[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Phase1 Proposals Not Chosen with SSH Sentinel Eval. 1.4

To: "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
Subject: Phase1 Proposals Not Chosen with SSH Sentinel Eval. 1.4
From: "Vohra, Meenakshi" <mvohra@iPolicyNet.COM>
Date: Wed, 19 Mar 2003 14:55:49 -0800
Sender: owner-ipsec@lists.tislabs.com

Title: Phase1 Proposals Not Chosen with SSH Sentinel Eval. 1.4

Hello Everyone,

In my Phase1 proposal, I have configured DES, DH1,main mode, 14440 minutes, HMAC-SHA on my VPN Gateway.
Similarly, I have also configured DES,DH1, main mode, 14440 minutes, SHA on SSH Sentinel.
When I start a traffic from my gateway to SSH Sentinel, SSH rejects my proposals with the with the following IKE log at SSH Sentinel. To me all proposals looks ok at both ends. Please suggest.

Regards,
Meenakshi

--- detailed IKE log ----------------------------------------------------------
DEBUG: 0.0.0.0:500 (Responder) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [-1] / 0x00000000 } IP; New SA

DEBUG: 0.0.0.0:500 (Responder) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [-1] / 0x00000000 } IP; Received packet[108] = 0x02a5ee0c 09f11eb6 00000000 00000000 01100200 00000000 0000006c 0d000038 00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 000c0004 00015180 80010001 80030001 80020002 80040001 0d00000c 8db7a418 11221660 0000000c da8e9378 80010000

DEBUG: 0.0.0.0:500 (Responder) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [-1] / 0x00000000 } IP; Packet received[108] = 0x02a5ee0c 09f11eb6 00000000 00000000 01100200 00000000 0000006c 0d000038 00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 000c0004 00015180 80010001 80030001 80020002 80040001 0d00000c 8db7a418 11221660 0000000c da8e9378 80010000

DEBUG: 0.0.0.0:500 (Responder) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [-1] / 0x00000000 } IP; Decode SA: doi = 1, sit = 0x1

DEBUG: 0.0.0.0:500 (Responder) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [-1] / 0x00000000 } IP; Decode SA: Proposal[0] = 1 .protocol[0] = 1, # transforms = 1, spi[0]

DEBUG: 0.0.0.0:500 (Responder) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [-1] / 0x00000000 } IP; Decode SA: trans[0] = 1, id = 1, # sa = #6

DEBUG: 0.0.0.0:500 (Responder) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [-1] / 0x00000000 } IP; Decode SA: da[0], type = 11, value[2] = 0x0001

DEBUG: 0.0.0.0:500 (Responder) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [-1] / 0x00000000 } IP; Decode SA: da[1], type = 12, value[4] = 0x00015180

DEBUG: 0.0.0.0:500 (Responder) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [-1] / 0x00000000 } IP; Decode SA: da[2], type = 1, value[2] = 0x0001

DEBUG: 0.0.0.0:500 (Responder) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [-1] / 0x00000000 } IP; Decode SA: da[3], type = 3, value[2] = 0x0001

DEBUG: 0.0.0.0:500 (Responder) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [-1] / 0x00000000 } IP; Decode SA: da[4], type = 2, value[2] = 0x0002

DEBUG: 0.0.0.0:500 (Responder) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [-1] / 0x00000000 } IP; Decode SA: da[5], type = 4, value[2] = 0x0001

DEBUG: 0.0.0.0:500 (Responder) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [-1] / 0x00000000 } IP; Decode VID: data[8] = 0x8db7a418 11221660

DEBUG: 0.0.0.0:500 (Responder) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [-1] / 0x00000000 } IP; Decode VID: data[8] = 0xda8e9378 80010000

DEBUG: 0.0.0.0:500 (Responder) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [-1] / 0x00000000 } IP; Version = 1.0, Input packet fields = 0401 SA VID

: Received vendor id `8d b7 a4 18 11 22 16 60' from No Id (server 208.206.10.7:500)
: Received vendor id `da 8e 93 78 80 01 00 00' from No Id (server 208.206.10.7:500)
DEBUG: 0.0.0.0:500 (Responder) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [-1] / 0x00000000 } IP; Life duration 86400 secs

