IKEv2:(SA ID = 1):Building packet for encryption. IKEv2:(SA ID = 1):Sending authentication failure notify IKEv2:(SA ID = 1):Verification of peer's authentication data FAILED IKEv2:(SA ID = 1): Retrieved trustpoint(s): IKEv2:(SA ID = 1): Retrieving trustpoint(s) from received certificate hash(es) IKEv2:Found matching IKEv2 profile 'IKEV2-PROFILE' IKEv2:Optional profile description not updated in PSH IKEv2:(SA ID = 1):Searching policy based on peer's identity '23.1.1.3' of type 'IPv4 address' IKEv2:(SA ID = 1):Stopping timer to wait for auth message VID IDi CERT CERTREQ NOTIFY(HTTP_CERT_LOOKUP_SUPPORTED) AUTH CFG SA TSi TSr NOTIFY(INITIAL_CONTACT) NOTIFY(SET_WINDOW_SIZE) NOTIFY(ESP_TFC_NO_SUPPORT) NOTIFY(NON_FIRST_FRAGS) Initiator SPI : DBF41D1284C9F9E6 - Responder SPI : 0662F8E8716EECFD Message id: 1 IKEv2:(SA ID = 1):Starting timer (30 sec) to wait for auth message IKEv2:(SA ID = 1):Completed SA init exchange SA KE N VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP) CERTREQ NOTIFY(HTTP_CERT_LOOKUP_SUPPORTED) Initiator SPI : DBF41D1284C9F9E6 - Responder SPI : 0662F8E8716EECFD Message id: 0
IKEv2:(SA ID = 1):IKE Proposal: 1, SPI size: 0 (initial negotiation),ĪES-CBC SHA512 SHA512 DH_GROUP_1536_MODP/Group 5 IKEv2:(SA ID = 1):Generating IKE_SA_INIT message IKEv2:IKEv2 responder - no config data to send in IKE_SA_INIT exch IKEv2:(SA ID = 1): SKEYSEED calculation and creation of rekeyed IKEv2 SA PASSED IKEv2:(SA ID = 1): Calculate SKEYSEED and create rekeyed IKEv2 SA IKEv2:(SA ID = 1):Request queued for computation of DH secret IKEv2:(SA ID = 1): Computing DH secret key, DH Group 5 IKEv2:(SA ID = 1):Request queued for computation of DH key IKEv2:(SA ID = 1): DH key Computation PASSED IKEv2:(SA ID = 1): Computing DH public key, DH Group 5 IKEv2:(SA ID = 1): Starting of PKI Session PASSED IKEv2:(SA ID = 1): Getting of Public Key Hashes of trustpoints PASSED IKEv2:(SA ID = 1): Get Public Key Hashes of trustpoints IKEv2:(SA ID = 1): Retrieved trustpoint(s): 'Trustpool4' 'Trustpool3' 'Trustpool2' 'Trustpool1' 'Trustpool' 'CA-SERVER'
IKEv2:(SA ID = 1): Retrieve configured trustpoint(s) IKEv2:(SA ID = 1):Processing IKE_SA_INIT message IKEv2:Searching Policy with fvrf 0, local address 12.1.1.1
SA KE N VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP) Match identity remote address 12.1.1.1 255.255.255.255Ĭrypto ikev2 client flexvpn FLEXVPN-CLIENT Tunnel protection ipsec profile IPSEC-PROFILE Match identity remote address 23.1.1.3 255.255.255.255Īaa authorization group cert list CERTGROUP MANGLERĬrypto ipsec transform-set TS esp-aes 256 esp-sha512-hmac R3 successfully got the certificate from R1.Ĭrypto ikev2 authorization policy default But when I change it to certificate auth, facing issue. With preshared key everything is working fine. R1 is my CA server and R3 is flexvpn client.
0 kommentar(er)
