A0908070605040302010F
    ike 2:Israel-127.13:1796146: out
    FB52EB195B0D837CB11857197AE255EB2E20230800000001000000F0230000D439863DD5655B16FE086
    960ECFE8F0FD8E855F1C91
    BF5D7099A1786B80A85A462D56D06DCF50A4B007B5B7DF083C15A9DD8C6B5CC5C2A8475B878B47A6615
    DFCB75A24663E7B7B4105F1F670E0A24A97A43ACFFD573B7FA08310
    D9F74470AA3068969EC919C03CE319FAE1D77152AA2AA53DD6BF004FB33965BD2EE8447427E04831C64
    82298C404F3DF75857358285054072014898A93A2FF953267793939
    0EF99B110EB31BA9EAE85755F935FD7036C40553CB0AF9E79CAD1C1B8025597785BDCA9A1C2BACBA223
    C186D3824039F903
    ike 2:Israel-127.13:1796146: sent IKE msg (AUTH): 192.8.202.121:500-
    >192.8.127.13:500, len=240, vrf=0, id=fb52eb195b0d837c/b11857197ae255e
    b:00000001
    ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
    ike 2: IKEv2 exchange=AUTH_RESPONSE id=fb52eb195b0d837c/b11857197ae255eb:00000001
    len=80
    ike 2: in
    FB52EB195B0D837CB11857197AE255EB2E202320000000010000005029000034955DCEF2F06544F5AE6
    16E0FFE9A346C7E75A2C23AF65DB9E0D1C07DE366CC52
    10BF3166D4DE57971859A0B2AC96F7FF
    ike 2:Israel-127.13: HA state master(2)
    ike 2:Israel-127.13:1796146: dec
    FB52EB195B0D837CB11857197AE255EB2E2023200000000100000028290000040000000800000018
    ike 2:Israel-127.13:1796146: initiator received AUTH msg
    ike 2:Israel-127.13:1796146: received notify type AUTHENTICATION_FAILED
    ike 2:Israel-127.13:1796146: schedule delete of IKE SA
    fb52eb195b0d837c/b11857197ae255eb
    ike 2:Israel-127.13:1796146: scheduled delete of IKE SA
    fb52eb195b0d837c/b11857197ae255eb
    ike 2:Israel-127.13: connection expiring due to phase1 down
    ike 2:Israel-127.13: deleting
    ike 2:Israel-127.13: deleted
    ike 2:Israel-127.13: schedule auto-negotiate
    ike 2:Israel-127.13:Blr_lab-to-Israel: chosen to populate IKE_SA traffic-selectors
    ike 2:Israel-127.13: no suitable IKE_SA, queuing CHILD_SA request and initiating
    IKE_SA negotiation
    ike 2:Israel-127.13:1796163: generate DH public value request queued
    ike 2:Israel-127.13:1796163: out
    047AEBCEFAAFA82D00000000000000002120220800000000000000E0220000300000002C01010004030
    0000C0100000C800E01000
    300000802000005030000080300000C0000000804000014280000680014000034BDD5F2A015D05E9137
    94EA3006C1854778820FE525E2934E6AE7706A8286BB72304F8909B
    201E1E956F5BDB7CD3FDABC8A5BE0CE124A03F48B7C029202450736D050E5B8D93E02FB72DE3D0618EF
    14D1D952390003A2AA7922DBC11D03E8522900002440EF6DB317279
    D4838A9574A1AD86B6DB0B770C6B68AAAEBFDD149FA9CB41CDE000000080000402E
    ike 2:Israel-127.13:1796163: sent IKE msg (SA_INIT): 192.8.202.121:500-
    >192.8.127.13:500, len=224, vrf=0, id=047aebcefaafa82d/000000000000
    0000
    ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
    ike 2: IKEv2 exchange=SA_INIT_RESPONSE id=047aebcefaafa82d/62c80023d4cbb096 len=216
    ike 2: in
    047AEBCEFAAFA82D62C80023D4CBB0962120222000000000000000D8220000300000002C01010004030
    0000C0100000C800E0100030000080200000503000008
    0300000C000000080400001428000068001400008E9EBDDD2AB3AB3985D150C78A56A14633F383C53CF
    84E05213D270BB10C30C2202608985FB056AF0841166F4858654988
    D80F202DC97244CB61254F3FDCC41D6CF775691B2AEFD394EE4151497A9F1FB3F9FA47C56A164003D44
    8A1D753F11A00000024C8227F4EF59F45C10954B38966D731F4E307
    1C99C3BDCB86D60C9E885AEADC2A
    ike 2:Israel-127.13:1796163: initiator received SA_INIT response
    ike 2:Israel-127.13:1796163: incoming proposal:
    ike 2:Israel-127.13:1796163: proposal id = 1:
    ike 2:Israel-127.13:1796163: protocol = IKEv2:
    ike 2:Israel-127.13:1796163: encapsulation = IKEv2/none
    ike 2:Israel-127.13:1796163: type=ENCR, val=AES_CBC (key_len = 256)
    ike 2:Israel-127.13:1796163: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
    ike 2:Israel-127.13:1796163: type=PRF, val=PRF_HMAC_SHA2_256
    ike 2:Israel-127.13:1796163: type=DH_GROUP, val=ECP384.
    ike 2:Israel-127.13:1796163: matched proposal id 1
    ike 2:Israel-127.13:1796163: proposal id = 1:
    ike 2:Israel-127.13:1796163: protocol = IKEv2:
    ike 2:Israel-127.13:1796163: encapsulation = IKEv2/none
    ike 2:Israel-127.13:1796163: type=ENCR, val=AES_CBC (key_len = 256)
    ike 2:Israel-127.13:1796163: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
    ike 2:Israel-127.13:1796163: type=PRF, val=PRF_HMAC_SHA2_256
    ike 2:Israel-127.13:1796163: type=DH_GROUP, val=ECP384.
