My log looks slightly different, but I appear to be having the same problem.
This looks to be talking to a cisco device, but I don't have any control over
the other end unfortunately.
Nov 19 15:35:57: Using "config" property group.
Nov 19 15:35:57: Property "config_file" set to: "/etc/inet/ike/config"
Nov 19 15:35:57: Property "ignore_errors" set to: "false"
Nov 19 15:35:57: Property "debug_level" set to: "all"
Nov 19 15:35:57: Property "admin_privilege" set to: "base"
Nov 19 15:35:57: 2009 (-0500) *** in.iked started ***
Nov 19 15:35:57: Loading configuration...
Nov 19 15:35:57: Checking lifetimes in "nullrule"
Nov 19 15:35:57: Using default value for p2 lifetime: 28800 seconds.
Nov 19 15:35:57: p2 softlife too small.
Nov 19 15:35:57: Using default value for p2 soft lifetime: 25920 seconds.
Nov 19 15:35:57: Using default value for p2 idle lifetime: 14400 seconds.
Nov 19 15:35:57: Using default value for p2 byte lifetime: 134217728 kb
Nov 19 15:35:57: Using default value for p2 soft byte lifetime: 120795955 kb
Nov 19 15:35:57: Checking lifetimes in "ivan-london"
Nov 19 15:35:57: Adding rule "ivan-london" to IKE configuration;
Nov 19 15:35:57: mode 256 (any), cookie 4, slot 0; total rules 1
Nov 19 15:35:57: Configuration update succeeded! Updating active databases.
Nov 19 15:35:57: Configuration ok.
Nov 19 15:35:57: Loading preshared keys...
Nov 19 15:35:57: Unique instance of in.iked started.
Nov 19 15:35:57: Adding certificates...
Nov 19 15:35:57: Skipping lo0 address 127.0.0.1
Nov 19 15:35:57: Adding bge0 address 198.67.17.250 to in.iked service list...
Nov 19 15:35:57: Adding entry #1; IP address = 198.67.17.250, interface =
bge0.
Nov 19 15:35:57: Now 1 addresses being serviced.
Nov 19 15:35:57: Adding bge1 address 172.22.1.112 to in.iked service list...
Nov 19 15:35:57: Adding entry #2; IP address = 172.22.1.112, interface = bge1.
Nov 19 15:35:57: Now 2 addresses being serviced.
Nov 19 15:35:57: Adding ip.tun3 address 172.22.1.112 to in.iked service list...
Nov 19 15:35:57: Address already exists: now 2 users
Nov 19 15:35:57: Initializing PF_KEY socket...
Nov 19 15:35:57: ESP initial REGISTER with SADB...
Nov 19 15:35:57: Handling SADB register message from kernel...
Nov 19 15:35:57: AH initial REGISTER with SADB...
Nov 19 15:35:57: Handling SADB register message from kernel...
Nov 19 15:36:04: Handling data on PF_KEY socket:
SADB msg: message type 6 (ACQUIRE), SA
type 0 (UNSPEC),
pid 0, sequence number 4294966367,
error code 0 (Error 0), diag code 0
(No diagnostic), length 25
Nov 19 15:36:04: Inner addresses present,
Nov 19 15:36:04: Doing ACQUIRE....
Nov 19 15:36:04: Trying to get Phase 1 (by itself)...
Nov 19 15:36:04: Looking for an existing Phase 1 SA...
Nov 19 15:36:04: Searching rulebase for src = x.x.x.x[0]
Nov 19 15:36:04: dst = y.y.y.y[0]
Nov 19 15:36:04: Examining rule list.
Nov 19 15:36:04: rule 'ivan-london' 0x4;
Nov 19 15:36:04: local addr x.x.x.x[2568];
Nov 19 15:36:04: remote addr y.y.y.y[2568]
Nov 19 15:36:04: [basic match]
Nov 19 15:36:04: Selected rule: 'ivan-london'
Nov 19 15:36:04: Updating p2_lifetime to 28800 seconds.
Nov 19 15:36:04: Checking lifetimes in "ivan-london"
Nov 19 15:36:04: Starting Phase 1 negotiation...
Nov 19 15:36:04: Constructing local identity payload...
