A Networker Blog.-

Sample Configuration ISAKMP on Aggressive Mode on IOS

Posted in Cisco by vcappuccio on 03/08/2009
Router 3 Configuration
</pre>
</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">!</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">hostname R3</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">no ip domain lookup</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">!</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">crypto isakmp policy 10</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">authentication pre-share</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">group 2</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">crypto isakmp key CISCO address 10.1.12.1</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">crypto isakmp profile AP</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">keyring default</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">match identity address 10.1.12.1 255.255.255.255</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">initiate mode aggressive</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">!</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">!</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">crypto ipsec transform-set X esp-3des esp-md5-hmac</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">!</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">crypto map X isakmp-profile AP</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">crypto map X 10 ipsec-isakmp</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">set peer 10.1.12.1</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">set transform-set X</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">match address 101</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">!</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">!</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">interface Loopback0</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ip address 3.3.3.3 255.255.255.255</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">!</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">interface FastEthernet0/0</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ip address 10.1.23.3 255.255.255.0</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">crypto map X</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">!</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ip route 0.0.0.0 0.0.0.0 10.1.23.2</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">!</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">access-list 101 permit ip host 3.3.3.3 host 1.1.1.1</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">!</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">control-plane</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">!</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">line con 0</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">exec-timeout 0 0</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">logging synchronous</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">!</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">end</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">
Router 1 Configuration
</pre>
</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">!</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">hostname R1</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">!</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ip cef</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">!</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">no ip domain lookup</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">!</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">crypto isakmp policy 10</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">authentication pre-share</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">group 2</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">crypto isakmp key CISCO address 10.1.23.3</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">crypto isakmp profile AP</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">keyring default</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">match identity address 10.1.23.3 255.255.255.255</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">initiate mode aggressive</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">!</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">!</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">crypto ipsec transform-set X esp-3des esp-md5-hmac</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">!</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">crypto map X isakmp-profile AP</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">crypto map X 10 ipsec-isakmp</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">set peer 10.1.23.3</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">set transform-set X</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">match address 101</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">!</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">!</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">interface Loopback0</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ip address 1.1.1.1 255.255.255.255</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">!</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">interface FastEthernet0/0</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ip address 10.1.12.1 255.255.255.0</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">crypto map X</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">!</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ip route 0.0.0.0 0.0.0.0 10.1.12.2</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">!</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">line con 0</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">exec-timeout 0 0</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">logging synchronous</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">end</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">
Crypto Isakmp and IPSec Debug
</pre>
</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R1#ping 3.3.3.3 so lo0</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">Type escape sequence to abort.</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">Packet sent with a source address of 1.1.1.1</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP: received ke message (1/1)</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:0:N/A:0): SA request profile is AP</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP: Created a peer struct for 10.1.23.3, peer port 500</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP: New peer created peer = 0x66674D40 peer_handle = 0x8000000E</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP: Locking peer struct 0x66674D40, IKE refcount 1 for isakmp_initiator</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP: local port 500, remote port 500</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP: set new node 0 to QM_IDLE</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">insert sa successfully sa = 6593DB20</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:0:N/A:0):Found ADDRESS key in keyring default</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-07 ID</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-03 ID</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-02 ID</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1):SA is doing pre-shared key authentication using id type ID_IPV</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">4_ADDR</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP (0:134217729): ID payload</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">next-payload : 13</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">type         : 1</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">address      : 10.1.12.1</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">protocol     : 17</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">port         : 0</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">length       : 12</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1):Total payload length: 12</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_AM</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1):Old State = IKE_READY  New State = IKE_I_AM1</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1): beginning Aggressive Mode exchange</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1): sending packet to 10.1.23.3 my_port 500 peer_port 500 (I) AG_</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">INIT_EXCH</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP (0:134217729): received packet from 10.1.23.3 dport 500 sport 500 Global</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">(I) AG_INIT_EXCH</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1): processing SA payload. message ID = 0</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1): processing ID payload. message ID = 0</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP (0:134217729): ID payload</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">next-payload : 10</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">type         : 1</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">address      : 10.1.23.3</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">protocol     : 17</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">port         : 0</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">length       : 12</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1): processing vendor id payload</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1): vendor ID is Unity</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1): processing vendor id payload</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1): vendor ID is DPD</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1): processing vendor id payload</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1): speaking to another IOS box!