    ike 2:Israel-127.13:1796163: lifetime=86400
    ike 2:Israel-127.13:1796163: compute DH shared secret request queued
    ike 2:Israel-127.13:1796163: IKE SA 047aebcefaafa82d/62c80023d4cbb096 SK_ei
    32:6BF65F061E613C12B51955574542FB6EE54EE4BC6EECF902E258FE77DFA
    71BBB
    ike 2:Israel-127.13:1796163: IKE SA 047aebcefaafa82d/62c80023d4cbb096 SK_er
    32:42B5E88478CE49AC1267FED30DB9C64F675F277938C73B6CD93101B5BAF
    87DD9
    ike 2:Israel-127.13:1796163: IKE SA 047aebcefaafa82d/62c80023d4cbb096 SK_ai
    32:3018040F51534CEE8C1CF6404AF12FEDBD888C11722F160E5FCEE2762D8
    DB943
    ike 2:Israel-127.13:1796163: IKE SA 047aebcefaafa82d/62c80023d4cbb096 SK_ar
    32:D13C564653DA9A78010F40ADAE8188852E134E4739DFE2FB2A4626232B9
    93C03
    ike 2:Israel-127.13:1796163: initiator preparing AUTH msg
    ike 2:Israel-127.13:1796163: sending INITIAL-CONTACT
    ike 2:Israel-127.13:1796163: enc
    2900000C01000000C008CA792700000800004000290000280200000039DD4E86B2CF6F1108368F6907A
    55E82E5386543D8D56DE44
    A191F2FABE69EA921000008000040242C00002C000000280103040357FD1A2A0300000C0100000C800E
    0100030000080300000C00000008050000002D00001801000000070
    000100000FFFF00000000FFFFFFFF0000001801000000070000100000FFFF00000000FFFFFFFF0F0E0D
    0C0B0A0908070605040302010F
    ike 2:Israel-127.13:1796163: out
    047AEBCEFAAFA82D62C80023D4CBB0962E20230800000001000000F0230000D47F7D2B1486395DD9265
    EAB1CC1CEE5FE356292A85
    34BE13F0F3E324E8DF737ED8036691F2C8304BC91F93467A7750CD8F768B71A589A2E88DB2F00AD753F
    7BA7CDC760C91595099B9802BADE059077C4E42976CEF96F162847E
    0D7E801A6FC16BFAA1016AC915A882C512BCD4B228051CF398D92074B20C1373E555D89577B8FA1F34A
    D2D1CB6B5720383ACECEAEF98E1E0AB62446E47DEF72E20D858C17C
    1B0E9A9B016C624C16215535F7A9A3530FEF625503E6389FF87AB93D1C4B82ECF554C0D195A3CA79C60
    5DFDB6AE034EDDD6
    ike 2:Israel-127.13:1796163: sent IKE msg (AUTH): 192.8.202.121:500-
    >192.8.127.13:500, len=240, vrf=0, id=047aebcefaafa82d/62c80023d4cbb09
    6:00000001
    ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
    ike 2: IKEv2 exchange=AUTH_RESPONSE id=047aebcefaafa82d/62c80023d4cbb096:00000001
    len=80
    ike 2: in
    047AEBCEFAAFA82D62C80023D4CBB0962E202320000000010000005029000034A98A05D015885222E6F
    51471B222EE13A2DBC32F42243D2068F8C9ABC0C5EB81
    CFA2A4080
    9C5C7FCEE8FCEE23C72F12
    ike 2:Israel-127.13: HA state master(2)
    ike 2:Israel-127.13:1796163: dec
    047AEBCEFAAFA82D62C80023D4CBB0962E2023200000000100000028290000040000000800000018
    ike 2:Israel-127.13:1796163: initiator received AUTH msg
    ike 2:Israel-127.13:1796163: received notify type AUTHENTICATION_FAILED
    ike 2:Israel-127.13:1796163: schedule delete of IKE SA
    047aebcefaafa82d/62c80023d4cbb096
    ike 2:Israel-127.13:1796163: scheduled delete of IKE SA
    047aebcefaafa82d/62c80023d4cbb096
    ike 2:Israel-127.13: connection expiring due to phase1 down
    ike 2:Israel-127.13: deleting
    ike 2:Israel-127.13: deleted
    ike 2:Israel-127.13: schedule auto-negotiate
    ike 2:Israel-127.13:Blr_lab-to-Israel: chosen to populate IKE_SA traffic-selectors
    ike 2:Israel-127.13: no suitable IKE_SA, queuing CHILD_SA request and initiating
    IKE_SA negotiation
    ike 2:Israel-127.13:1796192: generate DH public value request queued
    ike 2:Israel-127.13:1796192: out
    BA291CD08F32383E00000000000000002120220800000000000000E0220000300000002C01010004030
    0000C0100000C800E01000
    300000802000005030000080300000C00000008040000142800006800140000794886D3A5BB27FA3F38
    ED514D531CA68C14CB031C95786ACB15636FF25E4BB5A398F5A8E91
    3994757B75C09D4D52409D2554AF4412AD6EA3ECB57827B9F381956EFCFDEFD4FEBB69232F3F47EF43A
    E4241D1932E4E9502358D561FA00CCFA3D29000024138314AAAB077
    E8BAD1FA767CCD938CB914DE6A5F89B89908F157BBE43AAA67C000000080000402E
    ike 2:Israel-127.13:1796192: sent IKE msg (SA_INIT): 192.8.202.121:500-
    >192.8.127.13:500, len=224, vrf=0, id=ba291cd08f32383e/000000000000
    0000
    ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
    ike 2: IKEv2 exchange=SA_INIT_RESPONSE id=ba291cd08f32383e/30542beaf843efb1 len=216
    ike 2: in
    BA291CD08F32383E30542BEAF843EFB12120222000000000000000D8220000300000002C01010004030
    0000C0100000C800E0100030000080200000503000008
    0300000C000000080400001428000068001400000615B95B7297C33734F5DAF14A95E594D8A8E661244
    B8024F4BE04621E25473929C1B07032BA2252F1CE7D697BA86154D3
    2C31D0E34E1FBC24F17ECE0431C958C746DDE56870D9764D3A514B3776829DB9E53681F0D50C813110A
    0D20D9D530600000024A184016FB2AAAA978C7E29611B5914FF9A7B
    1790AF1207F08CA478B15F413E3B
    ike 2:Israel-127.13:1796192: initiator received SA_INIT response
    ike 2:Israel-127.13:1796192: incoming proposal:
    ike 2:Israel-127.13:1796192: proposal id = 1:
    ike 2:Israel-127.13:1796192: protocol = IKEv2:
    ike 2:Israel-127.13:1796192: encapsulation = IKEv2/none
    ike 2:Israel-127.13:1796192: type=ENCR, val=AES_CBC (key_len = 256)
    ike 2:Israel-127.13:1796192: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
    ike 2:Israel-127.13:1796192: type=PRF, val=PRF_HMAC_SHA2_256
    ike 2:Israel-127.13:1796192: type=DH_GROUP, val=ECP384.
    ike 2:Israel-127.13:1796192: matched proposal id 1
    ike 2:Israel-127.13:1796192: proposal id = 1:
    ike 2:Israel-127.13:1796192: protocol = IKEv2:
    ike 2:Israel-127.13:1796192: encapsulation = IKEv2/none
    ike 2:Israel-127.13:1796192: type=ENCR, val=AES_CBC (key_len = 256)
    ike 2:Israel-127.13:1796192: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
    ike 2:Israel-127.13:1796192: type=PRF, val=PRF_HMAC_SHA2_256
    ike 2:Israel-127.13:1796192: type=DH_GROUP, val=ECP384.
    ike 2:Israel-127.13:1796192: lifetime=86400
    ike 2:Israel-127.13:1796192: compute DH shared secret request queued
    ike 2:Israel-127.13:1796192: IKE SA ba291cd08f32383e/30542beaf843efb1 SK_ei
    32:E56E93BC6BED1DB61B0067CC3321D162EEF241EFCA8F5FB926DF790E004
    98CD1
    ike 2:Israel-127.13:1796192: IKE SA ba291cd08f32383e/30542beaf843efb1 SK_er
    32:8C274E79E35BF11B313DDE0249B8B97825960A9B56AADF3BEBE9986E6D5
    9CAB2
    ike 2:Israel-127.13:1796192: IKE SA ba291cd08f32383e/30542beaf843efb1 SK_ai
    32:55E2D05E3C5CD5EF2CCB8FE2D292225C16B13940FBDE0CA0316A4A76363
    A88A2
    ike 2:Israel-127.13:1796192: IKE SA ba291cd08f32383e/30542beaf843efb1 SK_ar
    32:613C73B082C8AE93F2C477D4C819C0837302E774A56C5A04FCD4220D4CE
    1508A
    ike 2:Israel-127.13:1796192: initiator preparing AUTH msg
    ike 2:Israel-127.13:1796192: sending INITIAL-CONTACT
    ike 2:Israel-127.13:1796192: enc
    2900000C01000000C008CA792700000800004000290000280200000051D157B138FE0E25F83CFA06D52
    C919FCE60264BE34677DBB
    C3E50FCD64137E421000008000040242C00002C000000280103040357FD1A2D0300000C0100000C800E
    0100030000080300000C00000008050000002D00001801000000070
    000100000FFFF00000000FFFFFFFF0000001801000000070000100000FFFF00000000FFFFFFFF0F0E0D
    0C0B0A0908070605040302010F
    ike 2:Israel-127.13:1796192: out
    BA291CD08F32383E30542BEAF843EFB12E20230800000001000000F0230000D4EB422B9F7D2D5E83DA0
    1AB671BCC2EC3B3827890F
    18CB67A1134AAD316B3420CCC0F4797A3F12295BD8B0440378AD2D37264F51EC3B8FE79B49480426764
    92FF8106DA4E88CEE3D8A7B1D76312BE89F384426338C25A95A6FDF
    7810AA46AF253A7A9AB5938FB15592E317F6FBCDB8F722B1CCD8775ABF89CD30E86A7EA0607D57D079C
    43C16DB048C1F76AD2B6AA5CD9451E5001CCDB3256AB1C31367CD09
    047E4CC52F147F57470A619860A4ABD1ACA9FFA808133FB67FF212C832721C02E252F836C50CA5A8285
    919A97AA621D39A7
    ike 2:Israel-127.13:1796192: sent IKE msg (AUTH): 192.8.202.121:500-
    >192.8.127.13:500, len=240, vrf=0, id=ba291cd08f32383e/30542beaf843efb
    1:00000001
    ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
    ike 2: IKEv2 exchange=AUTH_RESPONSE id=ba291cd08f32383e/30542beaf843efb1:00000001
    len=80
    ike 2: in
    BA291CD08F32383E30542BEAF843EFB12E202320000000010000005029000034771A30F3E301C423883
    051D5FC6D78053B6EFE1D3BA8AC39ED0BB719886BA659
    DBF78ADBD513FEB9F0C73931BE034A7B
    ike 2:Israel-127.13: HA state master(2)
    ike 2:Israel-127.13:1796192: dec
    BA291CD08F32383E30542BEAF843EFB12E2023200000000100000028290000040000000800000018
    ike 2:Israel-127.13:1796192: initiator received AUTH msg
    ike 2:Israel-127.13:1796192: received notify type AUTHENTICATION_FAILED
    ike 2:Israel-127.13:1796192: schedule delete of IKE SA
    ba291cd08f32383e/30542beaf843efb1
    ike 2:Israel-127.13:1796192: scheduled delete of IKE SA
    ba291cd08f32383e/30542beaf843efb1
    ike 2:Israel-127.13: connection expiring due to phase1 down
    ike 2:Israel-127.13: deleting
    ike 2:Israel-127.13: deleted
    ike 2:Israel-127.13: schedule auto-negotiate
    ike 2:Israel-127.13:Blr_lab-to-Israel: IPsec SA connect 9 192.8.202.121-
    >192.8.127.13:0
    ike 2:Israel-127.13:Blr_lab-to-Israel: config found
    ike 2:Israel-127.13: created connection: 0x10d3db20 9 192.8.202.121-
    >192.8.127.13:500.
