PfSense to Server 2003 IPSEC - need help with comparing settings, phase 2 fails
-
I have a pfSense running the 2.0.1 Release and I'm trying to connect to Windows Server 2003 over IPSEC. The hookup is as follows:
HQ Lan < - > SBS 2003 LAN Port/SBS 2003 WAN Port <-> INTERNET <-> pfSense <-> Remote Office Lan
Phase 1 seems to do fine, but Phase 2 fails with the following errors, apparently complaining about the network filters. First, the pfSense log:
Apr 18 13:32:49 racoon: [Unknown Gateway/Dynamic]: DEBUG: send packet from 67.79.186.51[500] Apr 18 13:32:49 racoon: [Unknown Gateway/Dynamic]: DEBUG: send packet to 71.43.80.234[500] Apr 18 13:32:49 racoon: [Unknown Gateway/Dynamic]: DEBUG: 1 times of 292 bytes message will be sent to 71.43.80.234[500] Apr 18 13:32:49 racoon: DEBUG: 82329ae6 f037d3ca 7163d1fc 81fd731b 08102001 ccfd0f61 00000124 596d1fb4 006171de a27c9c3c 1527800c 9bf3596d fa36376e 566fb2d1 605298a7 c1d3a681 64fbd7d7 aba7574d f3d2e20e f0da4f3b e976d1b1 e1a83a16 8d7fd9d8 1e4836e5 44646343 5ecca00a 405d40e0 8e856c2c a3e10f85 58ff22a2 9f97a4ef 10e3a737 a9c087ae 2d3a0a3c 18f0396c c7709411 84be0817 63b160b5 6dd216ce 791c9cbd 2415ce2b d710175e bfdf0a60 35b36102 1b9453fa ec7db44f 3a1883ad cdee08f2 4af2891a c3f5143b 7d584f72 3f7325f7 029fd5db 41f7f567 d99ec305 1b7d6087 0f1b6f4d faa476ca 1c38cd99 f24dbd5f 3a14b9cf 7de98076 798ec3af 305b0dc7 d8d5ad27 94bea676 70548791 8a476eeb 8867c616 3bb8ae1e 390be437 78ed291f f0e000d1 Apr 18 13:32:49 racoon: DEBUG: resend phase2 packet 82329ae6f037d3ca:7163d1fc81fd731b:0000ccfd Apr 18 13:32:49 racoon: DEBUG: === Apr 18 13:32:49 racoon: [Unknown Gateway/Dynamic]: DEBUG: 68 bytes message received from 71.43.80.234[500] to 67.79.186.51[500] Apr 18 13:32:49 racoon: DEBUG: 82329ae6 f037d3ca 7163d1fc 81fd731b 08100501 3415b33b 00000044 76590922 8abe0d8a d33d9fd3 7b39de21 1375ac2f 8a4b2839 9316b95e f106189e 50f20383 3005c0a9 Apr 18 13:32:49 racoon: DEBUG: receive Information. Apr 18 13:32:49 racoon: DEBUG: compute IV for phase2 Apr 18 13:32:49 racoon: DEBUG: phase1 last IV: Apr 18 13:32:49 racoon: DEBUG: 84564cc4 07f15a4d 3415b33b Apr 18 13:32:49 racoon: DEBUG: hash(sha1) Apr 18 13:32:49 racoon: DEBUG: encryption(3des) Apr 18 13:32:49 racoon: DEBUG: phase2 IV computed: Apr 18 13:32:49 racoon: DEBUG: 3d44c343 8b226ea0 Apr 18 13:32:49 racoon: DEBUG: begin decryption. Apr 18 13:32:49 racoon: DEBUG: encryption(3des) Apr 18 13:32:49 racoon: DEBUG: IV was saved for next processing: Apr 18 13:32:49 racoon: DEBUG: 50f20383 3005c0a9 Apr 18 13:32:49 racoon: DEBUG: encryption(3des) Apr 18 13:32:49 racoon: DEBUG: with key: Apr 18 13:32:49 racoon: DEBUG: f9cea0b6 3bc36248 a8dae37a 704454b8 6c8d1e9e df8cbfb3 Apr 18 13:32:49 racoon: DEBUG: decrypted payload by IV: Apr 18 13:32:49 racoon: DEBUG: 3d44c343 8b226ea0 Apr 18 13:32:49 racoon: DEBUG: decrypted payload, but not trimed. Apr 18 13:32:49 racoon: DEBUG: 0b000018 04d902b2 c4434dcd 0f8f8271 eb8d784b eab47efc 00000010 00000001 