</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1):Found ADDRESS key in keyring default</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1): local preshared key found</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP : Looking for xauth in profile AP</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1.!!!!</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">Success rate is 80 percent (4/5), round-trip min/avg/max = 32/67/128 ms</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R1#:SW:1):Checking ISAKMP transform 1 against priority 10 policy</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:      encryption DES-CBC</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:      hash SHA</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:      default group 2</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:      auth pre-share</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:      life type in seconds</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:      life duration (VPI) of  0x0 0x1 0x51 0x80</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1):atts are acceptable. Next payload is 0</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP (0:134217729): vendor ID is NAT-T v7</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1): processing KE payload. message ID = 0</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1): processing NONCE payload. message ID = 0</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1):Found ADDRESS key in keyring default</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1):SKEYID state generated</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1): processing HASH payload. message ID = 0</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1):SA authentication status:</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">authenticated</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1):SA has been authenticated with 10.1.23.3</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP: Trying to insert a peer 10.1.12.1/10.1.23.3/500/,  and inserted successf</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ully 66674D40.</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1):Send initial contact</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1): sending packet to 10.1.23.3 my_port 500 peer_port 500 (I) AG_</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">INIT_EXCH</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">I</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R1#SAKMP:(0:1:SW:1):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1):Old State = IKE_I_AM1  New State = IKE_P1_COMPLETE</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1):beginning Quick Mode exchange, M-ID of -237983480</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1): sending packet to 10.1.23.3 my_port 500 peer_port 500 (I) QM_</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">IDLE</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1):Node -237983480, Input = IKE_MESG_INTERNAL, IKE_INIT_QM</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1):Old State = IKE_QM_READY  New State = IKE_QM_I_QM1</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP (0:134217729): received packet from 10.1.23.3 dport 500 sport 500 Global</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">(I) QM_IDLE</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP: set new node 1831373174 to QM_IDLE</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1): processing HASH payload. message ID = 1831373174</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1): processing DELETE payload. message ID = 1831373174</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1):peer does not do paranoid keepalives.</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1):deleting node 1831373174 error FALSE reason "Inform</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R1#ational (in) state 1"</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP (0:134217729): received packet from 10.1.23.3 dport 500 sport 500 Global</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">(I) QM_IDLE</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1): processing HASH payload. message ID = -237983480</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1): processing SA payload. message ID = -237983480</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1):Checking IPSec proposal 1</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP: transform 1, ESP_3DES</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:   attributes in transform:</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:      encaps is 1 (Tunnel)</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:      SA life type in seconds</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:      SA life duration (basic) of 3600</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:      SA life type in kilobytes</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:      SA life duration (VPI) of  0x0 0x46 0x50 0x0</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:      authenticator is HMAC-MD5</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1):atts are acceptable.</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1): processing NONCE payload. message ID = -237983480</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1): processing ID payload. message ID = -237983480</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1): processing ID payload. message ID = -237983480</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP: Locking peer struct 0x66674D40, IPSEC refcount 1 for for stuff_ke</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1): Creating IPSec SAs</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">inb</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R1#ound SA from 10.1.23.3 to 10.1.12.1 (f/i)  0/ 0</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">(proxy 3.3.3.3 to 1.1.1.1)</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">has spi 0x2D6A98F and conn_id 0 and flags 2</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">lifetime of 3600 seconds</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">lifetime of 4608000 kilobytes</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">has client flags 0x0</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">outbound SA from 10.1.12.1 to 10.1.23.3 (f/i) 0/0</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">(proxy 1.1.1.1 to 3.3.3.3)</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">has spi -1110400571 and conn_id 0 and flags A</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">lifetime of 3600 seconds</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">lifetime of 4608000 kilobytes</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">has client flags 0x0</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1): sending packet to 10.1.23.3 my_port 500 peer_port 500 (I) QM_</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">IDLE</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1):deleting node -237983480 error FALSE reason "No Error"</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1):Node -237983480, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP:(0:1:SW:1):Old State = IKE_QM_I_QM1  New State = IKE_QM_PHASE2_COMPLETE</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP: Locking peer struct 0x66674D40, IPSEC refcount 2 for from create_transfo</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">rms</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">ISAKMP: Unlocking IPSEC struct 0x66674D40 from create_transforms, count 1</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">R1#</div>
<div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">