    ike 2:Israel-127.13: HA start as master
    ike 2:Israel-127.13: IPsec SA connect 9 192.8.202.121->192.8.127.13:500 negotiating
    ike 2:Israel-127.13: no suitable IKE_SA, queuing CHILD_SA request and initiating
    IKE_SA negotiation
    ike 2:Israel-127.13:1796202: generate DH public value request queued
    ike 2:Israel-127.13:1796202: out
    11B30AF4843E4FAF00000000000000002120220800000000000000E0220000300000002C01010004030
    0000C0100000C800E01000
    300000802000005030000080300000C000000080400001428000068001400006D37D5CF616F02E29778
    383C595B526AF45997AF55BC3991B60FBCF1EF06604265E9BE7D587
    658AE7D090728479C5F032EB0B1758407A33F8E679A7004F29E2D8CC878A0FC713E0172AD0F3144147E
    CFE6D229450AF96657120A9D4DA7E0C49A2900002432CB67E1EBF0C
    B1920153C5059CB392911E5257813EDE9114E96C9761D3844B5000000080000402E
    ike 2:Israel-127.13:1796202: sent IKE msg (SA_INIT): 192.8.202.121:500-
    >192.8.127.13:500, len=224, vrf=0, id=11b30af4843e4faf/000000000000
    0000
    ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
    ike 2: IKEv2 exchange=SA_INIT_RESPONSE id=11b30af4843e4faf/1dc3133393d8f0e1 len=216
    ike 2: in
    11B30AF4843E4FAF1DC3133393D8F0E12120222000000000000000D8220000300000002C01010004030
    0000C0100000C800E0100030000080200000503000008
    0300000C00000008040000142800006800140000C235760E1559FDC343FF12574522A4DC8760237BAAF
    FE634F4A96779B836DC273252F82B9A500D9ADAACA0F32326F644C2
    306C5B9C33B559E310CD715583DC80A818597DD54DE7681B744ED4F0638E6E278ACC91A6935EF4C4844
    BDE904D4204000000240C7A72D98DC4F583F93E00CDF8227D29DAF9
    0A97C77BDAAFD118A81BD2FFC25D
    ike 2:Israel-127.13:1796202: initiator received SA_INIT response
    ike 2:Israel-127.13:1796202: incoming proposal:
    ike 2:Israel-127.13:1796202: proposal id = 1:
    ike 2:Israel-127.13:1796202: protocol = IKEv2:
    ike 2:Israel-127.13:1796202: encapsulation = IKEv2/none
    ike 2:Israel-127.13:1796202: type=ENCR, val=AES_CBC (key_len = 256)
    ike 2:Israel-127.13:1796202: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
    ike 2:Israel-127.13:1796202: type=PRF, val=PRF_HMAC_SHA2_256
    ike 2:Israel-127.13:1796202: type=DH_GROUP, val=ECP384.
    ike 2:Israel-127.13:1796202: matched proposal id 1
    ike 2:Israel-127.13:1796202: proposal id = 1:
    ike 2:Israel-127.13:1796202: protocol = IKEv2:
    ike 2:Israel-127.13:1796202: encapsulation = IKEv2/none
    ike 2:Israel-127.13:1796202: type=ENCR, val=AES_CBC (key_len = 256)
    ike 2:Israel-127.13:1796202: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
    ike 2:Israel-127.13:1796202: type=PRF, val=PRF_HMAC_SHA2_256
    ike 2:Israel-127.13:1796202: type=DH_GROUP, val=ECP384.
    ike 2:Israel-127.13:1796202: lifetime=86400
    ike 2:Israel-127.13:1796202: compute DH shared secret request queued
    ike 2:Israel-127.13:1796202: IKE SA 11b30af4843e4faf/1dc3133393d8f0e1 SK_ei
    32:A649BA44837B6FB8A4952D73C948A7A978FD2C159B07F2143272CBA6E6D
    B85D1
    ike 2:Israel-127.13:1796202: IKE SA 11b30af4843e4faf/1dc3133393d8f0e1 SK_er
    32:FB7CE18AFD4BF95B53F170FF4E11923B33D414CF2223CCFDB0229F19D8A
    9707B
    ike 2:Israel-127.13:1796202: IKE SA 11b30af4843e4faf/1dc3133393d8f0e1 SK_ai
    32:77C0DA41F62B366649F03BF8C85AD927989750E9575F395C07D826C5B9D
    79CA9
    ike 2:Israel-127.13:1796202: IKE SA 11b30af4843e4faf/1dc3133393d8f0e1 SK_ar
    32:113B8CAD7A4755154B17F51E474A378C2FF13238AC89FA7738813BAE3BD
    10870
    ike 2:Israel-127.13:1796202: initiator preparing AUTH msg
    ike 2:Israel-127.13:1796202: sending INITIAL-CONTACT
    ike 2:Israel-127.13:1796202: enc
    2900000C01000000C008CA7927000008000040002900002802000000507403826402D9BDB821746F424
    EDB3020403B799637C86E4
    5201B4821D5230F21000008000040242C00002C000000280103040357FD1A2E0300000C0100000C800E
    0100030000080300000C00000008050000002D00001801000000070
    000100000FFFF00000000FFFFFFFF0000001801000000070000100000FFFF00000000FFFFFFFF0F0E0D
    0C0B0A0908070605040302010F
    ike 2:Israel-127.13:1796202: out
    11B30AF4843E4FAF1DC3133393D8F0E12E20230800000001000000F0230000D4B117BA5E044AF01400D
    B527A8584F52D4A67ADC9A
    7109B87781D7347AC37B6D1A035B1B14FC406BED9CA88D4C7D441BED739988B632C17AC205D439D11C4
    FC3133EBCA6E666DD650D9036556BF3201F700142D1DA5783A5560E
    748015306308B483D44E3ECB3719A747B0AD29A8237E424D0C75DFA5033E7A8080CE0C1569290EEB95F
    23BFF16C14740EBC0BB8EC47F5B5EF1DE220A2F28796D31B21E9411
    5FDC4D6925C8DD7503CB31D9BAA682BFB4D0C1EB5D9D833C7F5C4F77588279C8F6E92E577F38986168C
    45BE323B0650BC46
    ike 2:Israel-127.13:1796202: sent IKE msg (AUTH): 192.8.202.121:500-
    >192.8.127.13:500, len=240, vrf=0, id=11b30af4843e4faf/1dc3133393d8f0e
    1:00000001
    ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
    ike 2: IKEv2 exchange=AUTH_RESPONSE id=11b30af4843e4faf/1dc3133393d8f0e1:00000001
    len=80
    ike 2: in
    11B30AF4843E4FAF1DC3133393D8F0E12E2023200000000100000050290000348C93C20E603C7633A54
    A7D69D9347767A9C24CF7AC49F61B5A77F1E93FC2AE59
    8B35EE29B9B2E7426CEA3D69871E38D6
    ike 2:Israel-127.13: HA state master(2)
    ike 2:Israel-127.13:1796202: dec
    11B30AF4843E4FAF1DC3133393D8F0E12E2023200000000100000028290000040000000800000018
    ike 2:Israel-127.13:1796202: initiator received AUTH msg
    ike 2:Israel-127.13:1796202: received notify type AUTHENTICATION_FAILED
    ike 2:Israel-127.13:1796202: schedule delete of IKE SA
    11b30af4843e4faf/1dc3133393d8f0e1
    ike 2:Israel-127.13:1796202: scheduled delete of IKE SA
    11b30af4843e4faf/1dc3133393d8f0e1
    ike 2:Israel-127.13: connection expiring due to phase1 down