Nov 19 15:36:04: Local ID type: ipv4(any:0,[0..3]=x.x.x.x)
Nov 19 15:36:04: Constructing Phase 1 Transforms:
Our Proposal:
Rule: "ivan-london" ; transform 0
auth_method = 1 (Pre-shared)
hash_alg = 1 (md5)
encr_alg = 5 (3des-cbc)
oakley_group = 2
Nov 19 15:36:04: Phase 1 exchange type=2 (IP), 1 transform(s).
Nov 19 15:36:04: Looking for x.x.x.x[0] in IKE daemon context...
Nov 19 15:36:04: Sending out Vendor IDs, if needed: NAT-T state 0 (INIT)
Nov 19 15:36:04: New Phase 1 negotiation!
Nov 19 15:36:04: Waiting for IKE results.
Nov 19 15:36:04: IKE library: Using default remote port for NAT-T, if active.
Nov 19 15:36:04: Vendor ID from peer:
Nov 19 15:36:04: 0x4048b7d56ebce88525e7de7f00d6c2d3c0000000
Nov 19 15:36:04: Could not find VID description
Nov 19 15:36:04: Determining P1 nonce data length.
Nov 19 15:36:04: NAT-T state 0 (INIT)
Nov 19 15:36:04: IKE library: Using default remote port for NAT-T, if active.
Nov 19 15:36:04: IKE library: Doing port jump in case we need NAT-T. Current
NAT-T state -1
Nov 19 15:36:04: Vendor ID from peer:
Nov 19 15:36:04: 0x12f5f28c457168a9702d9fe274cc0100
Nov 19 15:36:04: Cisco-Unity
Nov 19 15:36:04: Vendor ID from peer:
Nov 19 15:36:04: 0x09002689dfd6b712
Nov 19 15:36:04: XAUTH
Nov 19 15:36:04: Vendor ID from peer:
Nov 19 15:36:04: 0x447f0568a5a8048ca334fdc3b36480cf
Nov 19 15:36:04: Could not find VID description
Nov 19 15:36:04: Vendor ID from peer:
Nov 19 15:36:04: 0x1f07f70eaa6514d3b0fa96542a500407
Nov 19 15:36:04: Could not find VID description
Nov 19 15:36:04: Finding preshared key...
Nov 19 15:36:04: IKE library: Using default remote port for NAT-T, if active.
Nov 19 15:36:04: IKE error: type 10 (Invalid protocol ID), decrypted 1,
received 1
Nov 19 15:36:04: Policy Manager phase 1 info not found! (message type 10
(Invalid protocol ID))
Nov 19 15:36:04: Notifying library that P2 SA is freed.
Nov 19 15:36:04: Local IP = x.x.x.x, Remote IP = y.y.y.y,
Nov 19 15:36:05: IKE library: Using default remote port for NAT-T, if active.
Nov 19 15:36:06: IKE library: Using default remote port for NAT-T, if active.
Nov 19 15:36:08: IKE library: Using default remote port for NAT-T, if active.
Nov 19 15:36:12: IKE library: Using default remote port for NAT-T, if active.
Nov 19 15:36:12: IKE error: type 8194 (No SA established), decrypted 0,
received 1
Nov 19 15:36:12: Policy Manager phase 1 info not found! (message type 8194 (No
SA established))
Nov 19 15:36:12: Notifying library that P2 SA is freed.
Nov 19 15:36:12: Local IP = x.x.x.x, Remote IP = y.y.y.y,
Nov 19 15:36:25: Removing bge0 address x.x.x.x from in.iked service list...
Nov 19 15:36:25: Last reference
Nov 19 15:36:25: Finishing P1 negotiation: NAT-T state -1 (NEVER)
Nov 19 15:36:25: Phase 1 negotiation error: code 8197 (Timeout).
Nov 19 15:36:25: Phase 1 error: code 8197 (Timeout).
Nov 19 15:36:25: Deleting local phase 1 instance.
Nov 19 15:36:25: Looking for x.x.x.x[0] in IKE daemon context...
Nov 19 15:36:25: Sending negative ACQUIRE...
Nov 19 15:36:25: Now 1 addresses being serviced.
in.iked: Received TERM signal...exiting
--
This message posted from opensolaris.org
_______________________________________________
networking-discuss mailing list
[email protected]