03040012 00000000 Apr 18 13:32:49 racoon: DEBUG: padding len=1 Apr 18 13:32:49 racoon: DEBUG: skip to trim padding. Apr 18 13:32:49 racoon: DEBUG: decrypted. Apr 18 13:32:49 racoon: DEBUG: 82329ae6 f037d3ca 7163d1fc 81fd731b 08100501 3415b33b 00000044 0b000018 04d902b2 c4434dcd 0f8f8271 eb8d784b eab47efc 00000010 00000001 03040012 00000000 Apr 18 13:32:49 racoon: DEBUG: IV freed Apr 18 13:32:49 racoon: DEBUG: HASH with: Apr 18 13:32:49 racoon: DEBUG: 3415b33b 00000010 00000001 03040012 00000000 Apr 18 13:32:49 racoon: DEBUG: hmac(hmac_sha1) Apr 18 13:32:49 racoon: DEBUG: HASH computed: Apr 18 13:32:49 racoon: DEBUG: 04d902b2 c4434dcd 0f8f8271 eb8d784b eab47efc Apr 18 13:32:49 racoon: DEBUG: hash validated. Apr 18 13:32:49 racoon: DEBUG: begin. Apr 18 13:32:49 racoon: DEBUG: seen nptype=8(hash) Apr 18 13:32:49 racoon: DEBUG: seen nptype=11(notify) Apr 18 13:32:49 racoon: DEBUG: succeed. Apr 18 13:32:49 racoon: [IPSec Tunnel Tampa to Orlando]: [71.43.80.234] ERROR: notification INVALID-ID-INFORMATION received in informational exchange. Apr 18 13:32:59 racoon: DEBUG: 292 bytes from 67.79.186.51[500] to 71.43.80.234[500] Apr 18 13:32:59 racoon: DEBUG: sockname 67.79.186.51[500] Apr 18 13:32:59 racoon: DEBUG: send packet from 67.79.186.51[500] Apr 18 13:32:59 racoon: DEBUG: send packet to 71.43.80.234[500] Apr 18 13:32:59 racoon: DEBUG: 1 times of 292 bytes message will be sent to 71.43.80.234[500] Apr 18 13:32:59 racoon: DEBUG: 82329ae6 f037d3ca 7163d1fc 81fd731b 08102001 ccfd0f61 00000124 596d1fb4 006171de a27c9c3c 1527800c 9bf3596d fa36376e 566fb2d1 605298a7 c1d3a681 64fbd7d7 aba7574d f3d2e20e f0da4f3b e976d1b1 e1a83a16 8d7fd9d8 1e4836e5 44646343 5ecca00a 405d40e0 8e856c2c a3e10f85 58ff22a2 9f97a4ef 10e3a737 a9c087ae 2d3a0a3c 18f0396c c7709411 84be0817 63b160b5 6dd216ce 791c9cbd 2415ce2b d710175e bfdf0a60 35b36102 1b9453fa ec7db44f 3a1883ad cdee08f2 4af2891a c3f5143b 7d584f72 3f7325f7 029fd5db 41f7f567 d99ec305 1b7d6087 0f1b6f4d faa476ca 1c38cd99 f24dbd5f 3a14b9cf 7de98076 798ec3af 305b0dc7 d8d5ad27 94bea676 70548791 8a476eeb 8867c616 3bb8ae1e 390be437 78ed291f f0e000d1 Apr 18 13:32:59 racoon: DEBUG: resend phase2 packet 82329ae6f037d3ca:7163d1fc81fd731b:0000ccfd
Now the Security Failure Audit from Windows Event Viewer, followed by the Oakely log:
Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 547 Date: 4/18/2012 Time: 1:32:49 PM User: NT AUTHORITY\NETWORK SERVICE Computer: SERVER Description: IKE security association negotiation failed. Mode: Data Protection Mode (Quick Mode) Filter: Source IP Address 192.168.15.0 Source IP Address Mask 255.255.255.0 Destination IP Address 192.168.100.0 Destination IP Address Mask 255.255.255.0 Protocol 0 Source Port 0 Destination Port 0 IKE Local Addr 71.43.80.234 IKE Peer Addr 67.79.186.51 IKE Source Port 500 IKE Destination Port 500 Peer Private Addr Peer Identity: Preshared key ID. Peer IP Address: 67.79.186.51 Failure Point: Me Failure Reason: No policy configured Extra Status: Processed third (ID) payload Responder. Delta Time 0 0x0 0x0 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