    ike 2:Israel-127.13: deleting
    ike 2:Israel-127.13: deleted
    ike 2:Israel-127.13: set oper down
    ike 2:Israel-127.13:Blr_lab-to-Israel: chosen to populate IKE_SA traffic-selectors
    ike 2:Israel-127.13: no suitable IKE_SA, queuing CHILD_SA request and initiating
    IKE_SA negotiation
    ike 2:Israel-127.13:1796213: generate DH public value request queued
    ike 2:Israel-127.13:1796213: out
    FE5A8AECB8AA681700000000000000002120220800000000000000E0220000300000002C01010004030
    0000C0100000C800E01000
    300000802000005030000080300000C0000000804000014280000680014000070755D1F0B013977A844
    78F69A8FB885D34E488EAE57A944421D8CF10B2E185B19FD5D1F225
    FE325292C33DC23FF7E9E1BD7055068E1B38151AA4B476DDEB5BED256AE9166D9AAEEBFBCC429B325C7
    4371F8D19B5BD800C7D9C4D5BB9599C3E42900002410481CAB5EA7F
    540FDD8B71B3ED0F531DFC36362F6D799633DA25E1E711AFDFF000000080000402E
    ike 2:Israel-127.13:1796213: sent IKE msg (SA_INIT): 192.8.202.121:500-
    >192.8.127.13:500, len=224, vrf=0, id=fe5a8aecb8aa6817/000000000000
    0000
    ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
    ike 2: IKEv2 exchange=SA_INIT_RESPONSE id=fe5a8aecb8aa6817/ceaaa7c0b3bee581 len=216
    ike 2: in
    FE5A8AECB8AA6817CEAAA7C0B3BEE5812120222000000000000000D8220000300000002C01010004030
    0000C0100000C800E0100030000080200000503000008
    0300000C000000080400001428000068001400006FC67B8ADAA69B26E71E75DA22FE024B83943A6FA80
    A020300F95D442A3A7683D094CB7B5F56CE5829B0D99386792314CF
    E7E2EF6C6223641148922B46230D2E5B173C503C7697F1C070AC47478676FA4AB1DCFF3A16F29D638EC
    25AD029249400000024E8B6B670FCA221C40BB8E51E0F1FF014AA1E
    EE3D3A11828C2C660FC65FAA0E10
    ike 2:Israel-127.13:1796213: initiator received SA_INIT response
    ike 2:Israel-127.13:1796213: incoming proposal:
    ike 2:Israel-127.13:1796213: proposal id = 1:
    ike 2:Israel-127.13:1796213: protocol = IKEv2:
    ike 2:Israel-127.13:1796213: encapsulation = IKEv2/none
    ike 2:Israel-127.13:1796213: type=ENCR, val=AES_CBC (key_len = 256)
    ike 2:Israel-127.13:1796213: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
    ike 2:Israel-127.13:1796213: type=PRF, val=PRF_HMAC_SHA2_256
    ike 2:Israel-127.13:1796213: type=DH_GROUP, val=ECP384.
    ike 2:Israel-127.13:1796213: matched proposal id 1
    ike 2:Israel-127.13:1796213: proposal id = 1:
    ike 2:Israel-127.13:1796213: protocol = IKEv2:
    ike 2:Israel-127.13:1796213: encapsulation = IKEv2/none
    ike 2:Israel-127.13:1796213: type=ENCR, val=AES_CBC (key_len = 256)
    ike 2:Israel-127.13:1796213: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
    ike 2:Israel-127.13:1796213: type=PRF, val=PRF_HMAC_SHA2_256
    ike 2:Israel-127.13:1796213: type=DH_GROUP, val=ECP384.
    ike 2:Israel-127.13:1796213: lifetime=86400
    ike 2:Israel-127.13:1796213: compute DH shared secret request queued
    ike 2:Israel-127.13:1796213: IKE SA fe5a8aecb8aa6817/ceaaa7c0b3bee581 SK_ei
    32:258F1FCF3BC261858BF1331FA0779DE101C760446DC1F2DF85B60D5D20B
    90F27
    ike 2:Israel-127.13:1796213: IKE SA fe5a8aecb8aa6817/ceaaa7c0b3bee581 SK_er
    32:84E270C83E4238404ED651A910BDE0A2DA489AC5F46B1CA5C20973E8D33
    AEDD1
    ike 2:Israel-127.13:1796213: IKE SA fe5a8aecb8aa6817/ceaaa7c0b3bee581 SK_ai
    32:C333956A596DC6E0A5402157D3EA272FE50E2A0D7F5AAFBDDF4DA6CF204
    5CE78
    ike 2:Israel-127.13:1796213: IKE SA fe5a8aecb8aa6817/ceaaa7c0b3bee581 SK_ar
    32:D22E17F796454EC2E88555C10E1209961E447C8CD85EBB665BC3CA5BC42
    E4427
    ike 2:Israel-127.13:1796213: initiator preparing AUTH msg
    ike 2:Israel-127.13:1796213: sending INITIAL-CONTACT
    ike 2:Israel-127.13:1796213: enc
    2900000C01000000C008CA7927000008000040002900002802000000CDCB6EFFEFCF47F1A138AAB57F7
    96B193D6F9D7E7F250F65E
    9D55ED0058DA0A121000008000040242C00002C000000280103040357FD1A300300000C0100000C800E
    0100030000080300000C00000008050000002D00001801000000070
    000100000FFFF00000000FFFFFFFF0000001801000000070000100000FFFF00000000FFFFFFFF0F0E0D
    0C0B0A0908070605040302010F
    ike 2:Israel-127.13:1796213: out
    FE5A8AECB8AA6817CEAAA7C0B3BEE5812E20230800000001000000F0230000D458F7BFE1B77778BA3DC
    E226F26E6F8D8DE2C0F558
    990FBE533A0BE913D959CD0F1B2209F1B5C56143D232E52D836F01EC34761B75A25D7287C20F1F37634
    A40784D9C26FF62E2D0C2B4F805D80878580C1559505D61F0653FEA
    602D3DF95C5AD74AA2746F5AD06BB9FD13EAC0AEB0ADCCC8C0311EE13E76DADB59D746EC9225B5A8B7C
    DE770B4C7C545734F736DE35D2E47DA808A73D5EBA1578986712E90
    91BF5572E50AC0D518F2FA844A60692D31B0226E97E619B7690AB17653A9581C062EDFE189F0DEA0814
    B2CD08EE21B03597
    ike 2:Israel-127.13:1796213: sent IKE msg (AUTH): 192.8.202.121:500-
    >192.8.127.13:500, len=240, vrf=0, id=fe5a8aecb8aa6817/ceaaa7c0b3bee58
    1:00000001
    ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
    ike 2: IKEv2 exchange=AUTH_RESPONSE id=fe5a8aecb8aa6817/ceaaa7c0b3bee581:00000001
    len=80
    ike 2: in
    FE5A8AECB8AA6817CEAAA7C0B3BEE5812E2023200000000100000050290000341E2ECE63DEE11458639
    E19EF0486667120182AF490902648641FE49D1C09D1F3
    765EA026D8FCDA25C0A70238C7235AC2
    ike 2:Israel-127.13: HA state master(2)
    ike 2:Israel-127.13:1796213: dec
    FE5A8AECB8AA6817CEAAA7C0B3BEE5812E2023200000000100000028290000040000000800000018
    ike 2:Israel-127.13:1796213: initiator received AUTH msg
    ike 2:Israel-127.13:1796213: received notify type AUTHENTICATION_FAILED
    ike 2:Israel-127.13:1796213: schedule delete of IKE SA
    fe5a8aecb8aa6817/ceaaa7c0b3bee581
    ike 2:Israel-127.13:1796213: scheduled delete of IKE SA