DEBUG: 0.0.0.0:500 (Responder) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [-1] / 0x00000000 } IP; Encryption alg = 1 (des-cbc)

DEBUG: 0.0.0.0:500 (Responder) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [-1] / 0x00000000 } IP; Auth method = 1 (Pre-Shared-Key)

DEBUG: 0.0.0.0:500 (Responder) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [-1] / 0x00000000 } IP; Hash alg = 2 (sha1)

DEBUG: 0.0.0.0:500 (Responder) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [-1] / 0x00000000 } IP; Group = 1, ad5a00

: Phase-1 [responder] between unknown(any:0,[0..0]=) and ipv4(any:0,[0..3]=208.206.10.7) failed; No proposal chosen.
DEBUG: 0.0.0.0:500 (Responder) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [-1] / 0x00000000 } IP; Error = No proposal chosen (14)

DEBUG: 0.0.0.0:500 (Initiator) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [0] / 0x0091acf7 } Info; Sending negotiation back, error = 14

DEBUG: 0.0.0.0:500 (Initiator) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [0] / 0x0091acf7 } Info; Encode packet, version = 1.0, flags = 0x00000000

DEBUG: 0.0.0.0:500 (Initiator) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [0] / 0x0091acf7 } Info; Encode N: doi = 1, proto = 1, type = 14, spi[16] = 0x02a5ee0c 09f11eb6 9c75e563 d6000016

DEBUG: 0.0.0.0:500 (Initiator) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [0] / 0x0091acf7 } Info; Encode N: data[46] = 0x800c0001 00060022 436f756c 64206e6f 74206669 6e642061 63636570 7461626c 65207072 6f706f73 616c8008 0000

DEBUG: 0.0.0.0:500 (Initiator) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [0] / 0x0091acf7 } Info; Encoded packet[102] = 0x02a5ee0c 09f11eb6 9c75e563 d6000016 0b100500 0091acf7 00000066 0000004a 00000001 0110000e 02a5ee0c 09f11eb6 9c75e563 d6000016 800c0001 00060022 436f756c 64206e6f 74206669 6e642061 63636570 7461626c 65207072 6f706f73 616c8008 0000

DEBUG: 0.0.0.0:500 (Initiator) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [0] / 0x0091acf7 } Info; Sending packet[102] = 0x02a5ee0c 09f11eb6 9c75e563 d6000016 0b100500 0091acf7 00000066 0000004a 00000001 0110000e 02a5ee0c 09f11eb6 9c75e563 d6000016 800c0001 00060022 436f756c 64206e6f 74206669 6e642061 63636570 7461626c 65207072 6f706f73 616c8008 0000

DEBUG: 0.0.0.0:500 (Initiator) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [0] / 0x0091acf7 } Info; Deleting negotiation

DEBUG: 0.0.0.0:500 (Responder) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [-1] / 0x00000000 } IP; Packet to old negotiation

DEBUG: 0.0.0.0:500 (Responder) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [-1] / 0x00000000 } IP; Sending packet[102] = 0x02a5ee0c 09f11eb6 9c75e563 d6000016 0b100500 0091acf7 00000066 0000004a 00000001 0110000e 02a5ee0c 09f11eb6 9c75e563 d6000016 800c0001 00060022 436f756c 64206e6f 74206669 6e642061 63636570 7461626c 65207072 6f706f73 616c8008 0000

DEBUG: 0.0.0.0:500 (Responder) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [-1] / 0x00000000 } IP; Packet to old negotiation

DEBUG: 0.0.0.0:500 (Responder) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [-1] / 0x00000000 } IP; Removing negotiation

DEBUG: 0.0.0.0:500 (Responder) <-> 208.206.10.7:500 { 02a5ee0c 09f11eb6 - 9c75e563 d6000016 [-1] / 0x00000000 } IP; Deleting negotiation

Meenakshi Vohra
Software Engineer
<<...OLE_Obj...>>
Fremont , CA 94538
Tel. (510) 687 3177
<http://www.ipolicynet.com/>

Prev by Date: RE2: Do ipsec vendors care about privacy?
Next by Date: Re: IKEv2: prepending four octets
Prev by thread: IKEv2 -02 draft available again
Next by thread: Newbie ESP Question
Index(es):
- Date
- Thread