and OAKLEY LOG:
4-18: 13:31:19:985:1b3c Creating socket directly on MS base provider. Bypassing LSPs 4-18: 13:31:20:1:1b3c Creating socket directly on MS base provider. Bypassing LSPs 4-18: 13:31:20:1:1b3c Creating socket directly on MS base provider. Bypassing LSPs 4-18: 13:31:20:47:1b3c Initialization OK 4-18: 13:31:34:157:2058 4-18: 13:31:34:157:2058 Receive: (get) SA = 0x00000000 from 67.79.186.51.500 4-18: 13:31:34:157:2058 ISAKMP Header: (V1.0), len = 204 4-18: 13:31:34:173:2058 I-COOKIE 82329ae6f037d3ca 4-18: 13:31:34:173:2058 R-COOKIE 0000000000000000 4-18: 13:31:34:173:2058 exchange: Oakley Main Mode 4-18: 13:31:34:173:2058 flags: 0 4-18: 13:31:34:173:2058 next payload: SA 4-18: 13:31:34:173:2058 message ID: 00000000 4-18: 13:31:34:204:2058 Filter to match: Src 67.79.186.51 Dst 71.43.80.234 4-18: 13:31:34:204:2058 MM PolicyName: 1 4-18: 13:31:34:204:2058 MMPolicy dwFlags 2 SoftSAExpireTime 28800 4-18: 13:31:34:204:2058 MMOffer[0] LifetimeSec 28800 QMLimit 0 DHGroup 2 4-18: 13:31:34:204:2058 MMOffer[0] Encrypt: Triple DES CBC Hash: SHA 4-18: 13:31:34:204:2058 MMOffer[1] LifetimeSec 28800 QMLimit 0 DHGroup 2 4-18: 13:31:34:204:2058 MMOffer[1] Encrypt: Triple DES CBC Hash: MD5 4-18: 13:31:34:204:2058 MMOffer[2] LifetimeSec 28800 QMLimit 0 DHGroup 1 4-18: 13:31:34:204:2058 MMOffer[2] Encrypt: DES CBC Hash: SHA 4-18: 13:31:34:204:2058 MMOffer[3] LifetimeSec 28800 QMLimit 0 DHGroup 1 4-18: 13:31:34:204:2058 MMOffer[3] Encrypt: DES CBC Hash: MD5 4-18: 13:31:34:204:2058 Auth[0]:PresharedKey KeyLen 24 4-18: 13:31:34:235:2058 Auth[1]:RSA Sig C=US, S=Florida, L=Tampa, O=HBIF, E=admin@mycompany.com, CN=pfsense-tampa.hbif.local AuthFlags 0 4-18: 13:31:34:235:2058 Responding with new SA 6e52dc0 4-18: 13:31:34:235:2058 processing payload SA 4-18: 13:31:34:235:2058 Received Phase 1 Transform 1 4-18: 13:31:34:235:2058 Life type in Seconds 4-18: 13:31:34:235:2058 Life duration of 28800 4-18: 13:31:34:235:2058 Encryption Alg Triple DES CBC(5) 4-18: 13:31:34:235:2058 Auth Method Preshared Key(1) 4-18: 13:31:34:235:2058 Hash Alg SHA(2) 4-18: 13:31:34:235:2058 Oakley Group 2 4-18: 13:31:34:235:2058 Phase 1 SA accepted: transform=1 4-18: 13:31:34:235:2058 SA - Oakley proposal accepted 4-18: 13:31:34:235:2058 processing payload VENDOR ID 4-18: 13:31:34:235:2058 processing payload VENDOR ID 4-18: 13:31:34:235:2058 processing payload VENDOR ID 4-18: 13:31:34:235:2058 Received VendorId draft-ietf-ipsec-nat-t-ike-02 4-18: 13:31:34:235:2058 processing payload VENDOR ID 4-18: 13:31:34:235:2058 processing payload VENDOR ID 4-18: 13:31:34:235:2058 Received VendorId FRAGMENTATION 4-18: 13:31:34:235:2058 processing payload VENDOR ID 4-18: 13:31:34:235:2058 ClearFragList 4-18: 13:31:34:235:2058 constructing ISAKMP Header 4-18: 13:31:34:235:2058 constructing SA (ISAKMP) 4-18: 13:31:34:235:2058 