Aggressive Mode, one of the two IKE policy modes (aggressive and main), establishes an authenticated IKE SA and keys.

IKE Agg. Configuration

Router 3 Configuration

!
hostname R3
no ip domain lookup
!
crypto isakmp policy 10
 authentication pre-share
 group 2
crypto isakmp key CISCO address 10.1.12.1
crypto isakmp profile AP
   keyring default
   match identity address 10.1.12.1 255.255.255.255
   initiate mode aggressive
!
!
crypto ipsec transform-set X esp-3des esp-md5-hmac
!
crypto map X isakmp-profile AP
crypto map X 10 ipsec-isakmp
 set peer 10.1.12.1
 set transform-set X
 match address 101
!
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.1.23.3 255.255.255.0
 crypto map X
!
ip route 0.0.0.0 0.0.0.0 10.1.23.2
!
access-list 101 permit ip host 3.3.3.3 host 1.1.1.1
!
control-plane
!
line con 0
 exec-timeout 0 0
 logging synchronous
!
end

Router 1 Configuration

!
hostname R1
!
ip cef
!
no ip domain lookup
!
crypto isakmp policy 10
 authentication pre-share
 group 2
crypto isakmp key CISCO address 10.1.23.3
crypto isakmp profile AP
   keyring default
   match identity address 10.1.23.3 255.255.255.255
   initiate mode aggressive
!
!
crypto ipsec transform-set X esp-3des esp-md5-hmac
!
crypto map X isakmp-profile AP
crypto map X 10 ipsec-isakmp
 set peer 10.1.23.3
 set transform-set X
 match address 101
!
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.1.12.1 255.255.255.0
 crypto map X
!
ip route 0.0.0.0 0.0.0.0 10.1.12.2
!
line con 0
 exec-timeout 0 0
 logging synchronous
end