    fe5a8aecb8aa6817/ceaaa7c0b3bee581
    ike 2:Israel-127.13: connection expiring due to phase1 down
    ike 2:Israel-127.13: deleting
    ike 2:Israel-127.13: deleted
    ike 2:Israel-127.13: schedule auto-negotiate
    ike 2:Israel-127.13:Blr_lab-to-Israel: chosen to populate IKE_SA traffic-selectors
    ike 2:Israel-127.13: no suitable IKE_SA, queuing CHILD_SA request and initiating
    IKE_SA negotiation
    ike 2:Israel-127.13:1796233: generate DH public value request queued
    ike 2:Israel-127.13:1796233: out
    B5999FCE5A0E78EF00000000000000002120220800000000000000E0220000300000002C01010004030
    0000C0100000C800E01000
    300000802000005030000080300000C00000008040000142800006800140000500F73520F8A679CF985
    C37E4F22AE327E5844EA35C3F8FCCE09E6F7A3A0A29FC8D9D864F52
    DC468E6ACD521810340B81D9FE26B5CF351EB1286B0AED99E94B493324BC501657B71F3ABB3385B22CD
    FF4F65E67069FB294A0C4BC4828E00DB55290000243FB58FA19B140
    09F69BF9E15E48002E0AFBDA1957B7A317A2F2BD5DF3A073C35000000080000402E
    ike 2:Israel-127.13:1796233: sent IKE msg (SA_INIT): 192.8.202.121:500-
    >192.8.127.13:500, len=224, vrf=0, id=b5999fce5a0e78ef/000000000000
    0000
    ike shrank heap by 159744 bytes
    ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
    ike 2: IKEv2 exchange=SA_INIT_RESPONSE id=b5999fce5a0e78ef/2b2f7fd9bc3dedc1 len=216
    ike 2: in
    B5999FCE5A0E78EF2B2F7FD9BC3DEDC12120222000000000000000D8220000300000002C01010004030
    0000C0100000C800E0100030000080200000503000008
    0300000C0000000804000014280000680014000039DD82B053A9924EC1C39AE6A257426141C649C6B28
    D5828CC19D8D62234B093428D5A56EA1D291337210D870FC04CBCB0
    FCFE63B8CA66273896C5E3B6C6D1013A1059B9556D4D470636CAC121AE9C346AE2DC5DE199853AF20C7
    C7828992E2E00000024E3BB95DB6521E73BE96355C9CF03A8527418
    0D39F159BC6AE15E45E0BE07F9D8
    ike 2:Israel-127.13:1796233: initiator received SA_INIT response
    ike 2:Israel-127.13:1796233: incoming proposal:
    ike 2:Israel-127.13:1796233: proposal id = 1:
    ike 2:Israel-127.13:1796233: protocol = IKEv2:
    ike 2:Israel-127.13:1796233: encapsulation = IKEv2/none
    ike 2:Israel-127.13:1796233: type=ENCR, val=AES_CBC (key_len = 256)
    ike 2:Israel-127.13:1796233: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
    ike 2:Israel-127.13:1796233: type=PRF, val=PRF_HMAC_SHA2_256
    ike 2:Israel-127.13:1796233: type=DH_GROUP, val=ECP384.
    ike 2:Israel-127.13:1796233: matched proposal id 1
    ike 2:Israel-127.13:1796233: proposal id = 1:
    ike 2:Israel-127.13:1796233: protocol = IKEv2:
    ike 2:Israel-127.13:1796233: encapsulation = IKEv2/none
    ike 2:Israel-127.13:1796233: type=ENCR, val=AES_CBC (key_len = 256)
    ike 2:Israel-127.13:1796233: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
    ike 2:Israel-127.13:1796233: type=PRF, val=PRF_HMAC_SHA2_256
    ike 2:Israel-127.13:1796233: type=DH_GROUP, val=ECP384.
    ike 2:Israel-127.13:1796233: lifetime=86400
    ike 2:Israel-127.13:1796233: compute DH shared secret request queued
    ike 2:Israel-127.13:1796233: IKE SA b5999fce5a0e78ef/2b2f7fd9bc3dedc1 SK_ei
    32:610F7DF5B3398EBD45D1BAB5BE47CD6786E7F8ED43A1743E15DF3C04AB8
    CA653
    ike 2:Israel-127.13:1796233: IKE SA b5999fce5a0e78ef/2b2f7fd9bc3dedc1 SK_er
    32:D51B496ADEB4D3E54837A595D38709CD2CB95BE7A78FF156F8D24EDCDD6
    860EE
    ike 2:Israel-127.13:1796233: IKE SA b5999fce5a0e78ef/2b2f7fd9bc3dedc1 SK_ai
    32:D7C9BCCBBD7058A967F50351C7FB473E6116BCE8BA725B45045A9DFA414
    213A1
    ike 2:Israel-127.13:1796233: IKE SA b5999fce5a0e78ef/2b2f7fd9bc3dedc1 SK_ar
    32:F37AA8D637A3F158D6AAF3F4186BF24D9D38766FB47A06D9743D71C7BF6
    0BF05
    ike 2:Israel-127.13:1796233: initiator preparing AUTH msg
    ike 2:Israel-127.13:1796233: sending INITIAL-CONTACT
    ike 2:Israel-127.13:1796233: enc
    2900000C01000000C008CA7927000008000040002900002802000000D0D5DA9C51C01B05BEF44284F3F
    AE0E1BD26A2253B770B2A5
    889DB224C119D7521000008000040242C00002C000000280103040357FD1A320300000C0100000C800E
    0100030000080300000C00000008050000002D00001801000000070
    000100000FFFF00000000FFFFFFFF0000001801000000070000100000FFFF00000000FFFFFFFF0F0E0D
    0C0B0A0908070605040302010F
    ike 2:Israel-127.13:1796233: out B5999FCE5A0E78EF2B2F7FD9BC3DEDC12E202308
    0000001000000F0230000D4E6485977B4445A2DF0EFCE9F9DCBEB3F4D1118C30344B2E9E97B5157A7E8
    6D5F3A78ADC50A7E50B17D1C60546951A2BB1533239BB53CD57FEC8
    D729AA0DFAD4A555721218BB08E803C0872D598E1B3797441561A003BE0677E4CC42ADAEDAB31BB0343
    F5EF928203FB80ECDFDDF7E1B044DE2667230872EF8A6F3F80A1E43
    FD4BF34C95EFD2A995550AD71FF45298C0E5E7F9BD200EBEE9FCB44178C1048D592EC8D157F0CDE57E5
    DA748307D548A22E9E641BC454F8F8BD98FBC08F02032A7E2CCD862
    71AA8E0FB8F623EE610646AEB
    ike 2:Israel-127.13:1796233: sent IKE msg (AUTH): 192.8.202.121:500-
    >192.8.127.13:500, len=240, vrf=0, id=b5999fce5a0e78ef/2b2f7fd9bc3dedc
    1:00000001
    ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
    ike 2: IKEv2 exchange=AUTH_RESPONSE id=b5999fce5a0e78ef/2b2f7fd9bc3dedc1:00000001
    len=80
    ike 2: in
    B5999FCE5A0E78EF2B2F7FD9BC3DEDC12E202320000000010000005029000034A05232CA75949B796C9
    FE7D7CD48C0CF6AE0F5C06DB74AEC1DB9385756C540A4
    447D807B96073104127ABD8D5E90EF9D
    ike 2:Israel-127.13: HA state master(2)
    ike 2:Israel-127.13:1796233: dec
    B5999FCE5A0E78EF2B2F7FD9BC3DEDC12E2023200000000100000028290000040000000800000018
    ike 2:Israel-127.13:1796233: initiator received AUTH msg
    ike 2:Israel-127.13:1796233: received notify type AUTHENTICATION_FAILED