Constructing Vendor MS NT5 ISAKMPOAKLEY 4-18: 13:31:34:235:2058 Constructing Vendor FRAGMENTATION 4-18: 13:31:34:235:2058 Constructing Vendor draft-ietf-ipsec-nat-t-ike-02 4-18: 13:31:34:266:2058 4-18: 13:31:34:266:2058 Sending: SA = 0x06E52DC0 to 67.79.186.51:Type 2.500 4-18: 13:31:34:266:2058 ISAKMP Header: (V1.0), len = 148 4-18: 13:31:34:266:2058 I-COOKIE 82329ae6f037d3ca 4-18: 13:31:34:266:2058 R-COOKIE 7163d1fc81fd731b 4-18: 13:31:34:266:2058 exchange: Oakley Main Mode 4-18: 13:31:34:266:2058 flags: 0 4-18: 13:31:34:266:2058 next payload: SA 4-18: 13:31:34:266:2058 message ID: 00000000 4-18: 13:31:34:266:2058 Ports S:f401 D:f401 4-18: 13:31:34:313:2058 4-18: 13:31:34:313:2058 Receive: (get) SA = 0x06e52dc0 from 67.79.186.51.500 4-18: 13:31:34:313:2058 ISAKMP Header: (V1.0), len = 228 4-18: 13:31:34:313:2058 I-COOKIE 82329ae6f037d3ca 4-18: 13:31:34:313:2058 R-COOKIE 7163d1fc81fd731b 4-18: 13:31:34:313:2058 exchange: Oakley Main Mode 4-18: 13:31:34:313:2058 flags: 0 4-18: 13:31:34:313:2058 next payload: KE 4-18: 13:31:34:313:2058 message ID: 00000000 4-18: 13:31:34:313:2058 processing payload KE 4-18: 13:31:34:344:2058 processing payload NONCE 4-18: 13:31:34:344:2058 processing payload NATDISC 4-18: 13:31:34:344:2058 Processing NatHash 4-18: 13:31:34:344:2058 Nat hash f2e1322a2831c2ff6dda6b22f664b156 4-18: 13:31:34:344:2058 8b6ed947 4-18: 13:31:34:344:2058 SA StateMask2 e 4-18: 13:31:34:344:2058 processing payload NATDISC 4-18: 13:31:34:344:2058 Processing NatHash 4-18: 13:31:34:344:2058 Nat hash 587e7342038f813c5edbe9bbfd448fce 4-18: 13:31:34:344:2058 8490f231 4-18: 13:31:34:344:2058 SA StateMask2 8e 4-18: 13:31:34:344:2058 ClearFragList 4-18: 13:31:34:344:2058 constructing ISAKMP Header 4-18: 13:31:34:344:2058 constructing KE 4-18: 13:31:34:344:2058 constructing NONCE (ISAKMP) 4-18: 13:31:34:344:2058 Constructing NatDisc 4-18: 13:31:34:344:2058 4-18: 13:31:34:344:2058 Sending: SA = 0x06E52DC0 to 67.79.186.51:Type 2.500 4-18: 13:31:34:344:2058 ISAKMP Header: (V1.0), len = 232 4-18: 13:31:34:344:2058 I-COOKIE 82329ae6f037d3ca 4-18: 13:31:34:344:2058 R-COOKIE 7163d1fc81fd731b 4-18: 13:31:34:344:2058 exchange: Oakley Main Mode 4-18: 13:31:34:344:2058 flags: 0 4-18: 13:31:34:344:2058 next payload: KE 4-18: 13:31:34:344:2058 message ID: 00000000 4-18: 13:31:34:344:2058 Ports S:f401 D:f401 4-18: 13:31:34:391:2058 4-18: 13:31:34:391:2058 Receive: (get) SA = 0x06e52dc0 from 67.79.186.51.500 4-18: 13:31:34:391:2058 ISAKMP Header: (V1.0), len = 68 4-18: 13:31:34:391:2058 I-COOKIE 82329ae6f037d3ca 4-18: 13:31:34:391:2058 R-COOKIE 7163d1fc81fd731b 4-18: 13:31:34:391:2058 exchange: Oakley Main Mode 4-18: 13:31:34:391:2058 flags: 1 ( encrypted ) 4-18: 13:31:34:391:2058 next payload: ID 4-18: 13:31:34:391:2058 message ID: 00000000 4-18: 13:31:34:391:2058 processing payload ID 4-18: 13:31:34:391:2058 processing payload HASH 4-18: 13:31:34:391:2058 AUTH: Phase I authentication accepted 4-18: 