Crypto Isakmp and IPSec Debug


R1#ping 3.3.3.3 so lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
ISAKMP: received ke message (1/1)
ISAKMP:(0:0:N/A:0): SA request profile is AP
ISAKMP: Created a peer struct for 10.1.23.3, peer port 500
ISAKMP: New peer created peer = 0x66674D40 peer_handle = 0x800000E
ISAKMP: Locking peer struct 0x66674D40, IKE refcount 1 for isakmp_initiator
ISAKMP: local port 500, remote port 500
ISAKMP: set new node 0 to QM_IDLE
insert sa successfully sa = 6593DB20
ISAKMP:(0:0:N/A:0):Found ADDRESS key in keyring default
ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-07 ID
ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-03 ID
ISAKMP:(0:0:N/A:0): constructed NAT-T vendor-02 ID
ISAKMP:(0:1:SW:1):SA is doing pre-shared key authentication using id type ID_IPV
4_ADDR
ISAKMP (0:134217729): ID payload
        next-payload : 13
        type         : 1
        address      : 10.1.12.1
        protocol     : 17
        port         : 0
        length       : 12
ISAKMP:(0:1:SW:1):Total payload length: 12
ISAKMP:(0:1:SW:1):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_AM
ISAKMP:(0:1:SW:1):Old State = IKE_READY  New State = IKE_I_AM1
ISAKMP:(0:1:SW:1): beginning Aggressive Mode exchange
ISAKMP:(0:1:SW:1): sending packet to 10.1.23.3 my_port 500 peer_port 500 (I) AG_
INIT_EXCH
ISAKMP (0:134217729): received packet from 10.1.23.3 dport 500 sport 500 Global
(I) AG_INIT_EXCH
ISAKMP:(0:1:SW:1): processing SA payload. message ID = 0
ISAKMP:(0:1:SW:1): processing ID payload. message ID = 0
ISAKMP (0:134217729): ID payload
        next-payload : 10
        type         : 1
        address      : 10.1.23.3
        protocol     : 17
        port         : 0
        length       : 12
ISAKMP:(0:1:SW:1): processing vendor id payload
ISAKMP:(0:1:SW:1): vendor ID is Unity
ISAKMP:(0:1:SW:1): processing vendor id payload
ISAKMP:(0:1:SW:1): vendor ID is DPD
ISAKMP:(0:1:SW:1): processing vendor id payload
ISAKMP:(0:1:SW:1): speaking to another IOS box!
ISAKMP:(0:1:SW:1):Found ADDRESS key in keyring default
ISAKMP:(0:1:SW:1): local preshared key found
ISAKMP : Looking for xauth in profile AP
ISAKMP:(0:1.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 32/67/128 ms
R1#:SW:1):Checking ISAKMP transform 1 against priority 10 policy
ISAKMP:      encryption DES-CBC
ISAKMP:      hash SHA
ISAKMP:      default group 2
ISAKMP:      auth pre-share
ISAKMP:      life type in seconds
ISAKMP:      life duration (VPI) of  0x0 0x1 0x51 0x80
ISAKMP:(0:1:SW:1):atts are acceptable. Next payload is 0
ISAKMP (0:134217729): vendor ID is NAT-T v7
ISAKMP:(0:1:SW:1): processing KE payload. message ID = 0
ISAKMP:(0:1:SW:1): processing NONCE payload. message ID = 0
ISAKMP:(0:1:SW:1):Found ADDRESS key in keyring default
ISAKMP:(0:1:SW:1):SKEYID state generated
ISAKMP:(0:1:SW:1): processing HASH payload. message ID = 0
ISAKMP:(0:1:SW:1):SA authentication status:
        authenticated
ISAKMP:(0:1:SW:1):SA has been authenticated with 10.1.23.3
ISAKMP: Trying to insert a peer 10.1.12.1/10.1.23.3/500/,  and inserted successf
ully 66674D40.
ISAKMP:(0:1:SW:1):Send initial contact
ISAKMP:(0:1:SW:1): sending packet to 10.1.23.3 my_port 500 peer_port 500 (I) AG_
INIT_EXCH
R1#SAKMP:(0:1:SW:1):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
ISAKMP:(0:1:SW:1):Old State = IKE_I_AM1  New State = IKE_P1_COMPLETE
ISAKMP:(0:1:SW:1):beginning Quick Mode exchange, M-ID of -237983480
ISAKMP:(0:1:SW:1): sending packet to 10.1.23.3 my_port 500 peer_port 500 (I) QM_
IDLE
ISAKMP:(0:1:SW:1):Node -237983480, Input = IKE_MESG_INTERNAL, IKE_INIT_QM
ISAKMP:(0:1:SW:1):Old State = IKE_QM_READY  New State = IKE_QM_I_QM1
ISAKMP:(0:1:SW:1):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
ISAKMP:(0:1:SW:1):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
ISAKMP (0:134217729): received packet from 10.1.23.3 dport 500 sport 500 Global
(I) QM_IDLE
ISAKMP: set new node 1831373174 to QM_IDLE
ISAKMP:(0:1:SW:1): processing HASH payload. message ID = 1831373174
ISAKMP:(0:1:SW:1): processing DELETE payload. message ID = 1831373174
ISAKMP:(0:1:SW:1):peer does not do paranoid keepalives.
ISAKMP:(0:1:SW:1):deleting node 1831373174 error FALSE reason "Inform
R1#ational (in) state 1"
ISAKMP (0:134217729): received packet from 10.1.23.3 dport 500 sport 500 Global
(I) QM_IDLE
ISAKMP:(0:1:SW:1): processing HASH payload. message ID = -237983480
ISAKMP:(0:1:SW:1): processing SA payload. message ID = -237983480
ISAKMP:(0:1:SW:1):Checking IPSec proposal 1
ISAKMP: transform 1, ESP_3DES
ISAKMP:   attributes in transform:
ISAKMP:      encaps is 1 (Tunnel)
ISAKMP:      SA life type in seconds
ISAKMP:      SA life duration (basic) of 3600
ISAKMP:      SA life type in kilobytes
ISAKMP:      SA life duration (VPI) of  0x0 0x46 0x50 0x0
ISAKMP:      authenticator is HMAC-MD5
ISAKMP:(0:1:SW:1):atts are acceptable.
ISAKMP:(0:1:SW:1): processing NONCE payload. message ID = -237983480
ISAKMP:(0:1:SW:1): processing ID payload. message ID = -237983480
ISAKMP:(0:1:SW:1): processing ID payload. message ID = -237983480
ISAKMP: Locking peer struct 0x66674D40, IPSEC refcount 1 for for stuff_ke
ISAKMP:(0:1:SW:1): Creating IPSec SAs
        inb
R1#ound SA from 10.1.23.3 to 10.1.12.1 (f/i)  0/ 0
        (proxy 3.3.3.3 to 1.1.1.1)
        has spi 0x2D6A98F and conn_id 0 and flags 2
        lifetime of 3600 seconds
        lifetime of 4608000 kilobytes
        has client flags 0x0
        outbound SA from 10.1.12.1 to 10.1.23.3 (f/i) 0/0
        (proxy 1.1.1.1 to 3.3.3.3)
        has spi -1110400571 and conn_id 0 and flags A
        lifetime of 3600 seconds
        lifetime of 4608000 kilobytes
        has client flags 0x0
ISAKMP:(0:1:SW:1): sending packet to 10.1.23.3 my_port 500 peer_port 500 (I) QM_
IDLE
ISAKMP:(0:1:SW:1):deleting node -237983480 error FALSE reason "No Error"
ISAKMP:(0:1:SW:1):Node -237983480, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
ISAKMP:(0:1:SW:1):Old State = IKE_QM_I_QM1  New State = IKE_QM_PHASE2_COMPLETE
ISAKMP: Locking peer struct 0x66674D40, IPSEC refcount 2 for from create_transfo
rms
ISAKMP: Unlocking IPSEC struct 0x66674D40 from create_transforms, count 1
R1#

Related Post

A Networker Blog

Advertisement

1 comment

One Response

Subscribe to comments with RSS.

  1. IKE – Internet Key Exchange « A Networker Blog said, on 03/08/2009 at 20:11

    [...] The aggressive mode squeezes the IKE SA negotiation into three packets, with all data required for the SA passed by the initiator. The responder sends the proposal, key material, and identification, and authenticates the session in the next packet. The initiator replies by authenticating the session. Negotiation is quicker, and the initiator and responder ID pass in plaintext. ** show crypto isakmp sa [...]


Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.