    ike 2:Israel-127.13:1796233: schedule delete of IKE SA
    b5999fce5a0e78ef/2b2f7fd9bc3dedc1
    ike 2:Israel-127.13:1796233: scheduled delete of IKE SA
    b5999fce5a0e78ef/2b2f7fd9bc3dedc1
    ike 2:Israel-127.13: connection expiring due to phase1 down
    ike 2:Israel-127.13: deleting
    ike 2:Israel-127.13: deleted
    ike 2:Israel-127.13: schedule auto-negotiate
    ike 2:Israel-127.13:Blr_lab-to-Israel: chosen to populate IKE_SA traffic-selectors
    ike 2:Israel-127.13: no suitable IKE_SA, queuing CHILD_SA request and initiating
    IKE_SA negotiation
    ike 2:Israel-127.13:1796253: generate DH public value request queued
    ike 2:Israel-127.13:1796253: out
    4A0D0938BC749D5000000000000000002120220800000000000000E0220000300000002C01010004030
    0000C0100000C800E01000
    300000802000005030000080300000C00000008040000142800006800140000943FAF2A01D82E4A3B3C
    1964DC9459B51B49DC7A8BFF46A444C52CAD97ADD61B8DA3BB39E1D
    9F3AD2283AEC426A3C912AE252E7C0186596B0BF08D329D775A3F4A2C75A8212F7AB90E8796F9292300
    DC83235974469F3B4AB66C02CD73CF9C4729000024954413198F477
    50CBD118994CF395B34D8436C2D94104F66FF0DAF7371B9AA45000000080000402E
    ike 2:Israel-127.13:1796253: sent IKE msg (SA_INIT): 192.8.202.121:500-
    >192.8.127.13:500, len=224, vrf=0, id=4a0d0938bc749d50/000000000000
    0000
    ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
    ike 2: IKEv2 exchange=SA_INIT_RESPONSE id=4a0d0938bc749d50/fb3a209de1c88106 len=216
    ike 2: in
    4A0D0938BC749D50FB3A209DE1C881062120222000000000000000D8220000300000002C01010004030
    0000C0100000C800E0100030000080200000503000008
    0300000C00000008040000142800006800140000DFAEAF3676103D22174114AE4D2112DF27579F5EA68
    06587180D8871E32B9E14CA907BF3004C7940320D72AF3DE821C984
    02072EA584AB8E03A5150B10B278400696FC9EC2A9AF0151BCE2CC74388D2F56D0CA954E7FDF81AC496
    AD8637E9B4E0000002409C18D2A43C04DE455BE1AF0E38AAD66EF8C
    754349AEE3E2163737FABA23FDBA
    ike 2:Israel-127.13:1796253: initiator received SA_INIT response
    ike 2:Israel-127.13:1796253: incoming proposal:
    ike 2:Israel-127.13:1796253: proposal id = 1:
    ike 2:Israel-127.13:1796253: protocol = IKEv2:
    ike 2:Israel-127.13:1796253: encapsulation = IKEv2/none
    ike 2:Israel-127.13:1796253: type=ENCR, val=AES_CBC (key_len = 256)
    ike 2:Israel-127.13:1796253: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
    ike 2:Israel-127.13:1796253: type=PRF, val=PRF_HMAC_SHA2_256
    ike 2:Israel-127.13:1796253: type=DH_GROUP, val=ECP384.
    ike 2:Israel-127.13:1796253: matched proposal id 1
    ike 2:Israel-127.13:1796253: proposal id = 1:
    ike 2:Israel-127.13:1796253: protocol = IKEv2:
    ike 2:Israel-127.13:1796253: encapsulation = IKEv2/none
    ike 2:Israel-127.13:1796253: type=ENCR, val=AES_CBC (key_len = 256)
    ike 2:Israel-127.13:1796253: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
    ike 2:Israel-127.13:1796253: type=PRF, val=PRF_HMAC_SHA2_256
    ike 2:Israel-127.13:1796253: type=DH_GROUP, val=ECP384.
    ike 2:Israel-127.13:1796253: lifetime=86400
    ike 2:Israel-127.13:1796253: compute DH shared secret request queued
    ike 2:Israel-127.13:1796253: IKE SA 4a0d0938bc749d50/fb3a209de1c88106 SK_ei
    32:3007A24FC395AE31347976B04365230493CB3FEE83DBBF1A9E4366E8054
    4CEC5
    ike 2:Israel-127.13:1796253: IKE SA 4a0d0938bc749d50/fb3a209de1c88106 SK_er
    32:5B008F8113846290C59C5A74D53FDC3C5867D4DE7F00D93CD85F4D2AA4A
    91C16
    ike 2:Israel-127.13:1796253: IKE SA 4a0d0938bc749d50/fb3a209de1c88106 SK_ai
    32:12345637739A87643AC6E72886124906FDD2D981D30CA69EC7D64D7D221
    C7865
    ike 2:Israel-127.13:1796253: IKE SA 4a0d0938bc749d50/fb3a209de1c88106 SK_ar
    32:82E0CC10AD1F1513EF5E599A22144FE41FD665118949BE8D0B619B01CEB
    79229
    ike 2:Israel-127.13:1796253: initiator preparing AUTH msg
    ike 2:Israel-127.13:1796253: sending INITIAL-CONTACT
    ike 2:Israel-127.13:1796253: enc
    2900000C01000000C008CA7927000008000040002900002802000000312DE1CFD328C3E3DCF37887F0E
    91101DDC57593F425736F7
    DD168823CCFD1D621000008000040242C00002C000000280103040357FD1A360300000C0100000C800E
    0100030000080300000C00000008050000002D00001801000000070
    000100000FFFF00000000FFFFFFFF0000001801000000070000100000FFFF00000000FFFFFFFF0F0E0D
    0C0B0A0908070605040302010F
    ike 2:Israel-127.13:1796253: out
    4A0D0938BC749D50FB3A209DE1C881062E20230800000001000000F0230000D470301E08838F35FA634
    6CF9535302C95C55FF50EA
    458A52C02CD7149592A443CA48138C5675CE0FCC40761CB3ED6AA516B39FCE18882F86807F095DFA2D6
    B5BFE3D0A297EF5E221B240CF3A41A734FEA9DB5FA0A8DF1CBAFCDB
    4B5470E7E202F06154A1ED2D6EDD546AD01258C1F3640D03D4522B4D1187236D3CC10765AD1F8408563
    1EC10A1CFAC4E61E09482C39D6096C4DA5C622A05875E34FC55591A
    5190A02EC352FA0029A4E261C639BBE319C6C434BB6FB984D9586C9C5E62EEE285A8C74ECAD0DE76312
    8FC8200388AB96FA
    ike 2:Israel-127.13:1796253: sent IKE msg (AUTH): 192.8.202.121:500-
    >192.8.127.13:500, len=240, vrf=0, id=4a0d0938bc749d50/fb3a209de1c8810
    6:00000001
    ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
    ike 2: IKEv2 exchange=AUTH_RESPONSE id=4a0d0938bc749d50/fb3a209de1c88106:00000001
    len=80
    ike 2: in
    4A0D0938BC749D50FB3A209DE1C881062E202320000000010000005029000034E7D6684CF8FD5C53E1F
    1B076312021D4F38CD4BF3A59A01D82DC24408C753AEA
    9B926DE7611B4922C6A265B57BED4CB7
    ike 2:Israel-127.13: HA state master(2)
    ike 2:Israel-127.13:1796253: dec
    4A0D0938BC749D50FB3A209DE1C881062E2023200000000100000028290000040000000800000018
    ike 2:Israel-127.13:1796253: initiator received AUTH msg