13:31:34:391:2058 ClearFragList 4-18: 13:31:34:391:2058 constructing ISAKMP Header 4-18: 13:31:34:391:2058 constructing ID 4-18: 13:31:34:391:2058 MM ID Type 1 4-18: 13:31:34:391:2058 MM ID 472b50ea 4-18: 13:31:34:391:2058 constructing HASH 4-18: 13:31:34:391:2058 MM established. SA: 06E52DC0 4-18: 13:31:34:391:2058 4-18: 13:31:34:391:2058 Sending: SA = 0x06E52DC0 to 67.79.186.51:Type 2.500 4-18: 13:31:34:391:2058 ISAKMP Header: (V1.0), len = 68 4-18: 13:31:34:391:2058 I-COOKIE 82329ae6f037d3ca 4-18: 13:31:34:391:2058 R-COOKIE 7163d1fc81fd731b 4-18: 13:31:34:391:2058 exchange: Oakley Main Mode 4-18: 13:31:34:391:2058 flags: 1 ( encrypted ) 4-18: 13:31:34:391:2058 next payload: ID 4-18: 13:31:34:391:2058 message ID: 00000000 4-18: 13:31:34:391:2058 Ports S:f401 D:f401 4-18: 13:31:35:48:2384 retransmit: sa = 06E52DC0 centry 00000000 , count = 1 4-18: 13:31:35:48:2384 4-18: 13:31:35:48:2384 Sending: SA = 0x06E52DC0 to 67.79.186.51:Type 2.500 4-18: 13:31:35:48:2384 ISAKMP Header: (V1.0), len = 68 4-18: 13:31:35:48:2384 I-COOKIE 82329ae6f037d3ca 4-18: 13:31:35:48:2384 R-COOKIE 7163d1fc81fd731b 4-18: 13:31:35:48:2384 exchange: Oakley Main Mode 4-18: 13:31:35:48:2384 flags: 1 ( encrypted ) 4-18: 13:31:35:48:2384 next payload: ID 4-18: 13:31:35:48:2384 message ID: 00000000 4-18: 13:31:35:48:2384 Ports S:f401 D:f401 4-18: 13:31:37:48:2384 retransmit: sa = 06E52DC0 centry 00000000 , count = 2 4-18: 13:31:37:48:2384 4-18: 13:31:37:48:2384 Sending: SA = 0x06E52DC0 to 67.79.186.51:Type 2.500 4-18: 13:31:37:48:2384 ISAKMP Header: (V1.0), len = 68 4-18: 13:31:37:48:2384 I-COOKIE 82329ae6f037d3ca 4-18: 13:31:37:48:2384 R-COOKIE 7163d1fc81fd731b 4-18: 13:31:37:48:2384 exchange: Oakley Main Mode 4-18: 13:31:37:48:2384 flags: 1 ( encrypted ) 4-18: 13:31:37:48:2384 next payload: ID 4-18: 13:31:37:48:2384 message ID: 00000000 4-18: 13:31:37:48:2384 Ports S:f401 D:f401 4-18: 13:31:41:48:2384 retransmit: sa = 06E52DC0 centry 00000000 , count = 3 4-18: 13:31:41:48:2384 4-18: 13:31:41:48:2384 Sending: SA = 0x06E52DC0 to 67.79.186.51:Type 2.500 4-18: 13:31:41:48:2384 ISAKMP Header: (V1.0), len = 68 4-18: 13:31:41:48:2384 I-COOKIE 82329ae6f037d3ca 4-18: 13:31:41:48:2384 R-COOKIE 7163d1fc81fd731b 4-18: 13:31:41:48:2384 exchange: Oakley Main Mode 4-18: 13:31:41:48:2384 flags: 1 ( encrypted ) 4-18: 13:31:41:48:2384 next payload: ID 4-18: 13:31:41:48:2384 message ID: 00000000 4-18: 13:31:41:48:2384 Ports S:f401 D:f401 4-18: 13:31:49:48:2384 retransmit: sa = 06E52DC0 centry 00000000 , count = 4 4-18: 13:31:49:48:2384 4-18: 13:31:49:48:2384 Sending: SA = 0x06E52DC0 to 67.79.186.51:Type 2.500 4-18: 13:31:49:48:2384 ISAKMP Header: (V1.0), len = 68 4-18: 13:31:49:48:2384 I-COOKIE 82329ae6f037d3ca 4-18: 13:31:49:48:2384 R-COOKIE 7163d1fc81fd731b 4-18: 13:31:49:48:2384 exchange: Oakley Main Mode 4-18: 13:31:49:48:2384 flags: 1 ( encrypted ) 4-18: 13:31:49:48:2384 next payload: ID 4-18: 13:31:49:48:2384 message ID: 00000000 4-18: 13:31:49:48:2384 Ports S:f401 D:f401 4-18: 13:31:59:173:2058 4-18: 13:31:59:173:2058 Receive: (get) SA = 0x06e52dc0 from 67.79.186.51.500 4-18: 13:31:59:173:2058 ISAKMP Header: (V1.0), len = 292 4-18: 13:31:59:173:2058 I-COOKIE 82329ae6f037d3ca 4-18: 13:31:59:173:2058 R-COOKIE 7163d1fc81fd731b 4-18: 13:31:59:173:2058 exchange: Oakley Quick Mode 4-18: 13:31:59:173:2058 flags: 1 ( encrypted ) 4-18: 13:31:59:173:2058 next payload: HASH 4-18: 13:31:59:173:2058 message ID: f9bc67cb 4-18: 13:31:59:173:2058 processing HASH (QM) 4-18: 13:31:59:173:2058 ClearFragList 4-18: 13:31:59:173:2058 processing payload NONCE 4-18: 13:31:59:173:2058 processing payload KE 4-18: 13:31:59:173:2058 Quick Mode KE processed; Saved KE data 4-18: 13:31:59:173:2058 processing payload ID 4-18: 13:31:59:173:2058 processing payload ID 4-18: 13:31:59:173:2058 processing payload SA 4-18: 13:31:59:173:2058 Negotiated Proxy ID: Src 192.168.100.0.0 Dst 192.168.15.0.0 4-18: 13:31:59:173:2058 Src id for subnet. Mask 255.255.255.0 4-18: 13:31:59:173:2058 Dst id for subnet. Mask 255.255.255.0 4-18: 13:31:59:173:2058 Checking Proposal 1: Proto= ESP(3), num trans=1 Next=0 4-18: 13:31:59:173:2058 Checking Transform # 1: ID=Triple DES CBC(3) 4-18: 13:31:59:173:2058 SA life type in seconds 4-18: 13:31:59:173:2058 SA life duration 3600 4-18: 13:31:59:173:2058 tunnel mode is Tunnel Mode(1) 4-18: 13:31:59:173:2058 HMAC algorithm is SHA(2) 4-18: 13:31:59:173:2058 group description for PFS is 2 4-18: 13:31:59:173:2058 Finding Responder Policy for SRC=192.168.100.0.0000 DST=192.168.15.0.0000, SRCMask=255.255.255.0, DSTMask=255.255.255.0, Prot=0 InTunnelEndpt ea502b47 OutTunnelEndpt 33ba4f43 4-18: 13:31:59:173:2058 Found permit/block filter 1 4-18: 13:31:59:173:2058 Responder failed to match filter(Phase II) 87 4-18: 13:31:59:173:2058 Data Protection Mode (Quick Mode) 4-18: 13:31:59:173:2058 Source IP Address 192.168.15.0 Source IP Address Mask 255.255.255.0 Destination IP Address 192.168.100.0 Destination IP Address Mask 255.255.255.0 Protocol 0 Source Port 0 Destination Port 0 IKE Local Addr 71.43.80.234 IKE Peer Addr 67.79.186.51 IKE Source Port 500 IKE Destination Port 500 Peer Private Addr 4-18: 13:31:59:173:2058 Preshared key ID. Peer IP Address: 67.79.186.51 4-18: 13:31:59:173:2058 Me 4-18: 13:31:59:173:2058 No policy configured 4-18: 13:31:59:173:2058 Processed third (ID) payload Responder. Delta Time 0 0x0 0x0 4-18: 13:31:59:173:2058 isadb_set_status sa:06E52DC0 centry:092967C8 status 3601 4-18: 13:31:59:173:2058 ProcessFailure: sa:06E52DC0 centry:092967C8 status:3601 4-18: 13:31:59:173:2058 constructing ISAKMP Header 4-18: 13:31:59:173:2058 constructing HASH (null) 4-18: 13:31:59:173:2058 constructing NOTIFY 18 4-18: 13:31:59:173:2058 constructing HASH (Notify/Delete) 4-18: 13:31:59:173:2058 4-18: 13:31:59:173:2058 Sending: SA = 0x06E52DC0 to 67.79.186.51:Type 1.500 4-18: 13:31:59:173:2058 ISAKMP Header: (V1.0), len = 68 4-18: 13:31:59:173:2058 I-COOKIE 