    ike 2:Israel-127.13:1796253: received notify type AUTHENTICATION_FAILED
    ike 2:Israel-127.13:1796253: schedule delete of IKE SA
    4a0d0938bc749d50/fb3a209de1c88106
    ike 2:Israel-127.13:1796253: scheduled delete of IKE SA
    4a0d0938bc749d50/fb3a209de1c88106
    ike 2:Israel-127.13: connection expiring due to phase1 down
    ike 2:Israel-127.13: deleting
    ike 2:Israel-127.13: deleted
    ike 2:Israel-127.13: schedule auto-negotiate

    FortiGate-2601F (vsys3) # ike 2:Israel-127.13:Blr_lab-to-Israel: chosen to populate


    IKE_SA traffic-selectors
    ike 2:Israel-127.13: no suitable IKE_SA, queuing CHILD_SA request and initiating
    IKE_SA negotiation
    ike 2:Israel-127.13:1796272: generate DH public value request queued
    ike 2:Israel-127.13:1796272: out
    E47684B97E80F7E500000000000000002120220800000000000000E0220000300000002C01010004030
    0000C0100000C800E01000
    300000802000005030000080300000C00000008040000142800006800140000E8CDF1D9E3C78AFAD8D2
    D78317A7617BDAAD664E9DE1CA083ACED48BCCEF04C3926FD0CEE80
    7B979D155625FDF8E686926BF5E5BA3FE867C7DB09DCF7333076D29818272E9241C884D2477DC4CD08A
    805F968B6424E8022DD691FA78297ED6C429000024C370668775480
    BDFB2A2E62D889E318D30E64AB7E7DE40024D42168C8123671A000000080000402E
    ike 2:Israel-127.13:1796272: sent IKE msg (SA_INIT): 192.8.202.121:500-
    >192.8.127.13:500, len=224, vrf=0, id=e47684b97e80f7e5/000000000000
    0000
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) # ike 2:Israel-127.13:Blr_lab-to-Israel: IPsec SA connect 9
    192.8.202.121->192.8.127.13:0
    ike 2:Israel-127.13:Blr_lab-to-Israel: using existing connection
    ike 2:Israel-127.13:Blr_lab-to-Israel: config found
    ike 2:Israel-127.13: request is on the queue
    ike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
    ike 2: IKEv2 exchange=SA_INIT_RESPONSE id=e47684b97e80f7e5/c822b7dad6f398bb len=216
    ike 2: in
    E47684B97E80F7E5C822B7DAD6F398BB2120222000000000000000D8220000300000002C01010004030
    0000C0100000C800E0100030000080200000503000008
    0300000C000000080400001428000068001400008B8AF84AF8B29E3887D08AAA3BDA49D4DFFCBD3C3C4
    91CC02032AFA67EEE5645299D0D2F6531EAFBC8E1D7B9A301E1F8E3
    D5979E803691139CB322198BAB00DE697F80E0DE1D9132E2F0418B5BC2F8E6EA3631AC7AFAB56D284AC
    57C9905471100000024AFBCDD79FC48687887FBBBAC4A38FD7B9C8A
    A3A8FCAB050539920AD713202A30
    ike 2:Israel-127.13:1796272: initiator received SA_INIT response
    ike 2:Israel-127.13:1796272: incoming proposal:
    ike 2:Israel-127.13:1796272: proposal id = 1:
    ike 2:Israel-127.13:1796272: protocol = IKEv2:
    ike 2:Israel-127.13:1796272: encapsulation = IKEv2/none
    ike 2:Israel-127.13:1796272: type=ENCR, val=AES_CBC (key_len = 256)
    ike 2:Israel-127.13:1796272: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
    ike 2:Israel-127.13:1796272: type=PRF, val=PRF_HMAC_SHA2_256
    ike 2:Israel-127.13:1796272: type=DH_GROUP, val=ECP384.
    ike 2:Israel-127.13:1796272: matched proposal id 1
    ike 2:Israel-127.13:1796272: proposal id = 1:
    ike 2:Israel-127.13:1796272: protocol = IKEv2:
    ike 2:Israel-127.13:1796272: encapsulation = IKEv2/none
    ike 2:Israel-127.13:1796272: type=ENCR, val=AES_CBC (key_len = 256)
    ike 2:Israel-127.13:1796272: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
    ike 2:Israel-127.13:1796272: type=PRF, val=PRF_HMAC_SHA2_256
    ike 2:Israel-127.13:1796272: type=DH_GROUP, val=ECP384.
    ike 2:Israel-127.13:1796272: lifetime=86400
    ike 2:Israel-127.13:1796272: compute DH shared secret request queued
    ike 2:Israel-127.13:1796272: IKE SA e47684b97e80f7e5/c822b7dad6f398bb SK_ei
    32:9A5792DF0ECF9CA666F3B8F4868D921DEFC18B57CE53D19BFF1371C58A2
    6FDEB
    ike 2:Israel-127.13:1796272: IKE SA e47684b97e80f7e5/c822b7dad6f398bb SK_er
    32:F2F206A0FCBD46E5BAAA8958263B2944C23E3E96B9A4209FC213FFCE866
    37336
    ike 2:Israel-127.13:1796272: IKE SA e47684b97e80f7e5/c822b7dad6f398bb SK_ai
    32:589ECBDA7732F0761233470DE2ED9253A6AE0856DBF8301F2897ADE7CAD
    B7C18
    ike 2:Israel-127.13:1796272: IKE SA e47684b97e80f7e5/c822b7dad6f398bb SK_ar
    32:7D301D16555206CBE40DF59B87690036096F36100D98C47B6E4FF85BCB6
    66013
    ike 2:Israel-127.13:1796272: initiator preparing AUTH msg
    ike 2:Israel-127.13:1796272: sending INITIAL-CONTACT
    ike 2:Israel-127.13:1796272: enc
    2900000C01000000C008CA7927000008000040002900002802000000F455890C850798B5B85354AB3F3
    C48A63695729197B13D6DD
    503FDBECFA68F1121000008000040242C00002C000000280103040357FD1A390300000C0100000C800E
    0100030000080300000C00000008050000002D00001801000000070
    000100000FFFF00000000FFFFFFFF0000001801000000070000100000FFFF00000000FFFFFFFF0F0E0D
    0C0B0A0908070605040302010F
    ike 2:Israel-127.13:1796272: out
    E47684B97E80F7E5C822B7DAD6F398BB2E20230800000001000000F0230000D450C754C92C4E8BDA5B5
    E080C0235417A25B6E25AA
    C19321594F2216D1F99E85A62227ACD1DF0BDC40992C3D09B76EAFCCF8F696E8A09336EA33AE07C146E
    4C07D32E83D56417C148C9513DAB97DA16614979DA07A4393F50B4A
    1560ED9D46E5A73ECC681EE56B8ADB0A01D6FF51509CB2C18120C290AFC72DD38FCDA725C71710ECB95
    4DEF9C7CE668F9A4D64958AA1913C5E14AE0C218EA52A2258E3C4F4
    CFFF8AD57A978F807B6C41E61EBCC0F7ECE3BD5FD660EBB706386FDD7CD170BDCD419A69C898057411F
    C5F5C8FAC474A482
    ike 2:Israel-127.13:1796272: sent IKE msg (AUTH): 192.8.202.121:500-
    >192.8.127.13:500, len=240, vrf=0, id=e47684b97e80f7e5/c822b7dad6f398b
    b:00000001
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) # ike 2: comes 192.8.127.13:500-
    >192.8.202.121:500,ifindex=9,vrf=0....