82329ae6f037d3ca 4-18: 13:31:59:173:2058 R-COOKIE 7163d1fc81fd731b 4-18: 13:31:59:173:2058 exchange: ISAKMP Informational Exchange 4-18: 13:31:59:173:2058 flags: 1 ( encrypted ) 4-18: 13:31:59:173:2058 next payload: HASH 4-18: 13:31:59:173:2058 message ID: 52993b3b 4-18: 13:31:59:173:2058 Ports S:f401 D:f401 4-18: 13:32:09:220:2058 4-18: 13:32:09:220:2058 Receive: (get) SA = 0x06e52dc0 from 67.79.186.51.500 4-18: 13:32:09:220:2058 ISAKMP Header: (V1.0), len = 292 4-18: 13:32:09:220:2058 I-COOKIE 82329ae6f037d3ca 4-18: 13:32:09:220:2058 R-COOKIE 7163d1fc81fd731b 4-18: 13:32:09:220:2058 exchange: Oakley Quick Mode 4-18: 13:32:09:220:2058 flags: 1 ( encrypted ) 4-18: 13:32:09:220:2058 next payload: HASH 4-18: 13:32:09:220:2058 message ID: f9bc67cb 4-18: 13:32:09:220:2058 Dropping Centry processing because SA status set. SA 06E52DC0 Centry 092967C8 Status 3601 4-18: 13:32:19:267:2058 4-18: 13:32:19:267:2058 Receive: (get) SA = 0x06e52dc0 from 67.79.186.51.500 4-18: 13:32:19:267:2058 ISAKMP Header: (V1.0), len = 292 4-18: 13:32:19:267:2058 I-COOKIE 82329ae6f037d3ca 4-18: 13:32:19:267:2058 R-COOKIE 7163d1fc81fd731b 4-18: 13:32:19:267:2058 exchange: Oakley Quick Mode 4-18: 13:32:19:267:2058 flags: 1 ( encrypted ) 4-18: 13:32:19:267:2058 next payload: HASH 4-18: 13:32:19:267:2058 message ID: f9bc67cb 4-18: 13:32:19:267:2058 Dropping Centry processing because SA status set. SA 06E52DC0 Centry 092967C8 Status 3601 4-18: 13:32:49:173:2058 4-18: 13:32:49:173:2058 Receive: (get) SA = 0x06e52dc0 from 67.79.186.51.500 4-18: 13:32:49:173:2058 ISAKMP Header: (V1.0), len = 292 4-18: 13:32:49:173:2058 I-COOKIE 82329ae6f037d3ca 4-18: 13:32:49:173:2058 R-COOKIE 7163d1fc81fd731b 4-18: 13:32:49:173:2058 exchange: Oakley Quick Mode 4-18: 13:32:49:173:2058 flags: 1 ( encrypted ) 4-18: 13:32:49:173:2058 next payload: HASH 4-18: 13:32:49:173:2058 message ID: ccfd0f61 4-18: 13:32:49:173:2058 processing HASH (QM) 4-18: 13:32:49:173:2058 ClearFragList 4-18: 13:32:49:173:2058 processing payload NONCE 4-18: 13:32:49:173:2058 processing payload KE 4-18: 13:32:49:173:2058 Quick Mode KE processed; Saved KE data 4-18: 13:32:49:173:2058 processing payload ID 4-18: 13:32:49:173:2058 processing payload ID 4-18: 13:32:49:173:2058 processing payload SA 4-18: 13:32:49:173:2058 Negotiated Proxy ID: Src 192.168.100.0.0 Dst 192.168.15.0.0 4-18: 13:32:49:173:2058 Src id for subnet. Mask 255.255.255.0 4-18: 13:32:49:173:2058 Dst id for subnet. Mask 255.255.255.0 4-18: 13:32:49:173:2058 Checking Proposal 1: Proto= ESP(3), num trans=1 Next=0 4-18: 13:32:49:173:2058 Checking Transform # 1: ID=Triple DES CBC(3) 4-18: 13:32:49:173:2058 SA life type in seconds 4-18: 13:32:49:173:2058 SA life duration 3600 4-18: 13:32:49:173:2058 tunnel mode is Tunnel Mode(1) 4-18: 13:32:49:173:2058 HMAC algorithm is SHA(2) 4-18: 13:32:49:173:2058 group description for PFS is 2 4-18: 13:32:49:173:2058 Finding Responder Policy for SRC=192.168.100.0.0000 DST=192.168.15.0.0000, SRCMask=255.255.255.0, DSTMask=255.255.255.0, Prot=0 InTunnelEndpt ea502b47 OutTunnelEndpt 33ba4f43 4-18: 13:32:49:173:2058 Found permit/block filter 1 4-18: 13:32:49:173:2058 Responder failed to match filter(Phase II) 87 4-18: 13:32:49:173:2058 Data Protection Mode (Quick Mode) 4-18: 13:32:49:173:2058 Source IP Address 192.168.15.0 Source IP Address Mask 255.255.255.0 Destination IP Address 192.168.100.0 Destination IP Address Mask 255.255.255.0 Protocol 0 Source Port 0 Destination Port 0 IKE Local Addr 71.43.80.234 IKE Peer Addr 67.79.186.51 IKE Source Port 500 IKE Destination Port 500 Peer Private Addr 4-18: 13:32:49:173:2058 Preshared key ID. Peer IP Address: 67.79.186.51 4-18: 13:32:49:173:2058 Me 4-18: 13:32:49:173:2058 No policy configured 4-18: 13:32:49:173:2058 Processed third (ID) payload Responder. Delta Time 0 0x0 0x0 4-18: 13:32:49:173:2058 isadb_set_status sa:06E52DC0 centry:092E9780 status 3601 4-18: 13:32:49:173:2058 ProcessFailure: sa:06E52DC0 centry:092E9780 status:3601 4-18: 13:32:49:173:2058 constructing ISAKMP Header 4-18: 13:32:49:173:2058 constructing HASH (null) 4-18: 13:32:49:173:2058 constructing NOTIFY 18 4-18: 13:32:49:173:2058 constructing HASH (Notify/Delete) 4-18: 13:32:49:173:2058 4-18: 13:32:49:173:2058 Sending: SA = 0x06E52DC0 to 67.79.186.51:Type 1.500 4-18: 13:32:49:173:2058 ISAKMP Header: (V1.0), len = 68 4-18: 13:32:49:173:2058 I-COOKIE 82329ae6f037d3ca 4-18: 13:32:49:173:2058 R-COOKIE 7163d1fc81fd731b 4-18: 13:32:49:173:2058 exchange: ISAKMP Informational Exchange 4-18: 13:32:49:173:2058 flags: 1 ( encrypted ) 4-18: 13:32:49:173:2058 next payload: HASH 4-18: 13:32:49:173:2058 message ID: 3415b33b 4-18: 13:32:49:173:2058 Ports S:f401 D:f401 4-18: 13:32:59:204:2058 4-18: 13:32:59:204:2058 Receive: (get) SA = 0x06e52dc0 from 67.79.186.51.500 4-18: 13:32:59:204:2058 ISAKMP Header: (V1.0), len = 292 4-18: 13:32:59:204:2058 I-COOKIE 82329ae6f037d3ca 4-18: 13:32:59:204:2058 R-COOKIE 7163d1fc81fd731b 4-18: 13:32:59:204:2058 exchange: Oakley Quick Mode 4-18: 13:32:59:204:2058 flags: 1 ( encrypted ) 4-18: 13:32:59:204:2058 next payload: HASH 4-18: 13:32:59:204:2058 message ID: ccfd0f61 4-18: 13:32:59:204:2058 Dropping Centry processing because SA status set. SA 06E52DC0 Centry 092E9780 Status 3601 4-18: 13:33:09:251:2058 4-18: 13:33:09:251:2058 Receive: (get) SA = 0x06e52dc0 from 67.79.186.51.500 4-18: 13:33:09:251:2058 ISAKMP Header: (V1.0), len = 292 4-18: 13:33:09:251:2058 I-COOKIE 82329ae6f037d3ca 4-18: 13:33:09:251:2058 R-COOKIE 7163d1fc81fd731b 4-18: 13:33:09:251:2058 exchange: Oakley Quick Mode 4-18: 13:33:09:251:2058 flags: 1 ( encrypted ) 4-18: 13:33:09:251:2058 next payload: HASH 4-18: 13:33:09:251:2058 message ID: ccfd0f61 4-18: 13:33:09:251:2058 Dropping Centry processing because SA status set. SA 06E52DC0 Centry 092E9780 Status 3601
I can provide any other information needed. Has anyone else gotten this working specifically with release 2.0.1?