    ike 2: IKEv2 exchange=AUTH_RESPONSE id=e47684b97e80f7e5/c822b7dad6f398bb:00000001
    len=80
    ike 2: in
    E47684B97E80F7E5C822B7DAD6F398BB2E202320000000010000005029000034E0C25A66F7D931B018E
    FAC580A448FC0E592B454FA9F3BFFD99573C37A23F76A
    3C9B9EBCBA5340CC63A4A787E1C6E9DA
    ike 2:Israel-127.13: HA state master(2)
    ike 2:Israel-127.13:1796272: dec
    E47684B97E80F7E5C822B7DAD6F398BB2E2023200000000100000028290000040000000800000018
    ike 2:Israel-127.13:1796272: initiator received AUTH msg
    ike 2:Israel-127.13:1796272: received notify type AUTHENTICATION_FAILED
    ike 2:Israel-127.13:1796272: schedule delete of IKE SA
    e47684b97e80f7e5/c822b7dad6f398bb
    ike 2:Israel-127.13:1796272: scheduled delete of IKE SA
    e47684b97e80f7e5/c822b7dad6f398bb
    ike 2:Israel-127.13: connection expiring due to phase1 down
    ike 2:Israel-127.13: deleting
    ike 2:Israel-127.13: deleted
    ike 2:Israel-127.13: schedule auto-negotiate
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) # dike 2:Israel-127.13:Blr_lab-to-Israel: chosen to
    populate IKE_SA traffic-selectors
    ike 2:Israel-127.13: no suitable IKE_SA, queuing CHILD_SA request and initiating
    IKE_SA negotiation
    ike 2:Israel-127.13:1796295: generate DH public value request queued
    ike 2:Israel-127.13:1796295: out
    70582F741BC732E300000000000000002120220800000000000000E0220000300000002C01010004030
    0000C0100000C800E01000
    300000802000005030000080300000C000000080400001428000068001400000FE881A0E2A1CE677C0D
    115B0D9126D9161B52772493ADCF7DB263E2DC1161630764AD22B13
    D44C4CB736395AF1EBA47C411C9F7A30FD94B98C7F3647AA0B5B5DA9332C9B75EEE4DA6EE97C5C280DD
    5BA86D3D9882B2470FE136CA872AE6DAAA2900002452495B700A20F
    C77F78644771003C2B25E5415E44AC286FB6AB409E0E0D1720D000000080000402E
    ike 2:Israel-127.13:1796295: sent IKE msg (SA_INIT): 192.8.202.121:500-
    >192.8.127.13:500, len=224, vrf=0, id=70582f741bc732e3/000000000000
    0000
    iike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
    ike 2: IKEv2 exchange=SA_INIT_RESPONSE id=70582f741bc732e3/8039b6c0b6fde8e9 len=216
    ike 2: in
    70582F741BC732E38039B6C0B6FDE8E92120222000000000000000D8220000300000002C01010004030
    0000C0100000C800E0100030000080200000503000008
    0300000C00000008040000142800006800140000E627AD6A983D5ACC8D54341CE7C2F5CB8668EF7D129
    2847B74E8520921AE0BCF87D74FBFCA2D5FD0D4D9D394E5AB437719
    510A9A7CD280789B1A555A768FC53FF2A60C893483FF04C52CF60B5E00965DF774E0D6B5A9138826F2B
    1A6FA2194D80000002441CA5DA7E9C0D6675606CB5459E67123325A
    CE72799FA42ED49A46696ADE97CE
    ike 2:Israel-127.13:1796295: initiator received SA_INIT response
    ike 2:Israel-127.13:1796295: incoming proposal:
    ike 2:Israel-127.13:1796295: proposal id = 1:
    ike 2:Israel-127.13:1796295: protocol = IKEv2:
    ike 2:Israel-127.13:1796295: encapsulation = IKEv2/none
    ike 2:Israel-127.13:1796295: type=ENCR, val=AES_CBC (key_len = 256)
    ike 2:Israel-127.13:1796295: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
    ike 2:Israel-127.13:1796295: type=PRF, val=PRF_HMAC_SHA2_256
    ike 2:Israel-127.13:1796295: type=DH_GROUP, val=ECP384.
    ike 2:Israel-127.13:1796295: matched proposal id 1
    ike 2:Israel-127.13:1796295: proposal id = 1:
    ike 2:Israel-127.13:1796295: protocol = IKEv2:
    ike 2:Israel-127.13:1796295: encapsulation = IKEv2/none
    ike 2:Israel-127.13:1796295: type=ENCR, val=AES_CBC (key_len = 256)
    ike 2:Israel-127.13:1796295: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
    ike 2:Israel-127.13:1796295: type=PRF, val=PRF_HMAC_SHA2_256
    ike 2:Israel-127.13:1796295: type=DH_GROUP, val=ECP384.
    ike 2:Israel-127.13:1796295: lifetime=86400
    ike 2:Israel-127.13:1796295: compute DH shared secret request queued
    ike 2:Israel-127.13:1796295: IKE SA 70582f741bc732e3/8039b6c0b6fde8e9 SK_ei
    32:908B708797126D611105FECD295236F0DBF0452DB7D7DD4710D17423575
    57728
    ike 2:Israel-127.13:1796295: IKE SA 70582f741bc732e3/8039b6c0b6fde8e9 SK_er
    32:8DEF37056E445BE3ECACDCD6EB6101A024A314D9AD57C69DEDE17DAB3E4
    F85D5
    ike 2:Israel-127.13:1796295: IKE SA 70582f741bc732e3/8039b6c0b6fde8e9 SK_ai
    32:687EA2CAAA684ADFFB8C7818FBC538C21B975DCE96702D218B58B719B80
    6A24A
    ike 2:Israel-127.13:1796295: IKE SA 70582f741bc732e3/8039b6c0b6fde8e9 SK_ar
    32:7CBC3440D562F1ACBFAFB13E8981CECD3B54FCCAA6942B6FD98881F9311
    C2EE8
    ike 2:Israel-127.13:1796295: initiator preparing AUTH msg
    ike 2:Israel-127.13:1796295: sending INITIAL-CONTACT
    ike 2:Israel-127.13:1796295: enc
    2900000C01000000C008CA7927000008000040002900002802000000BEE7BC8A28E485BE74AECC31299
    DB076A53903AD9D39E01BA
    6600954D2747BF321000008000040242C00002C000000280103040357FD1A3C0300000C0100000C800E
    0100030000080300000C00000008050000002D00001801000000070
    000100000FFFF00000000FFFFFFFF0000001801000000070000100000FFFF00000000FFFFFFFF0F0E0D
    0C0B0A0908070605040302010F
    ike 2:Israel-127.13:1796295: out
    70582F741BC732E38039B6C0B6FDE8E92E20230800000001000000F0230
    00D4999C09BE588CAF767AD3078DF2F78E637B8C41EB3C020644EDAC8F4CA194B8D6F6B67290C5C74E5
    2A6D11E2851BC2926858A5D3B5ABA9BB20B0E06CE5C5EBE4A128A08
    0A5D20A007C0122609671031ED19D88CCBF423ABF9D4ACBF054DBB85921243D84EA0A3287CDF83AAA9A
    5EB6BA0193AEBD5F2D03DA3AA86E89166661B5C87B6F53D056A82A7
    5E33456B6DD6C26ED2A617F0A3FF6B49918DA13D5A15DD76A668985BDC9CC12AF886D1F3268A1F8493C
    453B2828E14FC2080F7FF120B4D0E188C204BCD3250637B73BF9970
    221F4A
    ike 2:Israel-127.13:1796295: sent IKE msg (AUTH): 192.8.202.121:500-
    >192.8.127.13:500, len=240, vrf=0, id=70582f741bc732e3/8039b6c0b6fde8e
    9:00000001
    deike 2: comes 192.8.127.13:500->192.8.202.121:500,ifindex=9,vrf=0....
    ike 2: IKEv2 exchange=AUTH_RESPONSE id=70582f741bc732e3/8039b6c0b6fde8e9:00000001
    len=80
    ike 2: in
    70582F741BC732E38039B6C0B6FDE8E92E202320000000010000005029000034570C1E8890585FCCC31
    02DEFE5A838246C7B447B722210C90E8D545C6F1F3393
    BA48D982BD89DD47E49A64E27C220C9D
    ike 2:Israel-127.13: HA state master(2)
    ike 2:Israel-127.13:1796295: dec
    70582F741BC732E38039B6C0B6FDE8E92E2023200000000100000028290000040000000800000018
    ike 2:Israel-127.13:1796295: initiator received AUTH msg
    ike 2:Israel-127.13:1796295: received notify type AUTHENTICATION_FAILED
    ike 2:Israel-127.13:1796295: schedule delete of IKE SA
    70582f741bc732e3/8039b6c0b6fde8e9
    ike 2:Israel-127.13:1796295: scheduled delete of IKE SA
    70582f741bc732e3/8039b6c0b6fde8e9
    ike 2:Israel-127.13: connection expiring due to phase1 down
    ike 2:Israel-127.13: deleting
    ike 2:Israel-127.13: deleted
    ike 2:Israel-127.13: schedule auto-negotiate
    di

    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #
    FortiGate-2601F (vsys3) #

    You might also like